DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The 6/2/2025 IDS document has been considered by the examiner.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 7/8/2025 has been entered.
Response to Amendment / Arguments
Regarding claims rejected under 35 USC 103:
Applicant’s arguments, in view of the amended claim language, have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Sibillo (US 2016/0171238 A1) as below.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-3, 5, 8-10, 12, 15-16, 18, and 21-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sibillo (US 2016/0171238 A1) in view of Ivanchykhin (US 9,185,094 B2) and Lu (US 2006/0200415 A1).
Regarding claim 1, Sibillo discloses: A method of processing a secure cloud (e.g., FIG. 3 of Sibillo) workload (digital content in Sibillo—e.g., [0063] stating that the digital content may be any piece of digital information) at an edge device of a plurality of edge devices (recipient mobile device in Sibillo), the secure cloud workload having a workload identifier uniquely identifying the secure cloud workload (unique file identifier in Sibillo), the secure cloud workload being received from a workload provisioning service including one or more workload provisioning servers (e.g., FIG. 3 in Sibillo concerning the sender mobile device and servers), the method comprising:
[determining and retrieving] a device identifier uniquely identifying the edge device to the one or more workload provisioning servers among the plurality of edge devices;
Refer to at least [0066] of Sibillo with respect to determining and retrieving the device identifier of the target recipient. As per at least [0049] of Sibillo, the device identifier may be a unique identification number such as a MAC address.
receiving, by the edge device, a packaged secure cloud workload from the one or more workload provisioning servers, wherein the packaged secure cloud workload is encrypted by the one or more workload provisioning servers using a unique packaging key generated by the one or more workload provisioning servers based on the device identifier, the workload identifier, [other information] and;
Refer to at least [0055], [0058], and [0060]-[0063] of Sibillo with respect to encrypting the digital content using a key generated using the recipient’s device ID (e.g., MAC address), the unique file identifier, and other data (e.g., location information).
Refer to at least [0071] of Sibillo with respect to the recipient mobile device downloading the encrypted content.
cryptographically generating, by the edge device, the unique packaging key using the device identifier, the workload identifier, and [other information]; and
Refer to at least [0021], [0072], and [0075] of Sibillo with respect to the recipient mobile device regenerating the key using location information and stored identifier information.
decrypting, by the edge device, the packaged secure cloud workload using a decryption key for the packaged secure cloud workload, wherein the generated unique packaging key cryptographically generated by the edge device is the decryption key for the packaged secure cloud workload, wherein decrypting the packaged secure cloud workload includes applying a decryption operation with the generated unique packaging key to the packaged secure cloud workload.
Refer to at least the abstract, [0018], [0021]-[0022], [0048], and [0075] of Sibillo with respect to the recipient mobile device obtaining the key using the location and identifier information, then decrypting the received encrypted digital content.
Sibillo does not specify: determining and retrieving a device identifier further comprising providing, by the edge device, a device identifier; the other information further comprising a nonce. However, Sibillo in view of Ivanchykhin discloses: determining and retrieving a device identifier further comprising providing, by the edge device, a device identifier;
Refer to at least Col. 5, Ll. 41-Col. 6, Ll. 29 of Ivanchykhin with respect to a requesting recipient device sending a request with its local device ID and a content ID for requesting digital content. A symmetric key is then generated for encrypting the digital content (e.g., Col. 7, Ll. 13-19 of Ivanchykhin).
The teachings of Sibillo and Ivanchykhin both concern providing encrypted digital content to authorized devices, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Sibillo to further implement the recipient device providing its device information because all of the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods with no change in their respective functions, and the combination would have yielded predictable results to one of ordinary skill in the art at the time (i.e., Sibillo discusses retrieving recipient device identification information and recipient devices requesting digital content; Ivanchykhin discusses how recipient device identification may be provided during requests such that it can be retrieved during content provision; device identification information may be retrieved from recipient device requests containing the device identification information).
Sibillo-Ivanchykhin discusses using a nonce to prevent replay attacks (e.g., the abstract, FIG. 5A, and Col. 8, Ll. 56-60 of Ivanchykhin), but does not specify: the other information further comprising a nonce. However, Sibillo-Ivanchykhin in view of Lu discloses: the other information further comprising a nonce.
Refer to at least [0043] and [0048]-[0049] of Lu with respect to a transaction key used in generating a symmetric key for encrypting an decrypting digital content.
The teachings of Lu likewise concern providing encrypted digital content to authorized devices, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Sibillo-Ivanchykhin to further include a nonce as a key part for at least the purpose of improving security by reducing the effectiveness of replay attacks.
Regarding claim 2, Sibillo-Ivanchykhin-Lu discloses: The method of claim 1, further comprising: receiving the nonce from the workload provisioning service.
Refer to at least [0045] and [0048] of Lu with respect to the transaction key being generated at the servers in FIG. 2, [0027], and [0029] of Lu.
This claim would have been obvious for substantially the same reasons as claim 1 above.
Regarding claim 3, it is rejected for substantially the same reasons as claim 2 above (i.e., the citations and obviousness rationale).
Regarding claim 5, Sibillo-Ivanchykhin-Lu discloses: The method of claim 1, further comprising: executing the secure cloud workload at the edge device.
Refer to at least FIG. 5-8 and [0021], [0028], and [0055] with respect to decrypting and executing digital content.
Regarding independent claim 8, it is substantially similar to independent claim 1 above, and is therefore likewise rejected.
Regarding claims 9-10 and 12-13, they are substantially similar to claims 2-3 and 5-6 above, and are therefore likewise rejected.
Regarding independent claim 15, it is substantially similar to independent claim 1 above, and is therefore likewise rejected.
Regarding claims 16 and 18-19, they are substantially similar to claims 2 and 5-6 above, and are therefore likewise rejected.
Regarding claim 21, Sibillo-Ivanchykhin-Lu discloses: The method of claim 1, wherein the packaged secure cloud workload being encrypted by the one or more workload provisioning servers using the unique packaging key generated by the one or more workload provisioning servers based on the device identifier, the workload identifier, and the nonce uniquely binds the secure cloud workload to the edge device among the plurality of edge devices.
Refer to at least [0055] of Sibillo, which states that the generated key “will preferably allow only the sender or the intended recipient to receive, decrypt, and/or view the digital content.”
Regarding claim 22, it is rejected for substantially the same reasons as claim 1 above (i.e., citations concerning the key being generated).
Regarding claims 23-24, they are rejected for substantially the same reasons as claim 1 above (i.e., the citations concerning generating the key and generating the key after receiving the encrypted digital content).
Regarding claim 25, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations to Ivanchykhin and the corresponding obviousness rationale).
Claim(s) 4, 11, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sibillo-Ivanchykhin-Lu as applied to claims 1-3, 5, 8-10, 12, 15-16, 18, and 21-25 above, and further in view of Lim (US 2018/0048464 A1).
Regarding claim 4, Sibillo-Ivanchykhin-Lu does not specify: wherein the nonce is received by the edge device separately from the packaged secure cloud workload. However, Sibillo-Ivanchykhin-Lu in view of Lim discloses: wherein the nonce is received by the edge device separately from the packaged secure cloud workload.
Refer to at least FIG. 4, [0091], [0102], and [0433] of Lim with respect to storing certain key creation factors within an encrypted package, while requesting certain other key creation factors from the server side.
The teachings of Lu- Park and Lim both concern secure content provision and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Lu to further implement separate provision of the transaction identifier / key because the substitution of one known element for another (transmitting necessary information together or separately) would have yielded predictable results to one of ordinary skill in the art at the time (the information is received either way).
Regarding claims 11 and 17, they are substantially similar to claim 4 above, and are therefore likewise rejected.
Claim(s) 6, 13, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sibillo-Ivanchykhin-Lu as applied to claims 1-3, 5, 8-10, 12, 15-16, 18, and 21-25 above, and further in view of Park (US 2018/0198618 A1).
Regarding claim 6, Sibillo-Ivanchykhin-Lu does not specify: wherein the secure cloud workload is executed in a trusted execution environment. However, Sibillo-Ivanchykhin-Lu in view of park discloses: wherein the secure cloud workload is executed in a trusted execution environment.
Refer to at least FIG. 7-8 and FIG. 9 of Park with respect to a secure execution environment for work files.
The teachings of Park likewise concern secure content provision and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant's invention to modify the teachings of Sibillo-Ivanchykhin-Lu to further include the secure execution environment of Park for at least the purpose of improving security by preventing leakage and loss of sensitive data (e.g., [0007] of Park).
Regarding claims 13 and 19, they are substantially similar to claim 6 above, and are therefore likewise rejected.
Claim(s) 7, 14, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sibillo-Ivanchykhin-Lu as applied to claims 1-3, 5, 8-10, 12, 15-16, 18, and 21-25 above, and further in view of Bower (US 2018/0048470 A1).
Regarding claim 7, Sibillo-Ivanchykhin-Lu does not specify: wherein the generated unique packaging key is stored in a trusted platform module and the secure cloud workload is executed outside of the trusted platform module. However, Sibillo-Ivanchykhin-Lu in view of Bower discloses: wherein the generated unique packaging key is stored in a trusted platform module and the secure cloud workload is executed outside of the trusted platform module.
Refer to at least [0033] of Bower with respect to using a TPM for secure key storage.
The teachings of Bower concern security for cloud workloads, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Sibillo-Ivanchykhin-Lu to further implement a trusted platform module to store keys for at least the purpose of increasing security (i.e., safer key storage).
Regarding claims 14 and 20, they are substantially similar to claim 7 above, and are therefore likewise rejected.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/V.S/Examiner, Art Unit 2432
/SYED A ZAIDI/Primary Examiner, Art Unit 2432