Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 10/29/2025 has been entered.
Claims 1-4 are under examination.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over Hayton et al. (US 2018/0198604 A1), Jackson et al. (US 2018/0288060 A1) and Humphries et al. (US 2017/0302635 A1).
Regarding claim 1, Hayton et al. discloses A method of restricting data access based on properties of at least one of a process and a machine executing the process [par. 0028, “determining whether an electronic device is allowed to access a service, based on event attestations embedded in the device to attest to the occurrence of corresponding events during the lifecycle of the device”], the method comprising: receiving, by an access control management system, from a first computing device, information associated with an encrypted data object [par. 0051, the event attestation could be encrypted using the manufacturer key (symmetric or private key) and then decrypted at validation in order to check that the attestation is valid]; requesting, by the access control management system, from a verifier, verification that a second computing device executes a process in accordance with a process attribute identified in the information associated with the encrypted data object [par. 0178, device (second device) transmits a request to the service provider (access control management system), specifying all, or a subset of, the event attestations stored in the device (second device). The request is forwarded to the validation apparatus (verifier) by the service provider (access control management system), par. 0002, “For example a cryptographic key (process attribute) may be embedded in the device during manufacture and the device can later use that key to prove to an external verifier that the device meets the required properties”]; and sending, by the access control management system, to the second computing device, the received information associated with the encrypted data object, responsive to the verification of the process attribute [par. 0067, the device may receive a signal from the service provider (access control management) to indicate that access has been enabled. par. 0080, validation message may be accompanied by a device report which may provide certain information about the device].
Hayton et al. does not explicitly disclose requesting verification further comprises requesting verification that the second computing device has at least one of a machine hardware attribute and a machine software attribute.
However Jackson et al. teaches requesting verification further comprises requesting verification that the second computing device has at least one of a machine hardware attribute and a machine software attribute [par. 15, “gather data about software, hardware, and usage attributes of the mobile device…. compare those attributes to a known fingerprint of the device to confirm that the mobile device being used for 2fa is the intended device”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Jackson et al. into the teaching of Hayton et al. with the motivation such that device may be determined trustworthy for access to some resources as taught by Jackson et al. [Jackson et al.: par. 0018].
They do not explicitly disclose the first computing device transmitting the encrypted data object to a second computing device.
However, Humphries et al. teaches the first computing device transmitting the encrypted data object to a second computing device [par. 0161, “original key material is inferred based on hardware and software properties readily available to the key vault 632, and to ensure that key material uses non-standard or varying algorithms”, par. 0237, “transmit a portable encrypted data object”, par. 0250, “attaching the portable encrypted container to the communication, and transmitting the communication and the portable encrypted container to the recipient through the second interface”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Humphries et al. into the teaching of Hayton et al. and Jackson et al. with the motivation to improve security of the key vault and for enhancing perimeter security for outbound content as taught by Humphries et al. [Humphries et al.: par. 0161, par. 0238].
Regarding claim 4, the rejection of claim 1 is incorporated.
Hayton et al. further teaches requesting verification further comprises requesting verification upon receiving, by the access control management system, from the second computing device, a request for the information associated with the encrypted data object [par. 0178, device (second device) transmits a request to the service provider (access control management system), specifying all, or a subset of, the event attestations stored in the device (second device). The request is forwarded to the validation apparatus (verifier) by the service provider (access control management system), par. 0002, “For example a cryptographic key (process attribute) may be embedded in the device during manufacture and the device can later use that key to prove to an external verifier that the device meets the required properties”].
Claims 2-3 are rejected under 35 U.S.C. 103 as being unpatentable over Hayton et al. (US 2018/0198604 A1), Jackson et al. (US 2018/0288060 A1) and Humphries et al. (US 2017/0302635 A1) as applied to claims 1 and 4 above, and further in view of Brainard et al. (US 9,467,293 A1).
Regarding claim 2, the rejection of claim 1 is incorporated.
Hayton et al. and Vernia et al. discloses receiving information from a first computing device.
They do not explicitly disclose receiving information including an identifier of each of a plurality of independent verifiers.
However Brainard et al. teaches receiving information including an identifier of each of a plurality of independent verifiers [col. 14, lines 10-19, The other data can include a verifier identifier (V), which may be a value associated with the identity of a particular verifier… The use of the verifier identifier (V) may allow the same user authentication device 120 (with the same secret (K) to be used with verifiers operated by different entities].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Brainard et al. into the teaching of Hayton et al., Jackson et al. and Humphries et al. with the motivation to allow the same user authentication device to be used with verifiers operated by different entities as taught by Brainard et al. [Brainard et al.: col. 14, lines 10-19].
Regarding claim 3, the rejection of claim 1 is incorporated.
Brainard et al. further teaches selecting the independent verifier based upon the identifier in the received information [col. 14, lines 10-19, The other data can include a verifier identifier (V), which may be a value associated with the identity of a particular verifier… The use of the verifier identifier (V) may allow the same user authentication device 120 (with the same secret (K) to be used with verifiers operated by different entities].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Brainard et al. into the teaching of Hayton et al., Jackson et al. and Humphries et al. with the motivation to allow the same user authentication device to be used with verifiers operated by different entities as taught by Brainard et al. [Brainard et al.: col. 14, lines 10-19].
Response to Arguments
Applicant’s arguments, filed on 10/29/2025, with respect to rejection under 35 USC § 103 have been considered but are moot in view of the new ground(s) of rejection.
Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure:
US 12010227 B1 System And Methods For Securing Role Credentials
US 20200287890 A1 ANONYMOUS ATTESTATION
US 20190074981 A1 POST-MANUFACTURE GENERATION OF DEVICE CERTIFICATE AND PRIVATE KEY FOR PUBLIC KEY INFRASTRUCTURE
US 20180351744 A1 SECURE READ-ONLY CONNECTION TO PERIPHERAL DEVICE
US 20180324158 A1 ASSURING EXTERNAL ACCESSIBILITY FOR DEVICES ON A NETWORK
US 20170289197 A1 TRANSPORT LAYER SECURITY TOKEN BINDING AND TRUSTED SIGNING
US 20160112829 A1 METHOD AND SYSTEM FOR PERMISSIONS BASED CONTENT BROADCASTING
US 20130166907 A1 Trusted Certificate Authority To Create Certificates Based On Capabilities Of Processes
US 20050010780 A1 Method And Apparatus For Providing Access To Personal Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393. The examiner can normally be reached on 9AM to 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JASON CHIANG/Primary Examiner, Art Unit 2431