SYSTEM AND METHOD FOR DATA ACCESS MANAGEMENT USING DESTINATION-BASED ENCRYPTION

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 1/6/2026 has been entered. Claims 1, 10, 16 and 21-23 are amendmentClaims 1-14, 16-18 and 21-23 are pending Response to Arguments 1.) Applicant’s amendment to claims 1, 10 and 16 filed on 1/6/2026 regarding, “encrypting only the sensitive data [[of]]within the portion of the data using the portion of the key pair to obtain encrypted data associated with the sensitive data within the portion of the data and unencrypted data associated with the portion of the data without the sensitive data, and providing at least the encrypted data to the requesting device without providing the unencrypted data.” necessitated the new ground(s) of rejection presented in this Office action. Therefore, Applicant's arguments with respect to claims 1-14, 16-18, and 21-23 have been considered but are moot in view of the new ground(s) of rejection. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 1.) Claims 1, 5, 7, 10, 14, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over US 10461942, Vo in view of US 20210124495, Appireddygari and further in view of US 20200252210, Sharfman In regards to claim 1, Vo teaches a method for managing access to data stored in a data storage system, comprising: obtaining a data access request for a portion of the data(US 10461942, Vo, col. 1, lines 47-53, signing a certificate using the instance of the rotating security code, wherein the certificate is an assertion that the user device is authorized to access secure information; encrypting the certificate using the first cryptographic key; and communicating the encrypted certificate to a service that verifies, based on the certificate, that the user device is authorized to access secure information.[i.e. note: where a user/device implicitly requests access to data by initiating an authorization process]); making a first determination regarding whether a requesting device and a user of the requesting device can be validated(US 10461942, Vo, col. 3, line 60-col. 4, line 5, (8) In some implementations, additional factors may be used to ensure that the user device and/or user of the user device is authorized to access the secure information. For example, an initial authentication of the user may be performed based on authentication data such as biometric data (e.g., the user's swiped fingerprint), a personal identification number (PIN) of the user, and/or other authentication data provided by the user. If the user is successful authenticated based on the authentication data, device verification may proceed based on the certificate signed by the security code. In some implementations, an additional device identifier (ID) may also be used to verify the user device); and Vo does not teach in a first instance of the first determination, where both the requesting device and the user are validated: making a second determination , using a classification of the portion of the data that is stored as metadata of the portion of the data, regarding whether the portion of the data comprises sensitive data, and in a first instance of the second determination, where the portion of the data comprises the sensitive data: identifying a portion of a key pair associated with the requesting device and the user , the portion of the key pair being stored in a storage of the data storage system prior to the obtaining the data access request; encrypting only the sensitive data within the portion of the data using the portion of the key pair to obtain encrypted data associated with the sensitive data within the portion of the data and unencrypted data associated with the portion of the data without the sensitive data; and providing at least the encrypted data to the requesting device without providing the unencrypted data However, Appireddygari teaches in a first instance of the first determination, where both the requesting device and the user are validated: making a second determination, using a classification of the portion of the data that is stored as metadata of the portion of the data, regarding whether the portion of the data comprises sensitive data, and in a first instance of the second determination, where the portion of the data comprises the sensitive data(US 20210124495, Appireddygari, para. 0053, a virtual machine may host a database that stores hospital records. The classification data may include metadata that specifies the type of data in the database. The classification data may be analyzed to identify the type of data. The backup classification may be performed by an analysis engine of a data processor of the backup server. The analysis engine, based on the data classification, may determine that the hospital records are highly sensitive data.): identifying a portion of a key pair associated with the requesting device and the user, the portion of the key pair being stored in a storage of the data storage system prior to the obtaining the data access request (US 20210124495, Appireddygari, para. 0036, The key manager (126C) may further include information that specifies the users that are allowed to access the data encrypted in the processed backups (152, 154). For example, the backup server (120A) may perform user authentication using the information stored in the key manager (126C) to determine whether a user requesting to access encrypted data is permitted to access the encrypted data); It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Vo with the teaching of Appireddygari because a user would have been motivated to provide access to sensitive data, taught by Appireddygari, for use by the multi-factor authentication system, taught by Vo, when a determination is established that the sensitivity data is associated with the user taught by Vo ( Appireddygari, para. 0036); the combination of Vo and Appireddygari do not teach encrypting only the sensitive data within the portion of the data using the portion of the key pair to obtain encrypted data associated with the sensitive data within the portion of the data and unencrypted data associated with the portion of the data without the sensitive data; and providing at least the encrypted data to the requesting device without providing the unencrypted data However, Sharfman teaches encrypting only the sensitive data within the portion of the data using the portion of the key pair to obtain encrypted data associated with the sensitive data within the portion of the data and unencrypted data associated with the portion of the data without the sensitive data(US 20200252210, Sharfman, para. 0034, as will be discussed in greater detail herein, form field data for a given electronic form may be selectively encrypted, where field data designated as sensitive (e.g., via a field to sensitivity mapping) may be encrypted for storage, transmission, and display, and non-sensitive or public form field data may be stored in the attachment in an unencrypted form (e.g., in plain text)… different keys may be associated with different fields, where different users may be granted access to different sets of keys associated with the document.); and providing at least the encrypted data to the requesting device without providing the unencrypted data(US 20200252210, Sharfman, para. 0043, a given electronic form and payload of encrypted data may be transmitted from the provider to the recipient,). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo and Appireddygari with the teaching of Sharfman because a user would have been motivated to use non-encrypted data information, taught by Sharfman, in order to determine which key should be used for decrypting the encrypted data used in the system taught by the combination of Vo and Appireddygari(Sharfman, para. 0033) In regards to claim 5, the combination of Vo, Appireddygari and Sharfman teach the method of claim 1, further comprising: in a second instance of the first determination, where at least one of the requesting device and the user are not validated, denying the data access request(US 10461942, Vo, col. 7, lines 46-53, based on an indication that the user device 102 has been stolen or otherwise compromised, the server device(s) 126 may send a signal to the user device 102 that causes the user device 102 to prevent access to the secure data storage 112 on the user device 102 that stores the private key 118, thus barring the process that uses the private key 118 to sign the certificate 124 and assert authorization to access secure information.). In regards to claim 7, the combination of Vo, Appireddygari and Sharfman teach the method of claim 1, wherein the requesting device is registered with the data storage system prior to obtaining the data access request(US 10461942, Vo, Col. 6, lines 20-27, The device ID 116 may have been previously issued to and stored on the user device 102 during a registration process through which the user device 102 is registered with a backend service (e.g., provided by the server device(s) 126). In some implementations, the device ID 116 may have been issued by an external security service such as that provided by Verisign, Inc.™). In regards to claim 10, Vo teaches a non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations for managing access to data stored in a data storage system, the operations comprising: obtaining a data access request for a portion of the data(US 10461942, Vo, col. 1, lines 47-53, signing a certificate using the instance of the rotating security code, wherein the certificate is an assertion that the user device is authorized to access secure information; encrypting the certificate using the first cryptographic key; and communicating the encrypted certificate to a service that verifies, based on the certificate, that the user device is authorized to access secure information.[i.e. note: where a user/device implicitly requests access to data by initiating an authorization process]); making a first determination regarding whether a requesting device and a user of the requesting device can be validated(US 10461942, Vo, col. 3, line 60-col. 4, line 5, (8) In some implementations, additional factors may be used to ensure that the user device and/or user of the user device is authorized to access the secure information. For example, an initial authentication of the user may be performed based on authentication data such as biometric data (e.g., the user's swiped fingerprint), a personal identification number (PIN) of the user, and/or other authentication data provided by the user. If the user is successful authenticated based on the authentication data, device verification may proceed based on the certificate signed by the security code. In some implementations, an additional device identifier (ID) may also be used to verify the user device); and Vo does not teach in a first instance of the first determination, where both the requesting device and the user are validated: making a second determination, using a classification of the portion of the data that is stored as metadata of the portion of the data, regarding whether the portion of the data comprises sensitive data, and in a first instance of the second determination, where the portion of the data comprises the sensitive data: identifying a portion of a key pair associated with the requesting device and the user; encrypting only the sensitive data within the portion of the data using the portion of the key pair to obtain encrypted data associated with the sensitive data within the portion of the data and unencrypted data associated with the portion of the data without the sensitive data; and providing at least the encrypted data to the requesting device without providing the unencrypted data However, Appireddygari teaches in a first instance of the first determination, where both the requesting device and the user are validated: making a second determination, using a classification of the portion of the data that is stored as metadata of the portion of the data, regarding whether the portion of the data comprises sensitive data, and in a first instance of the second determination, where the portion of the data comprises the sensitive data(US 20210124495, Appireddygari, para. 0053, a virtual machine may host a database that stores hospital records. The classification data may include metadata that specifies the type of data in the database. The classification data may be analyzed to identify the type of data. The backup classification may be performed by an analysis engine of a data processor of the backup server. The analysis engine, based on the data classification, may determine that the hospital records are highly sensitive data.): identifying a portion of a key pair associated with the requesting device and the user, the portion of the key pair being stored in a storage of the data storage system prior to the obtaining the data access request(US 20210124495, Appireddygari, para. 0036, The key manager (126C) may further include information that specifies the users that are allowed to access the data encrypted in the processed backups (152, 154). For example, the backup server (120A) may perform user authentication using the information stored in the key manager (126C) to determine whether a user requesting to access encrypted data is permitted to access the encrypted data); It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Vo with the teaching of Appireddygari because a user would have been motivated to provide access to sensitive data, taught by Appireddygari, for use by the multi-factor authentication system, taught by Vo, when a determination is established that the sensitivity data is associated with the user taught by Vo( Appireddygari, para. 0036) the combination of Vo and Appireddygari do not teach encrypting only the sensitive data within the portion of the data using the portion of the key pair to obtain encrypted data associated with the sensitive data within the portion of the data and unencrypted data associated with the portion of the data without the sensitive data; and providing at least the encrypted data to the requesting device without providing the unencrypted data However, Sharfman teaches encrypting only the sensitive data within the portion of the data using the portion of the key pair to obtain encrypted data associated with the sensitive data within the portion of the data and unencrypted data associated with the portion of the data without the sensitive data(US 20200252210, Sharfman, para. 0034, as will be discussed in greater detail herein, form field data for a given electronic form may be selectively encrypted, where field data designated as sensitive (e.g., via a field to sensitivity mapping) may be encrypted for storage, transmission, and display, and non-sensitive or public form field data may be stored in the attachment in an unencrypted form (e.g., in plain text)… different keys may be associated with different fields, where different users may be granted access to different sets of keys associated with the document.); and providing at least the encrypted data to the requesting device without providing the unencrypted data(US 20200252210, Sharfman, para. 0043, a given electronic form and payload of encrypted data may be transmitted from the provider to the recipient,). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo and Appireddygari with the teaching of Sharfman because a user would have been motivated to use non-encrypted data information, taught by Sharfman, in order to determine which key should be used for decrypting the encrypted data used in the system taught by the combination of Vo and Appireddygari(Sharfman, para. 0033). In regards to claim 14, the combination of Vo, Appireddygari and Sharfman teach the non-transitory machine-readable medium of claim 10, the operations further comprising: in a second instance of the first determination, where at least one of the requesting device and the user are not validated, denying the data access request(US 10461942, Vo, col. 7, lines 46-53, based on an indication that the user device 102 has been stolen or otherwise compromised, the server device(s) 126 may send a signal to the user device 102 that causes the user device 102 to prevent access to the secure data storage 112 on the user device 102 that stores the private key 118, thus barring the process that uses the private key 118 to sign the certificate 124 and assert authorization to access secure information.). In regards to claim 16, Vo teaches a data processing system, comprising: a processor(US 10461942, Vo, col. 2, lines 23-25, The present disclosure also provides a computer-readable storage medium coupled to one or more processors); and a memory coupled to the processor to store instructions, which when executed by the processor, cause the processor to perform operations for managing access to data stored in a data storage system(US 10461942, Vo, col. 2, lines 31-36, The system includes one or more processors, and a computer-readable storage medium coupled to the one or more processors having instructions stored thereon which, when executed by the one or more processors, cause the one or more processors to perform operations in accordance with implementations of the methods provided herein.), the operations comprising: obtaining a data access request for a portion of the data(US 10461942, Vo, col. 1, lines 47-53, signing a certificate using the instance of the rotating security code, wherein the certificate is an assertion that the user device is authorized to access secure information; encrypting the certificate using the first cryptographic key; and communicating the encrypted certificate to a service that verifies, based on the certificate, that the user device is authorized to access secure information.[i.e. note: where a user/device implicitly requests access to data by initiating an authorization process]), making a first determination regarding whether a requesting device and a user of the requesting device can be validated(US 10461942, Vo, col. 3, line 60-col. 4, line 5, (8) In some implementations, additional factors may be used to ensure that the user device and/or user of the user device is authorized to access the secure information. For example, an initial authentication of the user may be performed based on authentication data such as biometric data (e.g., the user's swiped fingerprint), a personal identification number (PIN) of the user, and/or other authentication data provided by the user. If the user is successful authenticated based on the authentication data, device verification may proceed based on the certificate signed by the security code. In some implementations, an additional device identifier (ID) may also be used to verify the user device), and Vo does not teach in a first instance of the first determination, where both the requesting device and the user are validated: making a second determination, using a classification of the portion of the data that is stored as metadata of the portion of the data, regarding whether the portion of the data comprises sensitive data; and in a first instance of the second determination, where the portion of the data comprises the sensitive data: identifying a portion of a key pair associated with the requesting device and the user, the portion of the key pair being stored in a storage of the data storage system prior to the obtaining the data access request, encrypting only the sensitive data within the portion of the data using the portion of the key pair to obtain encrypted data associated with the sensitive data within the portion of the data and unencrypted data associated with the portion of the data without the sensitive data, and providing at least the encrypted data to the requesting device without providing the unencrypted data However, Appireddygari discloses in a first instance of the first determination, where both the requesting device and the user are validated: making a second determination, using a classification of the portion of the data that is stored as metadata of the portion of the data, regarding whether the portion of the data comprises sensitive data(US 20210124495, Appireddygari, para. 0053, a virtual machine may host a database that stores hospital records. The classification data may include metadata that specifies the type of data in the database. The classification data may be analyzed to identify the type of data. The backup classification may be performed by an analysis engine of a data processor of the backup server. The analysis engine, based on the data classification, may determine that the hospital records are highly sensitive data.); and in a first instance of the second determination, where the portion of the data comprises the sensitive data: identifying a portion of a key pair associated with the requesting device and the user, the portion of the key pair being stored in a storage of the data storage system prior to the obtaining the data access request(US 20210124495, Appireddygari, para. 0036, The key manager (126C) may further include information that specifies the users that are allowed to access the data encrypted in the processed backups (152, 154). For example, the backup server (120A) may perform user authentication using the information stored in the key manager (126C) to determine whether a user requesting to access encrypted data is permitted to access the encrypted data), It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Vo with the teaching of Appireddygari because a user would have been motivated to provide access to sensitive data, taught by Appireddygari, for use by the multi-factor authentication system, taught by Vo, when a determination is established that the sensitivity data is associated with the user taught by Vo ( Appireddygari, para. 0036) the combination of Vo and Appireddygari do not teach encrypting only the sensitive data within the portion of the data using the portion of the key pair to obtain encrypted data associated with the sensitive data within the portion of the data and unencrypted data associated with the portion of the data without the sensitive data, and providing at least the encrypted data to the requesting device without providing the unencrypted data However, Sharfman teaches encrypting only the sensitive data within the portion of the data using the portion of the key pair to obtain encrypted data associated with the sensitive data within the portion of the data and unencrypted data associated with the portion of the data without the sensitive data(US 20200252210, Sharfman, para. 0034, as will be discussed in greater detail herein, form field data for a given electronic form may be selectively encrypted, where field data designated as sensitive (e.g., via a field to sensitivity mapping) may be encrypted for storage, transmission, and display, and non-sensitive or public form field data may be stored in the attachment in an unencrypted form (e.g., in plain text)… different keys may be associated with different fields, where different users may be granted access to different sets of keys associated with the document.), and providing at least the encrypted data to the requesting device without providing the unencrypted data(US 20200252210, Sharfman, para. 0043, a given electronic form and payload of encrypted data may be transmitted from the provider to the recipient,). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo and Appireddygari with the teaching of Sharfman because a user would have been motivated to use non-encrypted data information, taught by Sharfman, in order to determine which key should be used for decrypting the encrypted data used in the system taught by the combination of Vo and Appireddygari(Sharfman, para. 0033). 2.) Claims 2-4, 11-13, and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over US 10461942, Vo in view of US 20210124495, Appireddygari and further in view of US 20200252210, Sharfman and further in view of US 20230401300, Pan In regards to claim 2, the combination of Vo, Appireddygari and Sharfman teach the method of claim 1, further comprising: prior to obtaining the data access request: performing a registration process for the user and the requesting device with respect to the data storage system(US 10461942, Vo, col. 5, lines 58-63, In some instances, the user authentication module(s) 106 may receive the authentication data 108 and make one or more calls out to an external service (e.g., executing on the server device(s) 126) to request authentication of the user 104 based on previously collected and stored authentication data for the user 104. Col. 6, lines 20-27, The device ID 116 may have been previously issued to and stored on the user device 102 during a registration process through which the user device 102 is registered with a backend service (e.g., provided by the server device(s) 126). In some implementations, the device ID 116 may have been issued by an external security service such as that provided by Verisign, Inc.™), the combination of Vo, Appireddygari and Sharfman do not teach the registration process generating the key pair, and distributing portions of the key pair to the requesting device and the data storage system However, Pan teaches the registration process generating the key pair, and distributing portions of the key pair to the requesting device and the data storage system (US 20230401300, Pan, para. 0106, Two devices each generate a pair of a random public key and a random private key, perform signature on the random public key by using respective device private keys, and exchange the signed random public keys.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo and Appireddygari with the teaching of Pan because a user would have been motivated to share biometric data between devices, taught by Pan, in order to provide access to sensitive data, taught by the combination of Vo and Appireddygari, when a device is substituted by a replacement device(Pan, para. 0006) In regards to claim 3, the combination of Vo, Appireddygari and Sharfman teach the method of claim 2. the combination of Vo, Appireddygari and Sharfman do not teach wherein distributing the portions of the key pair comprises: obtaining a public key certificate based on a public key of the key pair; and providing the public key certificate to the data storage system, the data storage system associating the public key certificate with both the requesting device and the user However, Pan teaches wherein distributing the portions of the key pair comprises: obtaining a public key certificate based on a public key of the key pair(US 20230401300, Pan, para. 0129, S603: The first electronic device performs session key negotiation by using a device public key in the device certificate of the second electronic device,); and providing the public key certificate to the data storage system, the data storage system associating the public key certificate with both the requesting device and the user(US 20230401300, Pan, para. 0128, The device certificates exchanged in this operation are device certificates preset in the electronic devices on a production line. For example, as shown in FIG. 6B, a device certificate preset in the first electronic device on the production line is a device certificate at a trusted execution environment (TEE) level. Device certificates preset in the second electronic device on the production line are a device certificate at the TEE level and a device certificate at a secure element (SE) level.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo, Appireddygari and Sharfman with the teaching of Pan because a user would have been motivated to share biometric data between devices, taught by Pan, in order to provide access to sensitive data, taught by the combination of Vo, Appireddygari and Sharfman, when a device is substituted by a replacement device(Pan, para. 0006) In regards to claim 4, the combination of Vo, Appireddygari and Sharfman teach the method of claim 1. The combination of Vo, Appireddygari and Sharfman do not teach wherein providing at least the encrypted data comprises sending the encrypted data via a secure communication channel However, Pan teaches wherein providing at least the encrypted data comprises sending the encrypted data via a secure communication channel (US 20230401300, Pan, para. 0179-0180, [0179] S901: In a pre-sharing phase, perform authentication between a first electronic device and a second electronic device. [0180] This phase is mainly used to authenticate whether a peer device has a trusted execution environment and/or whether the trusted execution environment meets a specified security level. This phase is used to establish a secure transmission channel between the first electronic device and the second electronic device.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo, Appireddygari and Sharfman with the teaching of Pan because a user would have been motivated to share biometric data between devices, taught by Pan, in order to provide access to sensitive data, taught by the combination of Vo, Appireddygari and Sharfman, when a device is substituted by a replacement device(Pan, para. 0006) In regards to claim 11, the combination of Vo, Appireddygari and Sharfman teach the non-transitory machine-readable medium of claim 10, the operations further comprising: prior to obtaining the data access request: performing a registration process for the user and the requesting device with respect to the data storage system(US 10461942, Vo, col. 5, lines 58-63, In some instances, the user authentication module(s) 106 may receive the authentication data 108 and make one or more calls out to an external service (e.g., executing on the server device(s) 126) to request authentication of the user 104 based on previously collected and stored authentication data for the user 104. Col. 6, lines 20-27, The device ID 116 may have been previously issued to and stored on the user device 102 during a registration process through which the user device 102 is registered with a backend service (e.g., provided by the server device(s) 126). In some implementations, the device ID 116 may have been issued by an external security service such as that provided by Verisign, Inc.™), The combination of Vo, Appireddygari and Sharfman do not teach the registration process generating the key pair, and distributing portions of the key pair to the requesting device and the data storage system However, Pan teaches the registration process generating the key pair, and distributing portions of the key pair to the requesting device and the data storage system (US 20230401300, Pan, para. 0106, Two devices each generate a pair of a random public key and a random private key, perform signature on the random public key by using respective device private keys, and exchange the signed random public keys.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo, Appireddygari and Sharfman with the teaching of Pan because a user would have been motivated to share biometric data between devices, taught by Pan, in order to provide access to sensitive data, taught by the combination of Vo, Appireddygari and Sharfman, when a device is substituted by a replacement device(Pan, para. 0006) In regards to claim 12, the combination of Vo, Appireddygari, Sharfman and Pan teach the non-transitory machine-readable medium of claim 11, wherein distributing the portions of the key pair comprises: obtaining a public key certificate based on a public key of the key pair(US 20230401300, Pan, para. 0129, S603: The first electronic device performs session key negotiation by using a device public key in the device certificate of the second electronic device,); and providing the public key certificate to the data storage system, the data storage system associating the public key certificate with both the requesting device and the user(US 20230401300, Pan, para. 0128, The device certificates exchanged in this operation are device certificates preset in the electronic devices on a production line. For example, as shown in FIG. 6B, a device certificate preset in the first electronic device on the production line is a device certificate at a trusted execution environment (TEE) level. Device certificates preset in the second electronic device on the production line are a device certificate at the TEE level and a device certificate at a secure element (SE) level.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo, Appireddygari and Sharfman with the teaching of Pan because a user would have been motivated to share biometric data between devices, taught by Pan, in order to provide access to sensitive data, taught by the combination of Vo, Appireddygari and Sharfman, when a device is substituted by a replacement device(Pan, para. 0006) In regards to claim 13, the combination of Vo, Appireddygari and Sharfman teach the non-transitory machine-readable medium of claim 10. The combination of Vo, Appireddygari and Sharfman do not teach wherein providing at least the encrypted data comprises sending the encrypted data via a secure communication channel However, Pan teaches wherein providing at least the encrypted data comprises sending the encrypted data via a secure communication channel(US 20230401300, Pan, para. 0179-0180, [0179] S901: In a pre-sharing phase, perform authentication between a first electronic device and a second electronic device. [0180] This phase is mainly used to authenticate whether a peer device has a trusted execution environment and/or whether the trusted execution environment meets a specified security level. This phase is used to establish a secure transmission channel between the first electronic device and the second electronic device.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo, Appireddygari and Sharfman with the teaching of Pan because a user would have been motivated to share biometric data between devices, taught by Pan, in order to provide access to sensitive data, taught by the combination of Vo, Appireddygari and Sharfman, when a device is substituted by a replacement device(Pan, para. 0006) In regards to claim 17, the combination of Vo, Appireddygari and Sharfman teach the data processing system of claim 16, the operations further comprising: prior to obtaining the data access request: performing a registration process for the user and the requesting device with respect to the data storage system(US 10461942, Vo, col. 5, lines 58-63, In some instances, the user authentication module(s) 106 may receive the authentication data 108 and make one or more calls out to an external service (e.g., executing on the server device(s) 126) to request authentication of the user 104 based on previously collected and stored authentication data for the user 104. Col. 6, lines 20-27, The device ID 116 may have been previously issued to and stored on the user device 102 during a registration process through which the user device 102 is registered with a backend service (e.g., provided by the server device(s) 126). In some implementations, the device ID 116 may have been issued by an external security service such as that provided by Verisign, Inc.™), The combination of Vo, Appireddygari and Sharfman do not teach the registration process generating the key pair, and distributing portions of the key pair to the requesting device and the data storage system However, Pan teaches the registration process generating the key pair, and distributing portions of the key pair to the requesting device and the data storage system (US 20230401300, Pan, para. 0106, Two devices each generate a pair of a random public key and a random private key, perform signature on the random public key by using respective device private keys, and exchange the signed random public keys.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo, Appireddygari and Sharfman with the teaching of Pan because a user would have been motivated to share biometric data between devices, taught by Pan, in order to provide access to sensitive data, taught by the combination of Vo, Appireddygari and Sharfman, when a device is substituted by a replacement device(Pan, para. 0006) In regards to claim 18, the combination of Vo, Appireddygari, Sharfman and Pan teach the data processing system of claim 17, wherein distributing the portions of the key pair comprises: obtaining a public key certificate based on a public key of the key pair(US 20230401300, Pan, para. 0129, S603: The first electronic device performs session key negotiation by using a device public key in the device certificate of the second electronic device,); and providing the public key certificate to the data storage system, the data storage system associating the public key certificate with both the requesting device and the user(US 20230401300, Pan, para. 0128, The device certificates exchanged in this operation are device certificates preset in the electronic devices on a production line. For example, as shown in FIG. 6B, a device certificate preset in the first electronic device on the production line is a device certificate at a trusted execution environment (TEE) level. Device certificates preset in the second electronic device on the production line are a device certificate at the TEE level and a device certificate at a secure element (SE) level.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo, Appireddygari and Sharfman with the teaching of Pan because a user would have been motivated to share biometric data between devices, taught by Pan, in order to provide access to sensitive data, taught by the combination of Vo, Appireddygari and Sharfman, when a device is substituted by a replacement device(Pan, para. 0006) 3.) Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over US 10461942, Vo in view of US 20210124495, Appireddygari and further in view of US 20200252210, Sharfman and further in view of US 20130061307, Livne In regards to claim 6, the combination of Vo, Appireddygari and Sharfman teach the method of claim 1. The combination of Vo, Appireddygari and Sharfman do not teach further comprising: in a second instance of the second determination, where the portion of the data does not comprise the sensitive data, providing the portion of the data to the requesting device However, Livne teaches teach further comprising: in a second instance of the second determination, where the portion of the data does not comprise the sensitive data, providing the portion of the data to the requesting device(US 20130061307, Livne, para. 0130, If a malware or an attacker gains access to the mobile device, the only information that can therefore be accessed is the non-protected items of the messages, which display only non-sensitive data.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo, Appireddygari and Sharfman with the teaching of Livne because a user would have been motivated to enhance data security, taught by the combination of Vo, Appireddygari and Sharfman, by requiring authentication of a buffer server key in addition to a device key and user ID, taught by Livne, before providing requested information to a user device(Livne, para. 0005) 4.) Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over US 10461942, Vo in view of US 20210124495, Appireddygari and further in view of US 20200252210, Sharfman and further in view of US 20100275012, Kido In regards to claim 8, the combination of Vo, Appireddygari and Sharfman teach the method of claim 7. The combination of Vo, Appireddygari and Sharfman do not teach wherein the key pair is established through a registration process of the requesting device with the data storage system However, Kido teaches wherein the key pair is established through a registration process of the requesting device with the data storage system(US 20100275012, Kido, para. 0101, The registration server generates the key pair by means of key pair generating means 70 and generates the CSR by means of CSR generating means 71 followed by receiving the server certificate request.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo, Appireddygari and Sharfman with the teaching of Kido because a user would have been motivated to provide certificate authentication assurance, taught by Kido, in order to establish secure web browsing usage during data retrieval in the system taught by the combination of Vo, Appireddygari and Sharfman(Kido, para. 0024)5.) Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over US 10461942, Vo in view of US 20210124495, Appireddygari and further in view of US 20200252210, Sharfman and further in view of US 20100275012, Kido and further in view of US 20230401300, Pan In regards to claim 9, the combination of Vo, Appireddygari and Kido teach the method of claim 8. The combination of Vo, Appireddygari and Kido do not teach wherein the portion of the key pair comprises a public key stored in a public key certificate, the public key certificate facilitating validation of the public key However, Pan teaches wherein the portion of the key pair comprises a public key stored in a public key certificate, the public key certificate facilitating validation of the public key (US 20230401300, Pan, para. 0129, S603: The first electronic device performs session key negotiation by using a device public key in the device certificate of the second electronic device,). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Vo with the teaching of Pan because a user would have been motivated to share biometric data between devices, taught by Pan, in order to provide access to sensitive data, taught by the combination of Vo, Appireddygari, and Kido when a device is substituted by a replacement device(Pan, para. 0006)6.) Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over US 10461942, Vo in view of US 20210124495, Appireddygari and further in view of US 20200252210, Sharfman and further in view of US 11665145, Mitter In regards to claim 21, the combination of Vo, Appireddygari and Sharfman teach the method of claim 1. The combination of Vo, Appireddygari and Sharfman do not teach wherein during a registration process for registering the user and the requesting device with the data storage system:after the requesting device is registered with the data storage system, the data storage system internally associates the portion of the key pair with the requesting device while storing the portion of the key pair in the storage, the portion of the key pair being a public key generated for the requesting device that corresponds to a private key generated for the requesting device, and the key pair being generated as a key pair registered to only the requesting device, and no key pairs registered to the data storage system are generated for the data storage system during the registration process However, Mitter teaches wherein during a registration process for registering the user and the requesting device with the data storage system:after the requesting device is registered with the data storage system, the data storage system internally associates the portion of the key pair with the requesting device while storing the portion of the key pair in the storage, the portion of the key pair being a public key generated for the requesting device that corresponds to a private key generated for the requesting device, and the key pair being generated as a key pair registered to only the requesting device, and no key pairs registered to the data storage system are generated for the data storage system during the registration process (US 11665145, Mitter, col. 3, lines 61-67, In particular, an embodiment of the present general inventive concept allows a first user to register multiple devices to the service, each with their own unique asymmetric public-private key pair, the public key of which is published to the profile of the first user to facilitate distribution of all of the public keys representing currently registered devices of the first user), and the key pair being generated as a key pair registered to only the requesting system, and no key pairs registered to the data storage system are generated for the data storage system during the registration process(US 11665145, Mitter, col. 8, lines 45-49, An auditor, or designee, generates a unique auditor asymmetric public-private key pair, the public key of which is published to the providers server representing the auditor, while the auditors asymmetric private key is never provided to, maintained, or stored by the provider.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo, Appireddygari and Sharfman with the teaching of Mitter because a user would have been motivated to provide data security by providing secure end-to-end encrypted communications while reducing key management burdens(Mitter, col. 2, lines 33-36) 7.) Claims 22 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over US 10461942, Vo in view of US 20210124495, Appireddygari and further in view of US 20200252210, Sharfman and further in view of US 11665145, Mitter and further in view of US 20180167809, Vendelbo In regards to claim 22, the combination of Vo, Appireddygari, Sharfman and Mitter teach the method of claim 21. The combination of Vo, Appireddygari, Sharfman and Mitter do not teach wherein the requesting device is registered with the data storage system without using the key pair, and the key pair is generated and provided to the data storage system after the requesting device has successfully completed a registration process to register the requesting device with the data storage system, the requesting device not having a copy of the key pair stored therein during performance of the registration process with the data storage systemHowever, Vendelbo teaches wherein the requesting device is registered with the data storage system without using the key pair, and the key pair is generated and provided to the data storage system after the requesting device has successfully completed a registration process to register the requesting device with the data storage system, the requesting device not having a copy of the key pair stored therein during performance of the registration process with the data storage system(US 20180167809, Vendelbo, para. 0023, transmitting security data of the hearing device, wherein the security data is indicative of an authentication type applied in the hearing device; transmitting first authentication material; receiving a first authentication request comprising a first authentication type identifier and first authentication data; verifying the first authentication data; and determining and storing an authentication key if the first authentication data is successfully verified.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo, Appireddygari, Sharfman and Mitter with the teaching of Vendelbo because a user would have been motivated to enhance hardware security between devices, taught by the combination of Vo, Appireddygari, Sharfman and Mitter, by applying device authentication procedures taught by Vendelbo(Vendelbo, para. 0137 and 0138). In regards to claim 23, the combination of Vo, Appireddygari, Sharfman, Mitter and Vendelbo teach the method of claim 22, wherein the key pair is generated and provided to the data storage system by a registration system that is separate from and operates independently of both the data storage system and the requesting device(US 11665145, Mitter, col. 4, lines 4-9, The present general inventive concept also provides for the linking of zero, one, or more auditors to a first user's profile to facilitate the distribution of the asymmetric auditor public keys representing each auditor linked to a first user profile to a second user wishing to send the first user a secure message where an audit trail is required.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of the combination of Vo, Appireddygari, Sharfman and Vendelbo with the teaching of Mitter because a user would have been motivated to provide data security by providing secure end-to-end encrypted communications while reducing key management burdens(Mitter, col. 2, lines 33-36) CONCLUSION Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY LANE whose telephone number is (571)270-7469. The examiner can normally be reached on 571 270 7469 from 8:00 AM to 6:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Taghi Arani, can be reached on 571 272 3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). /GREGORY A LANE/Examiner, Art Unit 2438 /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438