SYSTEM AND METHOD FOR GENERATING A CRYPTOGRAPHIC KEY

Notice of Pre-AIA or AIA Status 1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments 2. Applicant’s arguments filed on 09/18/2025, with respect to the U.S.C. 103 rejection of claims 2, 4, 5, 7-12, 14-17 and 19- 21 as being unpatentable over U.S. Publication No. 20130268775 hereinafter Hawkins and further in view of U.S. Publication No. 20140372754 hereinafter Aissi, and further in view of U.S. Publication No. 20140201644 hereinafter Williams have been fully considered. However, upon further consideration, a new ground(s) of rejection is made in view of amended claims. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 5. Claim 2, 4, 5, 7-12, 14-17 and 19- 21 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 20130268775 hereinafter Hawkins and further in view of U.S. Publication No. 20140372754 hereinafter Aissi, and further in view of U.S. Publication No. 20140201644 hereinafter Williams, and further in view of U.S. Publication No. 20040010721 hereinafter Kirovski. As per claim 1, Hawkins discloses: A computer-implemented method for generating a cryptographic key for encrypting data (para 0032 “In some embodiments, the method comprises using the security code to generate an encryption key that may be used to decrypt stored data to be displayed on said display or on a further, different, display.”), comprising: under control of a computing system comprising one or more computing devices configured to execute specific instructions, receiving user input to select one or more locations within said one or more images (Fig. 3, para 0085 “At step $300, the computing device 100 receives user input to select one or more images. The computing device 100 then displays the selected images on the display 116 at step S302. The image or images may occupy the whole of the display 116, or may only occupy a portion of the display 116. In some embodiments, the image or images may be displayed in a window environment that the user may be able to move within the display. In some embodiments, several images may be displayed in a timed sequence, or in a video sequence that appears to the user as a continuously moving scene.”) extracting raw data from a plurality of segments (para 0070 “The graphics processing component 114 may generate a transformation map that is stored in RAM 108, and used to convert pixel locations as defined in the image or video file into the coordinates of imaging elements 117. The transformation map may be updated as the image or video is moved to different portions of the display 116.” Fig. 3, Para 0123 “In order for the security application to define a set of locations (step S306) and determine values of display parameters associated with the defined set of locations (step S308), the security application’ 40 may decompress the image file to access the coordinate and display parameter values, when generating a security code (step $310).” In order to finish the process of generating the security code, the images must meet the complexity threshold to complete the process and end the selection process.”) and creating a cryptographic key (para 0094 “By determining values derived from the display parameters, the security application 140 has access to a large amount of raw data from which to generate a security code. Further, since display parameter values, such as color values, typically exhibit a high degree of variation across an image, security codes generated based on these values have a high degree of entropy.” Para 0095 “Finally, at step S310, the computing device generates a security code based on the defined set of locations. The generation of the security code is described in greater detail below. The security code maybe used by the security application 140 to generate an encryption key, or may use directly as an encryption key.”) Hawkins does not disclose: wherein one or more data resources are presented as a gallery of images; wherein a single image of the gallery of images is presented with a grid overlay that segments the single image into a plurality of selectable segments extracting raw data from a plurality of segments selected from at least the plurality of selectable segments, wherein the raw data is data stored within a computer- readable memory prior to generation of images of the gallery of images modifying the raw data extracted from the plurality of segments to generate a plurality a modified data segments storing the plurality of modified data segments in a storage sequence corresponding to a selection sequence in which the plurality of segments are selected by a user and creating a cryptographic key the plurality of modified data segments for use in encrypting plaintext data using the cryptographic key, and storing the cryptographic key in a computer- readable memory Aissi discloses: wherein one or more data resources are presented as a gallery of images (Fig. 6, para 0021 “In some embodiments, a user may select a subset of images from a plurality of images presented to the user. The user's selection of authentication images may be used to generate an image- based derived key using an image-based key derivation function.” Para 0051 “ At step 401, server computer 104 provides a plurality of authentication images to client computer 102. The plurality of authentication images may be selected by server computer 104 using image selection module 105(E), and may comprise any suitable set of images (e.g., a set of images stored in image database 105). In some embodiments, user 101 may select a category or theme for the set of images, such as bodies of water, United States presidents, etc. In other embodiments, the images may be randomly selected from all images maintained by server computer 104.”); extracting raw data from a plurality of segments selected from the one or more data resources (para 0060 “ At step 405, server computer 104 determines an image-based derived key from the images selected by user 101 and an image-based key derivation function. An "image-based key derivation function" (IBKDF) may include any key derivation function wherein an input value is generated from a plurality of images. Any suitable aspect of the images may be used as input. For example, in some cases, an image identifier or image metadata associated with the image may be used as an input to the IBKDF. In some cases, a hash or other function may be applied to an image, and the resulting value may be used as an input to the IBKDF. In some cases, the some or all of the image data (e.g., pixel properties of some or all of the pixels in the image) of the image itself may be used as input to the IBKDF. In some embodiments, the input to the IBKDF may be include a combination of these. The IBKDF may also take as input a number of other parameters, such as a salt value (€.q., a number or string), an iteration count or load factor, and a desired key length. One example of an IBKDF which may be used in some embodiments of the invention is shown in FIG. 7.” Para 0061 “At step 406, server computer 104 stores the image-based derived key in user database 106. Typically, the image-based derived key is associated with an entry in user database 106 corresponding to user 101. In addition, in some embodiments, hashes and/or image identifiers corresponding to the selected authentication images may also be stored in user database 106.” Para 0065 “The image value (I) may represent a numeric value associated with the selection of authentication images. In some embodiments, the image value may be generated by combining identifiers for each selected image. For the selection shown in grid 600, in one embodiment, the soccer player image may be numbered 523, the basketball player may be numbered 135, and the house may be numbered 878. Thus, an image value of 523135878 may be used as an input to the IBKDF. In some embodiments, the image value may be sent by client computer 102 to server computer 104. In other embodiments, the image value may be calculated by server computer 104 using data sent by client computer 102. For example, if the selected images were identified by client computer 102 in row-column format, then server computer 104 may reference the image grid to determine identifiers for each message.”) modifying the raw data extracted from the plurality of segments to generate a plurality a modified data segments (para 0060 “In some cases, a hash or other function may be applied to an image, and the resulting value may be used as an input to the IBKDF. In some cases, the some or all of the image data (e.g., pixel properties of some or all of the pixels in the image) of the image itself may be used as input to the IBKD.” para 0065 “For the selection shown in grid 600, in one embodiment, the soccer player image may be numbered 523, the basketball player may be numbered 135, and the house may be numbered 878. Thus, an image value of 523135878 may be used as an input to the IBKDF.”) storing the plurality of modified data segments in a storage sequence corresponding to a selection sequence in which the plurality of segments are selected by a user (Para 0061 “At step 406, server computer 104 stores the image-based derived key in user database 106. Typically, the image- based derived key is associated with an entry in user database 106 corresponding to user 101. In addition, in some embodiments, hashes and/or image identifiers corresponding to the selected authentication images may also be stored in user database 106.”) and creating a cryptographic key the plurality of modified data segments for use in encrypting plaintext data using the cryptographic key, and storing the cryptographic key in a computer- readable memory (para 0021 “The image- based derived key may be used by a client computer to encrypt data sent toa server, or decrypt data received from the server. In addition, the image- based derived key may be used by a server computer to encrypt data sent to the user, or decrypt data received from the user. Furthermore, an image- based derived key may be used to authenticate the user by comparing the key to a previous key stored for the user.” Para 0061 “At step 406, server computer 104 stores the image-based derived key in user database 106. Typically, the image- based derived key is associated with an entry in user database 106 corresponding to user 101. In addition, in some embodiments, hashes and/or image identifiers corresponding to the selected authentication images may also be stored in user database 106.”), Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method comprises using the security code to generate an encryption key of Hawkins to include wherein one or more data resources are presented as a gallery of images, extracting raw data from a plurality of segments selected from the one or more data resources, wherein the raw data is data stored within a computer- readable memory prior to generation of images of the gallery of images and modifying the raw data extracted from the plurality of segments to generate a plurality a modified data segments, as taught by Aissi. The motivation would have been to generate, store and using an image-based derived key based on raw data. Hawkins in view of Aissi does not disclose: wherein a single image of the gallery of images is presented with a grid overlay that segments the single image into a plurality of selectable segments extracting raw data from a plurality of segments selected from at least the plurality of selectable segments, wherein raw data is data stored within a computer-readable memory prior to generation of images of the gallery of images Williams discloses: wherein raw data is data stored within a computer-readable memory prior to generation of images of the gallery of images (para 0026-0030 “[0026] According to a further aspect of the invention there is provided an apparatus for producing a result digital image from a selection of a plurality of digital images, the apparatus comprising: [0027] a remote computing device having an image management module; the remote computing device being capable to a data network; wherein the image management module accesses a plurality of original (or raw) digital images and generates a respective plurality of preview digital images; [0028] a remote database server for storing the respective preview digital image; the plurality of preview digital images being associated with a job record; [0029] a remote user interface server for presenting a user interface indicative of a job record and enabling viewing of the plurality of preview digital images; [0030] wherein the user interface enables selection of one or more preview digital images, which causes only the respective one or more original (or raw) digital images to be transferred from the remote computing device for access by a photo editing studio.”) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method comprises using the security code to generate an encryption key of Hawkins in view of Aissi to include wherein one or more data resources are presented as a gallery of images and wherein raw data is data stored within a computer- readable memory prior to generation of images of the gallery of images, as taught by Williams. The motivation would have been to generate and store raw data for selection in order to create a secure method of image selection. Hawkins in view of Aissi and Williams does not disclose: wherein a single image of the gallery of images is presented with a grid overlay that segments the single image into a plurality of selectable segments and extracting raw data from a plurality of segments selected from at least the plurality of selectable segments Kirovski discloses: wherein a single image of the gallery of images is presented with a grid overlay that segments the single image into a plurality of selectable segments and extracting raw data from a plurality of segments selected from at least the plurality of selectable segments (para 0061 “Referring to FIG. 8, the image 710 is shown along with a corresponding grid 840. The nature of suitable grids is discussed in more detail below. For purposes of describing a more general exemplary password system, a detailed description of gird determination is not necessary. The grid 840 includes various polygons, such as, hexagons, triangles, and tetragons. Further, various subjectively and/or objectively prominent features lie within various polygons. For example, various tokens, die, bugs, coins, etc. lie, at least partially, within a hexagon.” Para 0062 “Referring to FIG. 9, the grid 840 is shown wherein individual hexagons contain numbers (e.g., 1 to 20). While the grid 840 contains twenty hexagons, other grids optionally contain a set having more or less polygons. Also note that the polygons optionally extend beyond the border of an image (e.g., the image 710) and/or do not entirely fill the entire space of the image (e.g., the image 710). In addition, the boundaries of the polygons are optionally pixilated to correspond to image pixels. According to the instant exemplary password system, a user selects one or more pixels, a group of pixels, a coordinate and/or a set of coordinates. In addition, a user may make several of such selections. For example, a user may select three pixels wherein each pixel has a corresponding set of coordinates.”) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method comprises using the security code to generate an encryption key of Hawkins in view of Aissi and Williams to include wherein a single image of the gallery of images is presented with a grid overlay that segments the single image into a plurality of selectable segments and extracting raw data from a plurality of segments selected from at least the plurality of selectable segments, as taught by Kirovski. The motivation would have been to generate a password from selectable segments within a grid to increase password entropy. As per claim 4, Hawkins in view of Aissi, Williams and Kirovski discloses: The computer-implemented method of claim 3, wherein the raw data extracted from the plurality of segments is modified by encrypting the raw data. (Hawkins para 0032, 0080, and 0081) and (Aissi para 0060). As per claim 5, Hawkins in view of Aissi, Williams and Kirovski discloses: The computer-implemented method of claim 4, wherein the cryptographic key is stored in the computer-readable memory after encrypting the cryptographic key (Hawkins Col. 4 Lines 35-55 “This operation therefore overwrites the encryption key previously stored in that memory fame location. Thus, the mere act of encrypting and writing the frame of video data to the memory 114 causes the corresponding key to be overwritten so that it disappears from the memory 114. This makes the camera 110 and memory 114 completely secure and impervious to decryption by unauthorized sources. All of this requires, of course, that a copy of the encryption key previously recorded on the memory 114 be stored at a secure location so that the encrypted images stored in the memory 114 can be retrieved later.” The motivation would have been to extract and create an encryption key in unique process to increase security of data encrypted). As per claim 7, Hawkins in view of Aissi, Williams and Kirovski discloses: The computer-implemented method of claim 2, wherein a total number of images in the gallery of images is selected by a user (Williams para 0026-0030, The motivation would have been to generate and store raw data for selection in order to create a secure method of image selection). As per claim 8, Hawkins in view of Aissi, Williams and Kirovski discloses: The computer-implemented method of claim 2, wherein the raw data is data stored within the computer-readable memory prior to generation of the single image (Williams para 0026-0030, The motivation would have been to generate and store raw data for selection in order to create a secure method of image selection). As per claim 9, Hawkins in view of Aissi, Williams and Kirovski discloses: The computer-implemented method of claim 8, wherein a total number of grids and dimensions of each grid in the single image is determined by a user (Hawkins Fig. 5, para 0116 “FIG. 5 show one embodiment in which the relatively higher resolution displayed image 400 is divided into a relatively lower resolution array 500 or grid of selectable elements. The relatively lower array 500 of selectable elements is not visible to the user but the security application 140 uses this array 500 of elements when defining the set of locations. By displaying the relatively higher resolution image 400, rather than the relatively lower resolution array 500, the number of possible locations available to an unauthorized user appears to be much greater, making it more difficult for the unauthorized user to guess which features in the image to select.”) As per claim 10, Hawkins in view of Aissi, Williams and Kirovski discloses: The computer-implemented method of claim 9, wherein a data resource of the one or more data resources is presented as the single image (Hawkins Fig. 5, para 0116 “FIG. 5 show one embodiment in which the relatively higher resolution displayed image 400 is divided into a relatively lower resolution array 500 or grid of selectable elements. The relatively lower array 500 of selectable elements is not visible to the user but the security application 140 uses this array 500 of elements when defining the set of locations. By displaying the relatively higher resolution image 400, rather than the relatively lower resolution array 500, the number of possible locations available to an unauthorized user appears to be much greater, making it more difficult for the unauthorized user to guess which features in the image to select.”). As per claim 11, Hawkins in view of Aissi, Williams and Kirovski discloses: The computer-implemented method of claim 2, wherein a data resource of the one or more data resources is presented as a video clip divisible into multiple segments each being a plurality of video frames (Hawkins para 0070). As per claim 12, the implementation of the computer-implemented method of claims 1 and 8 will execute the system of claim 12. The claim is analyzed with respect to claim 1. As per claim 14, the claim is analyzed with respect to claim 4. As per claim 15, the claim is analyzed with respect to claim 5. As per claim 16, Hawkins in view of Aissi, Williams and Kirovski discloses: The system of claim 12, wherein the one or more data resources are presented as a gallery of images and the raw data is data stored within the computer- readable memory prior to generation of the images associated with the gallery of images (Williams para 0026-0030, The motivation would have been to generate and store raw data for selection in order to create a secure method of image selection). As per claim 17, the claim is analyzed with respect to claim 7. As per claim 19, the claim is analyzed with respect to claim 9. As per claim 20, the claim is analyzed with respect to claim 10. As per claim 21, the claim is analyzed with respect to claim 11. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached at 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GARY S GRACIA/Primary Examiner, Art Unit 2499