DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 2/5/2024, 2/9/2024, and 12/26/2024 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.
Response to Arguments
Applicant’s arguments, see page(s) 6, filed 2/26/2026, with respect to the rejection of claim(s) 1-9 under 35 USC 101 have been fully considered and are persuasive. The associated rejections to the listed claim(s) have been withdrawn.
Applicant's arguments, see pages 6, filed 2/26/2026, with respect to the rejection of claims 1, 3, 6, and 20 under 35 USC 112(a) have been fully considered but they are not persuasive.
The amended claims do not overcome the rejection. Where the claim 1 (and using similar language, claims 3, 6, and 20) recites, “one or more processors and a memory for implementing the decryption unit and the encryption unit …”, this does not grant sufficient structure to the decryption and encryption units. While a processor itself is structural, that it “implements” the said “units” does not convey its structure, as a function or program may be said to be “implemented” by a processor. This rejection is maintained.
Applicant's arguments, see pages 6, filed 2/26/2026, with respect to the rejection of claims 1, 3, 6, and 20 under 35 USC 112(b) have been fully considered.
Regarding the argument directed to claims 1, 3, 6, and 20:
The amended claims do not overcome the rejection for the same reasons as provided in answer regarding the rejection under 35 USC 112(a) above. This rejection is maintained.
Regarding the argument directed to claim 7:
This argument is persuasive. This rejection has been withdrawn.
Applicant’s arguments, see page 7, filed 2/26/2026, with respect to the rejection of claims 1, 2, 9-13, 18, and 19 under 35 USC 102(a)(2) have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made under 35 USC 103 in view of RAAM (Doc ID US 9760502 B2) and OBAIDI et al (Doc ID US 20210136569 A1).
Applicant’s arguments, see pages 7 and 8, filed 2/26/2026, with respect to the rejection of claims 3-8, 14-17, and 20 under 35 USC 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of RAAM (Doc ID US 9760502 B2) and OBAIDI et al (Doc ID US 20210136569 A1).
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are:
Claims 1 and 20:
“a decryption unit [means] configured to automatically decrypt the received data using a first key [function]”
“an encryption unit [means’ configured to automatically encrypt the scanned data using a second key [function]”
Claim 3:
“an authentication unit [means] configured to authenticate an account [function]”
Claim 6:
“a scan unit [means] configured to automatically scan the first password key decrypted data for malware and viruses [function]”
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may:
amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) (e.g., by reciting sufficient structure to perform the claimed function); or
present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f).
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
Claims 1-12 and 20 are rejected under 35 U.S.C. 112(a) as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Regarding claims 1, 3, 6, and 20:
Claim 1 and 20 limitations, “a decryption unit configured to automatically decrypt the data using a first password key …”, and “an encryption unit configured to automatically encrypt the first password key decrypted data …” lack sufficient written description in the claims. No specific physical structure of the “units” is explicitly described. Further, computer-implemented claims invoking 35 U.S.C. 112(f) require description of the algorithm or steps required to achieve the claimed functions.
Claim 3 limitation, “… an authentication unit configured to authenticate an account …” is similarly insufficient.
Claim 6 limitation, “… a scan unit configured to automatically scan the first password key decrypted data …” is similarly insufficient.
These rejections could be overcome by amending the claim language such that 35 U.S.C. 112(f) is not invoked for these limitations.
Regarding claims 2, 4, 5, and 7-12:
They are dependent on one or more rejected claims, and thus inherit those rejections. This rejection could be overcome by overcoming the rejection(s) to any claims upon which these claims depend, or by amending the claims such that they are no longer dependent on any rejected claim.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claims 1-12 and 20 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.
Regarding claims 1, 3, 6, and 20:
Claims 1 and 20 limitations, “a decryption unit configured to automatically decrypt the data using a first password key …”, and “an encryption unit configured to automatically encrypt the first password key decrypted data …”, invoke 35 U.S.C. 112(f). However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. No specific physical structure of the “units” is explicitly described. Further, computer-implemented claims invoking 35 U.S.C. 112(f) require description of the algorithm or steps required to achieve the claimed functions.
Claim 3 limitation, “… an authentication unit configured to authenticate an account …” is similarly insufficient.
Claim 6 limitation, “… a scan unit configured to automatically scan the first password key decrypted data …” is similarly insufficient.
Applicant may:
Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph;
Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:
Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Regarding claims 2, 4, 5, and 7-12:
They are dependent on one or more rejected claims, and thus inherit those rejections. This rejection could be overcome by overcoming the rejection(s) to any claims upon which these claims depend, or by amending the claims such that they are no longer dependent on any rejected claim.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 2, 9-13, 18, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over RAAM (Doc ID US 9760502 B2), and further in view of OBAIDI et al (Doc ID US 20210136569 A1).
Regarding claim 1:
RAAM teaches:
An apparatus for removably coupling to a data storage system, the apparatus comprising: a portable storage medium drive configured to read data from a portable storage medium (Col 24 lines 43-45 "SSD Controller 308 imports Encrypted-Formatted Data 312 from Flash Memory 306.");
a decryption unit configured to automatically decrypt the data using a first password key in response to having obtained the first password key (Fig 3B and col 24 lines 50 and 51 "Encrypted Compressed Data 330 is decrypted at Internal Decryption Layer 340". Examiner notes that Fig. 3B illustrates a key Ka used for decryption.);
an encryption unit configured to automatically encrypt the first password key decrypted data using a storage key in response to an availability of the first password key decrypted data (Col 24 lines 54-56 "Decrypted Data 326 is encrypted by Session Encryption Layer 344 using session encryption key K.sub.c …");
a storage interface configured to automatically transmit the storage key encrypted data to the data storage system in response to an availability of the storage key encrypted data; (Col 27 lines 40-42 "… the resulting encrypted data is provided (Provide Encrypted Data 511) to Host 102.") and
one or more processors and a memory for implementing the decryption unit and the encryption unit ((42) Col 15 lines 14-23 "CPU Core 172 is, according to various embodiments, one or more single-core or multi-core processors. ... For example, the instruction memory contains instructions to enable CPU Core 172 to execute programs ..."), and
OBAIDI teaches the following limitation(s) not taught by RAAM:
configured to automatically audit log the automatic decryption, the automatic encryption, and the automatic transmission of the data ([0029] "… The decentralized distributed ledger uses blockchain technology to store data file transaction events. ...The data file transaction events for a data file may include ... a transfer of the data file, an encryption of the data file, a decryption of the data file ... and/or so forth").
Decrypting received data, encrypting the data with a different key, and storing the encrypted data are known techniques in the art, as demonstrated by RAAM. Further, logging encryption, decryption, and transfer events for a data file are known techniques in the art, as demonstrated by OBAIDI. It would have been obvious to a person having ordinary skill in the art (PHOSITA) before the effective filing date of the claimed invention to modify the encrypted data transfer method of RAAM with the audit logging of OBAIDI with the motivation to provide a record of the various operations performed on the data so that the events can be backtracked to an originating event if necessary.
Regarding claim 2:
The combination of RAAM and OBAIDI teaches:
The apparatus of claim 1, wherein the portable storage medium is a CD, DVD, data drive or storage device (Col 8 lines 13 -16 "SSDs are compatible with … protocols used by magnetic and/or optical non-volatile storage, such as HDDs, CD drives, and DVD drives.").
Regarding claim 9:
The combination of RAAM and OBAIDI teaches:
The apparatus of claim 1, wherein the data storage system is coupled to the apparatus by a cable (RAAM Col 14 lines 10-13 "SSD Controller 100 is communicatively coupled … to a host .... External Interfaces 110 are one or more of: a SATA interface …").
Regarding claim 10:
The combination of RAAM and OBAIDI teaches:
The apparatus of claim 1, wherein the data storage system is coupled to the apparatus by a network (RAAM Col 14 lines 10-18 "SSD Controller 100 is communicatively coupled ... to a host .... External Interfaces 110 are one or more of: ... an Ethernet Interface (such as 10 Gigabit Ethernet); ... or any other type of interface used to interconnect storage and/or communications ...").
Regarding claim 11:
The combination of RAAM and OBAIDI teaches:
The apparatus of claim 1, wherein the decryption unit is a first decryption unit, the apparatus further comprising a second decryption unit configured to decrypt data received from the data storage system using the storage key (RAAM Col 27 lines 6-9 "During a write operation, the SSD Controller … (Receive Write Data 501) (e.g. from a host), and … (Decrypt Write Data 502) using exchanged encryption/decryption key K.sub.H …").
Regarding claim 12:
The combination of RAAM and OBAIDI teaches:
The apparatus of claim 11, wherein the encryption unit is a first encryption unit, the apparatus further comprising a second encryption unit configured to encrypt storage key decrypted data using a second password key (Col 27 lines 10-14 "The decrypted data is compressed .... The compressed data is encrypted (Encrypt Compressed Data 504) using an internal encryption key K.sub.B …") and
provide the second password key encrypted data to the portable storage medium drive (Col 27 lines 18-21 "The back-end encrypted data … stored (Store Modulated Data 507) in [non-volatile memory] …").
Regarding claims 13, 18, and 19:
These claims are rejected with the same justification, mutatis mutandis, as their counterpart claims 1, 11, and 12 above.
Claims 3, 8, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over RAAM (Doc ID US 9760502 B2) and OBAIDI et al (Doc ID US 20210136569 A1) as applied to claims 1 and 13 above, and further in view of BASKARAN et al (Doc ID US 20180053018 A1).
Regarding claim 3:
The combination of RAAM and OBAIDI teaches:
The apparatus of claim 1,
BASKARAN teaches the following limitation(s) not taught by the combination of RAAM and OBAIDI:
further comprising an authentication unit implemented with the one or more processors and memory and configured to authenticate an account by sending a verification code to a personal device of a user of the account ([0067] "Upon identification of the keys, at least one authentication message is transmitted to the at least one user device associated with at least one of the storage device and a user of the storage device, at 406.").
Authenticating a user prior to providing access to encrypted data is a known technique in the art, as demonstrated by BASKARAN. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the encrypted data transfer method of RAAM and OBAIDI with the user authentication of BASKARAN with the motivation to ensure that the user of the device is authorized to view the data which will be decrypted. It is obvious to authenticate the user via an authentication code sent to a device known to be in the possession of the authorized user.
Regarding claim 8:
The combination of RAAM and OBAIDI teaches:
The apparatus of claim 1,
BASKARAN teaches the following limitation(s) not taught by the combination of RAAM and OBAIDI:
further comprising a graphical user interface configured to receive the first password key ([0058[ "… the access layer 306 provides a user-interface to the user to perform all user level functions, for example, ... accessing data stored on the storage after successful authentication." and [0062] "... the key server 304 retrieves the stored random key corresponding to the storage device 104 and returns it to the access layer 306 (7).").
Utilizing a GUI for a data transfer device is a known technique in the art, as demonstrated by BASKARAN. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the encrypted data transfer method of RAAM and OBAIDI with the GUI of BASKARAN with the motivation to provide more oversight to the suer. It is obvious to provide a GUI which enables the user to see and interact with the data and encryption keys being used in the transfer.
Regarding claim 14:
This claim is rejected with the same justification, mutatis mutandis, as its counterpart claim 3 above.
Claims 4 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over RAAM (Doc ID US 9760502 B2), OBAIDI et al (Doc ID US 20210136569 A1), and BASKARAN et al (Doc ID US 20180053018 A1) as applied to claims 3 and 14 above, and further in view of NARAYANASWAMI (Doc ID WO 2009038826 A2).
Regarding claim 4:
The combination of RAAM, OBAIDI, and BASKARAN teaches:
The apparatus of claim 3,
NARAYANASWAMI teaches the following limitation(s) not taught by the combination of RAAM, OBAIDI, and BASKARAN:
further comprising memory, wherein the first password key is stored in the memory, the first password key is associated with a first account, and the first password key is retrieved after an authentication of the first account ([00106] "If ... the read biometric is authentic, the system then determines (step 206) whether a stored decryption key exists in a key storage location 66 .... A stored key is retrieved (step 208) and data in the data memory/storage device 50 is decrypted ...").
Providing a decryption key only after a successful authentication is a known technique in the art, as demonstrated by NARAYANASWAMI. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the encrypted data transfer method of RAAM, OBAIDI, and BASKARAN with the authenticated key access of NARAYANASWAMI with the motivation to maintain control over a decryption key until user authorization has been verified. It is obvious to maintain the key in memory, where it is not exposed to the authenticating user until the authentication is complete.
Regarding claim 15:
This claim is rejected with the same justification, mutatis mutandis, as its counterpart claim 4 above.
Claims 5 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over RAAM (Doc ID US 9760502 B2) and OBAIDI et al (Doc ID US 20210136569 A1) as applied to claims 1 and 13 above, and further in view of MARTIN et al (Doc ID US 20140237255 A1).
Regarding claim 5:
The combination of RAAM and OBAIDI teaches:
The apparatus of claim 1,
MARTIN teaches the following limitation(s) not taught by the combination of RAAM and OBAIDI:
wherein the storage key is obtained from the data storage system ([0038] "... the first encryption may include the trusted source using a key to encrypt ..., the second encryption technique includes using a key that is specific to a user of a computing device or to the computing device.").
Maintaining an encryption key at the destination for encrypted data is a known technique in the art, as demonstrated by MARTIN. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the encrypted data transfer method of RAAM and OBAIDI with the encryption key of MARTIN with the motivation to limit exposure of the cryptographic key and maintain it at the same location as the location of the data to be stored.
Regarding claim 16:
This claim is rejected with the same justification, mutatis mutandis, as its counterpart claim 5 above.
Claims 6, 7, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over RAAM (Doc ID US 9760502 B2) and OBAIDI et al (Doc ID US 20210136569 A1) as applied to claims 1 and 13 above, and further in view of CHAUBEY (Doc ID US 20220060456 A1).
Regarding claim 6:
The combination of RAAM and OBAIDI teaches:
The apparatus of claim 1,
CHAUBEY teaches the following limitation(s) not taught by the combination of RAAM and OBAIDI:
The apparatus of claim 1, further comprising a scan unit implemented with the one or more processors and memory and configured to automatically scan the first password key decrypted data for malware and viruses in response to an availability of the first password key decrypted data ([0029] "As shown by reference number 104, the network device decrypts the record." and [0034] "As shown by reference number 106, the network device inspects the decrypted record. ... For example, the network device may ... determine that the record does not include malicious code ...").
Automatically scanning decrypted data for malicious code is a known technique in the art, as demonstrated by CHAUBEY. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the encrypted data transfer method of RAAM and OBAIDI with the malicious code scan of CHAUBEY with the motivation to ensure that the data being transferred is safe prior to encrypting and storing it. It is obvious to conduct this scan after decrypting and before encrypting, which is when malicious code is most likely to be identified.
Regarding claim 7:
The combination of RAAM, OBAIDI, and CHAUBEY teaches:
The apparatus of claim 6, wherein the scanning is performed before the encrypting by the storage key encryption unit (CHAUBEY [0035] "As shown by reference number 108, the network device re-encrypts the record …").
Automatically scanning decrypted data for malicious code is a known technique in the art, as demonstrated by CHAUBEY. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the encrypted data transfer method of RAAM, OBAIDI, and CHAUBEY with the malicious code scan of CHAUBEY with the motivation to ensure that the data being transferred is safe prior to encrypting and storing it. It is obvious to conduct this scan after decrypting and before encrypting, which is when malicious code is most likely to be identified.
Regarding claim 17:
This claim is rejected with the same justification, mutatis mutandis, as its counterpart claim 6 above.
Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over RAAM (Doc ID US 9760502 B2), and further in view of CHAUBEY (Doc ID US 20220060456 A1) and OBAIDI et al (Doc ID US 20210136569 A1).
Regarding claim 1:
RAAM teaches:
An apparatus comprising: a component to receive data (Col 24 lines 43-45 "SSD Controller 308 imports Encrypted-Formatted Data 312 from Flash Memory 306.");
a decryption unit configured to automatically decrypt the received data using a first key (Fig 3B and col 24 lines 50 and 51 "Encrypted Compressed Data 330 is decrypted at Internal Decryption Layer 340". Examiner notes that Fig. 3B illustrates a key Ka used for decryption.);
an encryption unit configured to automatically encrypt the scanned data using a second key (Col 24 lines 54-56 "Decrypted Data 326 is encrypted by Session Encryption Layer 344 using session encryption key K.sub.c …");
a storage interface configured to automatically transmit the second key encrypted data to a data storage system (Col 27 lines 40-42 "… the resulting encrypted data is provided (Provide Encrypted Data 511) to Host 102."); and
one or more processors and a memory for implementing the decryption unit and the encryption unit ((42) Col 15 lines 14-23 "CPU Core 172 is, according to various embodiments, one or more single-core or multi-core processors. ... For example, the instruction memory contains instructions to enable CPU Core 172 to execute programs ..."), and
CHAUBEY teaches the following limitation(s) not taught by RAAM:
a scanner configured to automatically scan the first key decrypted data for malware and viruses ([0029] "As shown by reference number 104, the network device decrypts the record." and [0034] "As shown by reference number 106, the network device inspects the decrypted record. ... For example, the network device may ... determine that the record does not include malicious code ...");
Decrypting received encrypted data, re-encrypting the data, and storing the re-encrypted data are known techniques in the art, as demonstrated by RAAM. Further, automatically scanning decrypted data for malicious code is a known technique in the art, as demonstrated by CHAUBEY. It would have been obvious to a person having ordinary skill in the art (PHOSITA) before the effective filing date of the claimed invention to modify the encrypted data transfer method of RAAM with the malicious code scan of CHAUBEY with the motivation to ensure that the data being transferred is safe prior to encrypting and storing it. It is obvious to conduct this scan after decrypting and before encrypting, which is when malicious code is most likely to be identified.
OBAIDI teaches the following limitations not taught by the combination of RAAM and CHAUBEY:
configured to automatically audit log the automatic decryption, the automatic encryption, and the automatic transmission of the data ([0029] "… The decentralized distributed ledger uses blockchain technology to store data file transaction events. ...The data file transaction events for a data file may include ... a transfer of the data file, an encryption of the data file, a decryption of the data file ... and/or so forth").
Logging encryption, decryption, and transfer events for a data file are known techniques in the art, as demonstrated by OBAIDI. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the encrypted data transfer method of RAAM and CHAUBEY with the audit logging of OBAIDI with the motivation to provide a record of the various operations performed on the data so that the events can be backtracked to an originating event if necessary.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON BINCZAK whose telephone number is (703)756-4528. The examiner can normally be reached M-F 0800-1700.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571) 270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BB/Examiner, Art Unit 2437
/BENJAMIN E LANIER/Primary Examiner, Art Unit 2437