DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 7-10 and 12-16, are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Raghuram et al., USPN 2014/0089658.
With regard to claims 12 and 16, Raghuram discloses a method for distributing encrypted cryptographic data (0057) including receiving, by a key management service implemented on a hardware security module maintained by a first entity, from a first client device, a request for a first public key (customer public key 0041, 0046), generating, by the key management service, the first public key and a first private key corresponding to the first public key (“the key management server 106 may generate“ 0041), transmitting, by the key management service, to the first client device, the first public key (block 608, 0041), receiving, by the key management service, from an access control management system maintained by a second entity separate from the first entity (cloud service provider environment 0041), an encryption key encrypted with the first public key (blocks 620-624 0044-0045) and a request from a second client device (host computing device) for access to the encryption key encrypted with the first public key (0056), the second client device identified by the first client device and receiving (0056, 0037), from the first client device, a data object encrypted with the first public key (“the key management server 106 receives a symmetric key encrypted with the customer public key from the host computing device 148 (which may have been sent with the request)” 0056, 0052), decrypting, by the key management service, the encryption key encrypted with the first public key, with the generated first private key corresponding to the first public key (block 922 0057), encrypting, by the key management service, the decrypted encryption key, with a second public key received from the second computing device (block 924 0057), and transmitting, by the key management service, to the second client device, the encryption key encrypted with the second public key (block 926 0057).
With regard to claim 7, Raghuram discloses the method of claim 13, as outlined above, and further discloses authenticating a user by identification of the user known to the selected attestation module (0039, 0049).
With regard to claims 13 and 8, Raghuram discloses the method of claims 13 and 7, as outlined above, and further discloses receiving, by the key management service, from the access control management system, an indication that a user of the second client device has been authenticated by an identity provider (0039, 0056, 0062).
With regard to claims 14 and 9, Raghuram discloses the method of claims 13 and 7, as outlined above, and further discloses receiving, by the key management service, from the access control management system, an indication that a user of the second client device has been authorized, by the first client device, to receive access to the encryption key encrypted with the first public key (0039, 0056, 0062).
With regard to claims 15 and 10, Raghuram discloses the method of claims 13 and 7, as outlined above, and further discloses encrypting, by a key issue mechanism of the key management service, an encryption key generated by the first client device (0042) with the first public key (0044).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 11 and 16, are rejected under 35 U.S.C. 103 as being unpatentable over Raghuram.
With regard to claims 16 and 11, Raghuram discloses the method of claim 13, as outlined above, and further discloses securely transmitting, by a key management service, to the first client device. (“Additionally, in some embodiments, the symmetric key may not be generated on the customer computing device 102 but instead generated on another computing device and securely transmitted to the customer computing device 102“ 0042). Raghuram does not specifically disclose the encryption key encrypted with the first public key sent by the key management service. Raghuram does disclose that using a public key to encrypt something can maintain security (0035). It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to have the encryption key “generated on another computing device” of Raghuram be done on the key management service and sent using public key encryption, as taught by Raghuram, for the motivation of increased security, a stated motivation of Raghuram (0042).
Response to Arguments
Applicant's arguments filed 18 November 2025 have been fully considered, and are not fully persuasive.
Applicant has overcome the prior 112 rejection by amending claim 16, and the double patenting rejection by submitting a terminal disclaimer.
Applicant argues that Raghuram does not disclose a separation between the cloud service and key management server. The examiner points out that applicant is correct that, in paragraph 0031, Raghuram discloses, “the key management server 106 may be included in the cloud server provider environment 108”. The examiner further points out that Raghuram specifically states this is only in some embodiments and that it, “may be” included, thus is also may not be. Raghuram further discloses that an alternative to this is that the key management server can be controlled by a third-party authentication/certification provider.
Applicant further argues that Raghuram fails to teach the first client identifying the second. The examiner points out that the first client (customer computing device) sends the encrypted symmetric key directly to the cloud service provider environment 108 (0045), thus allowing the host of the cloud service to identify as a trusted second client, as outlined above.
References Cited
Chazalet et al., USPN 9,866,533, discloses using a public key to encrypt a transmitted encryption key (claim 1), but was not seen as reading on the instant claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB LIPMAN whose telephone number is (571)272-3837. The examiner can normally be reached 5:30AM-6:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached at 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JACOB LIPMAN/Primary Examiner, Art Unit 2434