DETAILED ACTION
This Non Final Office Action is in response to Request for Continued Examination filed on 12/15/2025. Claims 1, and 4-5 have been amended. Claim 6 was previously cancelled. Claims 1-5 and 7-9 filed on12/15/2025 remain pending in the application.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 12/07/2023 are accepted.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/15/2025 has been entered.
Response to Arguments filed on 12/15/2025
Applicant's arguments filed 12/15/2025 have been fully considered but they are not persuasive. The below remarks are similar to the remarks filed on 06/30/2025 and are repeated below.
Applicant stated in Pages 7 “the Office Action relies on Fig. 2, item 32, of Pauker for the claimed acquiring of "a public key corresponding to identification information about a recipient of the message" (Office Action, p. 5). However, item 32 of Fig. 2 of Pauker merely describes "sender obtains PKE public key of recipient." Moreover, the corresponding description in Pauker' s specification merely describes that at "step 32, a sender may obtain the PKE public key of a desired recipient. For example, the sender may obtain the PKE public key of a desired recipient from a public database over communications network 14'' (Pauker, col. 8, 11. 64-67). Thus, in these descriptions of Pauker there is no actual disclosure of "identification information"…”
Examiner respectfully disagrees. Examiner asserts that Pauker discloses two schemes to support the secure messaging, the PKE and IBE schemes illustrated in Figures 2 and 3, respectively. As discussed in details in the pertinent paragraphs below,
1) the PKE scheme relies on the digital certificate to ensure that a received unique public key of a recipient is actually the public key of the intended recipient. Therefore, the digital certificate is construed as a validation and authentication information that identifies who the public key belongs to. The unique private key associated with intended recipient is also associated with the digital certificate associated with the unique public key of the recipient.
2) the IBE scheme relies on the identification information of the recipient to obtain the unique recipient’s public key, where the public key is acquired from identification information, e.g. mailing address, and other policy information (e.g., validity period, security level, subscription level, content rating, geographic region, etc.), where the public key is constructed based on identification information, and other policy information, therefore, the public key is different from the identification information. The unique recipient’s private key is also based on the aforementioned identification information. This is explicitly disclosed in e.g. Col. 12 line 41-50 “With this approach, security clearance level information may be concatenated or otherwise added to each user's email address when forming the public keys Q”
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-2, 4-5 and 7-9 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Pauker et. al. (US 7266847 B2).
Regarding Claim 1 (Currently Amended), Pauker teaches a communication system (Pauker e.g. Figure 1) comprising:
a user terminal that transmits and receives a message (Pauker Figure 1 sender recipient B 12, where senders and recipients are individuals exchanging messages, therefore an entity in Figure 1 12 can be a sender and a recipient when exchanging messages, Col. 5 line 26-31 “The present invention is sometimes described in connection with system environments in which the senders and recipients are individuals. In general, however, senders and recipients may be individuals, groups of individuals, organizations, parts of organizations, or any other suitable parties or entities that exchange messages”); and
a server device that manages a public key and a private key (Pauker Figure 1 Decryption Service and Private key service 22-26 Col. 6 line 52-56 “Various computing devices may be used in system 10. For example, computing equipment may be used to implement the functions of a server or other computer equipment at each IBE private key generator 16, at each PKE private key store 26, at decryption service 22, etc.”, where the computing device implementing the functions of Decryption Service and Private key service 22-26 corresponds to the server device), wherein the user terminal includes:
first processing circuitry configured to:
when transmitting the message to another user terminal, acquire a public key corresponding to identification information about a recipient of the message, and encrypt the message or a file attached to the message, using the acquired public key, the identification information being other than the public key (Pauker Figure 2 32, using the PKE scheme, where the sender obtains the PKE public key of the recipient, where the public key is verified to belong to the intended recipient by use of a certificate, which identifies and authenticates that the public key is for the intended recipient, as disclosed in Col. 1 line 27-45 “One public-key cryptographic system that is in use is the RSA cryptographic system. Each user in this system has a unique public key and a unique private key…To ensure the authenticity of the public key and thereby defeat possible man-in-the-middle attacks, the public key may be provided to the sender with a certificate signed by a trusted certificate authority. The certificate may be used to verify that the public key belongs to the intended recipient of the sender's message. Public key encryption systems such as the RSA system that use this type of traditional approach are referred to herein as PKE cryptographic systems…The recipient can obtain the private key from a private key generator associated with the recipient.”, Col. 7 line 61-67 “Certificate authorities may create digital certificates that help to verify the identities of certain parties. Digital signatures (e.g., signatures from a certificate authority or other entity that use private keys and that can be verified using matching public keys) may be used to ensure that a message or other signed information is associated with a particular party.”, where the certificate authenticates the public key to be associated with a particular party and links it to the private key of the particular party, in a different implementation, i.e. IBE scheme in Figure 3 42, disclosed by Pauker, where a public key corresponding to identification information about a recipient is acquired, where the public key is acquired by using the identification information with other information/parameters to form a unique public key that is other that the identification information, as disclosed in Col. 12 line 41-50 “With this approach, security clearance level information may be concatenated or otherwise added to each user's email address when forming the public keys Q (i.e., Q=joe@navy.com|top_secret, etc.). These approaches are merely illustrative of the ways in which policy-based criteria may be added to a user identity such as a user email address when forming the IBE public key for each user (e.g., the Q for each user). Any suitable approach for forming IBE public keys based on user identity information and additional criteria may be used if desired.”, Col. 12 90-67 and Col. 13 line 1-14 “… a sender desiring to send an IBE-encrypted message may have information sufficient to construct the IBE public key Q of the intended message recipient. This information may include information on an individual recipient's identity (e.g., an email address), information on how to construct the IBE public key Q from suitable access policy information (e.g., validity period, security level, subscription level, content rating, geographic region, etc.), or any other suitable identity information and/or generally-applicable access policy information that specifies which parties are allowed to access the contents of the message and under what conditions such access is permitted. The sender may obtain the IBE public parameter information from a recipient, from a directory, from IBE private key generator 16, from an IBE public parameter host service, or from any other suitable entity in system 10.”);
transmit, to the another user terminal, [[a]] an encrypted message obtained by encrypting the message or the file attached to the message (Pauker Figure 2 34-36 or Figure 3 44-46); and
when receiving the encrypted message from the another user terminal, request the server device to decrypt the encrypted message or the file attached to the encrypted message, and receive [[the]] a decrypted message or file from the server device (Pauker Col. 2 line 25-35 “…recipients can upload the encrypted content to a remote decryption service over the Internet. The decryption service can decrypt the encrypted message content for the recipient and can provide the recipient with access to the decrypted message content over the Internet. The recipient can, for example, be provided with a web page in which the decrypted content is display or may be provided with a list of URLs that can be used to download the decrypted content to the recipient's equipment.”, further disclosed in Col. 10 line 18-25 “In an environment in which a message is decrypted remotely, a decryption engine 20 with IBE capabilities may obtain and use a recipient's IBE private key for use in decrypting the message at a remote decryption service 22. For example, the decryption service 22 may obtain the IBE private key for recipient B (who does not have the ability to run IBE decryption engine 20 locally) and may then use that IBE private key to decrypt content for recipient B.”),
and the server device includes (Pauker Figure 1 Decryption Service 22):
second processing circuitry configured to:
generate a private key corresponding to the identification information about the recipient of the message (Pauker Figure 1 22-26 Col. 6 line 14-21 “One or more services such as private key service 24 may be used to provide private keys. A private key service may include one or more IBE private key generators such as IBE private key generator 16 for generating IBE private keys. PKE private keys may be generated using one or more PKE private key generators. After private keys are generated, they may be stored in a PKE private key store such as PKE private key store 26 at key service 24.”, Col. 1 line 27-45 “One public-key cryptographic system that is in use is the RSA cryptographic system. Each user in this system has a unique public key and a unique private key…To ensure the authenticity of the public key and thereby defeat possible man-in-the-middle attacks, the public key may be provided to the sender with a certificate signed by a trusted certificate authority. The certificate may be used to verify that the public key belongs to the intended recipient of the sender's message. Public key encryption systems such as the RSA system that use this type of traditional approach are referred to herein as PKE cryptographic systems…The recipient can obtain the private key from a private key generator associated with the recipient.”, Col. 7 line 61-67 “Certificate authorities may create digital certificates that help to verify the identities of certain parties. Digital signatures (e.g., signatures from a certificate authority or other entity that use private keys and that can be verified using matching public keys) may be used to ensure that a message or other signed information is associated with a particular party.”, where the certificate authenticates the public key to be associated with a particular party and links it to the private key of the particular party, in a different implementation, i.e. IBE scheme, disclosed by Pauker, where a private key is generated based on the user’s identity, as disclosed in Col. 12 line 9-13 “ Each IBE private key generator generally has multiple associated users. An IBE private key generator may generate an IBE private key for each of its associated users based on the IBE public keys (the Q's) of each of these users (e.g., based on the users' identities).”); and
when receiving a request for decryption of the message or the file attached to the message from the user terminal, decrypt the encrypted message or the file attached to the message using the private key generated, and transmit [[the]] a decrypted message or file to the user terminal that has made the request for decryption, the decrypted message corresponding to the encrypted message (Pauker Col. 2 line 25-35 “…recipients can upload the encrypted content to a remote decryption service over the Internet. The decryption service can decrypt the encrypted message content for the recipient and can provide the recipient with access to the decrypted message content over the Internet. The recipient can, for example, be provided with a web page in which the decrypted content is display or may be provided with a list of URLs that can be used to download the decrypted content to the recipient's equipment.”, further disclosed in Col. 10 line 18-25 “In an environment in which a message is decrypted remotely, a decryption engine 20 with IBE capabilities may obtain and use a recipient's IBE private key for use in decrypting the message at a remote decryption service 22. For example, the decryption service 22 may obtain the IBE private key for recipient B (who does not have the ability to run IBE decryption engine 20 locally) and may then use that IBE private key to decrypt content for recipient B.”).
Claims 4-5 recite similar limitations to claim 1, therefore rejected with the same rationale applied to claim 1.
Regarding Claim 2 (Currently Amended), Pauker teaches the communication system according to claim 1, wherein the first processing circuitry is further configured to perturb the message or the file attached to the message encrypted (Pauker Col. 8 line 24-42 “To enhance the efficiency of the IBE and PKE decryption and encryption processes, "two-step" decryption techniques may be used in which a message key (e.g., a symmetric message key) is used to encrypt the contents of a message prior to transmission to the recipient. Public key encryption may then be used to encrypt the symmetric message key. The message that is sent from the sender to the recipient contains the IBE-encrypted or PKE-encrypted message key and the message-key-encrypted message contents. During decryption, the IBE private key or PKE private key corresponding to the public key that was used to encrypt the message key may be used to decrypt the message key. The message key may then be used to decrypt the rest of the message. These two-step processes may be more efficient than "pure" or "single step" encryption algorithms in which the PKE or IBE algorithm alone is used to encrypt the entire message. Both types of approaches (and analogous multi-layer encryption approaches) are generally referred to herein as simply "IBE" or "PKE" or "public key" schemes for clarity.”, where perturbing the message is achieved by a two-step encryption).
Regarding claim 7 (New), Pauker teaches the communication system according to claim 1, wherein the identification information includes a mailing address of the recipient (Pauker Col. 12 90-67 and Col. 13 line 1-14 “… a sender desiring to send an IBE-encrypted message may have information sufficient to construct the IBE public key Q of the intended message recipient. This information may include information on an individual recipient's identity (e.g., an email address), information on how to construct the IBE public key Q from suitable access policy information (e.g., validity period, security level, subscription level, content rating, geographic region, etc.), or any other suitable identity information and/or generally-applicable access policy information that specifies which parties are allowed to access the contents of the message and under what conditions such access is permitted. The sender may obtain the IBE public parameter information from a recipient, from a directory, from IBE private key generator 16, from an IBE public parameter host service, or from any other suitable entity in system 10.”).
Claims 8-9 recite similar limitations to claim 7, therefore rejected with the same rationale applied to claim 7.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Pauker et. al. (US 7266847 B2), hereinafter Pauker in view of Gigov et. al. (US 20210374265 A1), hereinafter Gigov.
Regarding Claim 3 (Currently Amended), Pauker teaches the communication system according to claim 1.
Pauker does not explicitly disclose the policy information included in the message.
Gigov discloses wherein the first processing circuitry is further configured to encrypt the message or the file attached to the message, with policy information included in the message or the file, the policy information indicating a condition for allowing decryption (Gigov Abstract “…decrypting a file encryption key only when the attributes of the receiver access action satisfy the file access policy.”, Figure 5 illustrates policy 528 encrypted along with the file, [0150] “At 612, if the access policy 528 includes an expiry date 556 for the receiver's access to the file 126, a TEE decryption operation 560 of the receiver TEE 160 determines whether the expiry date has been reached. The receiver TEE 160 compares the current time and date according to a trusted clock 557 to the expiry date 556 included in the access policy 528.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pauker to incorporate the teaching of Gigov to utilize the above feature, with the motivation of providing granular access control using attribute based encryption by enforcing policy, as recognized by (Gigov Abstract [0001, 0007and throughout).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Nayshtut (US 20150281189 A1) discloses method and apparatus for cloud-assisted cryptography
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BASSAM A NOAMAN/Primary Examiner, Art Unit 2497