CTFR 18/671,659 CTFR 88883 DETAILED ACTION Notice of Pre-AIA or AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. 12-151 AIA 26-51 12-51 Status of Claims Claims 1-7, 9-15 are pending, of which claims 12-14 are withdrawn. Claim 8 is cancelled. Claim Rejections - 35 USC § 103 07-20-aia AIA The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 07-21-aia AIA Claim (s) 1-2, 9, 11, 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zheng (WO 2016/101153), and further in view of Leavy et al (PGPUB 2020/0259640) . Regarding Claim 1: Zheng teaches an apparatus for a user equipment, the apparatus comprising: at least one processor ([0019] processor) ; and at least one memory storing instructions that, when executed by the at least one processor, cause the apparatus at least to perform ([0019] memory including code) : encrypting a digital asset using a first key to form an encrypted digital asset ([0082] each user can store data at the cloud service provider (CSP) in a secure way; in this regard, it is assumed that the user (denoted as u1) would like to save its data (denoted as M) at the CSP, and then at 204, u1 encrypts the data M for privacy and security protection with a randomly selected symmetric key DEK_u1 to get a ciphertext of the data M (denoted as CT_u1), by calling an algorithm Encrypt (DEK_u1, M); then, at 206, it encrypts DEK_u1 with a public key of identity attribute (denoted as PK (ID, u1) ) of the user u1, by calling an algorithm EncryptKey (DEK_ u1, A, PK_ (ID, u1) ) to get a cipherkey (denoted as CK_u1) of the DEK_u1; as described above, PK (ID, u1) is generated from the key SK_u1 according to a data policy of the user u1, by calling an algorithm CreateIDPK (ID, SK_u1); the user u1 can calculates a hash code of the data M as H (M), and further sign it with SK’_u1 as Sign (H (M) , SK’_u1); the hash code H (M) can be utilized as an index of the data M in the data storage service among the users (such as u1 and u2) and the CSP) ; providing the encrypted digital asset and an index for the encrypted digital asset to a first network function ([0082] then, at 206, u1 sends the ciphertext CT_u1 and the cipherkey CK_u1 to the CSP for storage of data M; the associated H (M) and Sign (H (M) , SK’_u1) can also be sent to the CSP for identifying the data M; the access policy A for the data M can be public or can be sent to the CSP together with the CT_u1 and CK_u1; in some embodiments, the Cert (PK_u1) and Cert (PK’_u1) can also be sent to the CSP together with the CT_u1 and CK_u1; this parameters, keys and data may be sent to the CSP via one data package denoted as DP1 containing the CT_u1, A, CK_u1, H (M), Sign (H (M) , SK’_u1), Cert (PK_u1), Cert (PK’_u1)) ; and providing an identification of the encrypted digital asset to a first entity ([0086] the user u1 may firstly verify an eligibility of the user u2 for data holding and storage at a third party; for example, the eligibility of the user u2 may be verified by checking an identifier of the user u2 or the Cert (PK_u2); if verification is positive, the user u1 generates a secret attribute key SK_ (ID, u1,u2) by calling IssueIDSK (ID, SK_u1, PK_u2), at 218; then, the user u1 can issue the secret attribute key to the user u2 (for example by using a secure channel or PKC) at 220, in order to allow the user u2 to access the data stored by the user u1 at the cloud; [0087] at this moment, both the user u1 and the user u2 can access the same data M saved at the CSP freely, as illustrated at steps 228 and 226; in this regard, the user u1 can use the key DEK_u1 to decrypt the CT_u1 directly, while the user u2 can get to know the DEK_u1 by calling an algorithm DecryptKey (CK_u1, A, SK_u2, SK_ (ID, u1, u2) ) to decrypt the CK_u1, and in turn decrypt the CT_u1 with decrypted DEK_u1) . Zheng does not explicitly teach generating the first key by inputting a third key into a first key derivation function, wherein the third key is determined during a primary authentication process. However, Leavy teaches the concept of generating a first key by inputting a third key into a first key derivation function, wherein the third key is determined during a primary authentication process ([0074]-[0076] preparing the encrypted first transmission key and the second public handshake key (PK.sub.HSK_B) for transmission includes generating a signature of at least the encrypted first transmission key and the second public handshake key (PK.sub.HSK_B) and encapsulating the encrypted first transmission key and the second public handshake key (PK.sub.HSK_B), along with the signature, in a packet; according to some examples, Bob's secure collaboration application also derives a first stream identifier and a fourth handshake key pair; the first stream identifier and fourth public handshake key may also be used in generating the signature and encapsulated in the packet transmitted to Alice's secure collaboration application; in still further examples, Bob's secure collaboration application may generate a first nonce (i.e. “third key”) to be used in a key advancement algorithm; as will be discussed in greater detail below, the first nonce is a salt that Alice's secure collaboration application may use to generate new keys to decrypt Bob's stream; the first nonce may also be used to generate the signature; the first nonce may also be encapsulated in the packet along with the information discussed above; in some examples, the first stream identifier and the first nonce may encrypted using the first KEK; Alice's secure collaboration application receives the packet containing at least the encrypted first transmission key (TX.sub.Bob) and the second public handshake key (PK.sub.HSK_B) and verifies the signature of the packet; when the signature is valid, Alice's secure communication application decrypts the received packet, in block 726, to obtain the information contained therein; the information may include at least one of the first receiver's (Bob's) transmission key (TX.sub.Bob), second public handshake key (PK.sub.HSK_B), the first stream identifier, the fourth public handshake key, and the first nonce; [0088] KDF 910 is a hash-based key derivation function (HKDF) to create cryptographically strong key material; KDF 910 typically has three inputs and one output; the first input and the second input receive cryptographic material used to derive the key material; as illustrated in FIG. 9, the first input receives a previous encryption key (K.sub.cipheri-1) and the second input receives a salt (K.sub.evol-1), such as the nonce value established during the three-way handshake) . It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the first key derivation function teachings of Leavy with the digital asset encryption teachings of Zheng, in order to add additional factors of randomness into generation of a key for file encryption, increasing the overall entropy of an encryption key, thereby improving the security environment. Regarding Claim 2: Zheng in view of Leavy teaches an apparatus as claimed in claim 1. In addition, Zheng teaches wherein the providing the identification of the encrypted digital asset comprises providing the first entity with a first identifier and at least one document identifier for identifying a document comprised in the encrypted digital asset ([0086] the user u1 generates a secret attribute key SK_ (ID, u1,u2) (i.e. “first identifier”) by calling IssueIDSK (ID, SK_u1, PK_u2), at 218; then, the user u1 can issue the secret attribute key to the user u2 (for example by using a secure channel or PKC) at 220, in order to allow the user u2 to access the data stored by the user u1 at the cloud; [00100] the encrypted DEK_u1 (i.e. “document identifier”) can be sent from the user u1 to the user u2 directly in a secure way) . Regarding Claim 9: Zheng in view of Leavy teaches an apparatus as claimed in claim 1. In addition, Leavy teaches the generating further comprising inputting a random value and/or counter value into the first key derivation function ([0088] FIG. 9 shows a key derivation function (KDF) 910 connected to counter 920 and memory 930; KDF 910 is a hash-based key derivation function (HKDF) to create cryptographically strong key material; KDF 910 typically has three inputs and one output; the first input and the second input receive cryptographic material used to derive the key material; as illustrated in FIG. 9, the first input receives a previous encryption key (K.sub.cipheri-1) and the second input receives a salt (K.sub.evol-1), such as the nonce value established during the three-way handshake) . The rationale to combine Zheng and Leavy is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 9. Regarding Claim 11: Zheng in view of Leavy teaches an apparatus as claimed in claim 1. In addition, Zheng teaches wherein the identification comprises the index (([0082] then, at 206, u1 sends the ciphertext CT_u1 and the cipherkey CK_u1 to the CSP for storage of data M; the associated H (M) and Sign (H (M) , SK’_u1) can also be sent to the CSP for identifying the data M; the access policy A for the data M can be public or can be sent to the CSP together with the CT_u1 and CK_u1; in some embodiments, the Cert (PK_u1) and Cert (PK’_u1) can also be sent to the CSP together with the CT_u1 and CK_u1; this parameters, keys and data may be sent to the CSP via one data package denoted as DP1 containing the CT_u1, A, CK_u1, H (M), Sign (H (M) , SK’_u1), Cert (PK_u1), Cert (PK’_u1)); EXAMINER’S NOTE: any of the transmitted values can be considered the index, with the exception of the ciphertext, e.g. CK_u1 ; [00100] the encrypted DEK_u1 (i.e. CK_u1) can be decrypted by the user u2, by calling an algorithm DecryptKey (CK_u, A, SK_u’ , SK_ (ID, u, u’ ) ) . In this example, the encrypted DEK_u1 can be sent from the user u1 to the user u2 directly in a secure way) . Regarding Claim 15: Zheng in view of Leavy teaches an apparatus as claimed in claim 1. In addition, Zheng teaches wherein the index comprises a random value, a counter value, and/or a key ([0082] this parameters, keys and data may be sent to the CSP via one data package denoted as DP1 containing the CT_u1, A, CK_u1, H (M), Sign (H (M) , SK’_u1), Cert (PK_u1), Cert (PK’_u1)); EXAMINER’S NOTE: any of the provided parameters, with the exception of CT_u1 (i.e. the cyphertext) can be considered the index, such as cipherkey CK_u1 ) . 07-21-aia AIA Claim (s) 3-4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zheng in view of Leavy, and further in view of Cole et al (GB 2472531) . Regarding Claim 3: Zheng in view of Leavy teaches an apparatus as claimed in claim 2. Neither Zheng nor Leavy explicitly teaches wherein the first identifier comprises a subscriber identifier However, Cole teaches the concept wherein a first identifier comprises a subscriber identifier ([page 33 line 31-page 34 line 11] the information service receiver and organizer 190 will determine from the information within the information service whether that music track is available to be downloaded to the user's PC 26. If so, the information service GUI displayed to the user will provide a suitable link to allow the user to purchase the music track via their receiving device; when a user selects to purchase an available music track, the purchase controller 168 composes a purchase request, which is transmitted by the receiving device's telecommunications transmitter 170 to the music library 82; the purchase request is made via the GPRS back channel and comprises data (an encrypted International Mobile Equipment Identity (IMEI) and a Mobile Subscriber Integrated Services Digital Network Number (MSISDN) (i.e. “global public subscriber identifier”) ) which identifies the receiving device 24, i.e. the MSISDN of the receiving device making the request, and a purchase ID for the requested music track) . It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the subscriber identifier teachings of Cole with the digital asset encryption teachings of Zheng in view of Leavy, with the benefit of linking identifiers to specific user devices, allowing for the distribution of shared files to specific devices and groups, thereby providing the benefit of remote file sharing while limiting piracy and other forms of unauthorized file distribution. Regarding Claim 4: Zheng in view of Leavy and Cole teaches the apparatus as claimed in claim 3. In addition, Cole teaches wherein the first identifier comprises a global public subscriber identifier ([page 33 line 31-page 34 line 11] the information service receiver and organizer 190 will determine from the information within the information service whether that music track is available to be downloaded to the user's PC 26. If so, the information service GUI displayed to the user will provide a suitable link to allow the user to purchase the music track via their receiving device; when a user selects to purchase an available music track, the purchase controller 168 composes a purchase request, which is transmitted by the receiving device's telecommunications transmitter 170 to the music library 82; the purchase request is made via the GPRS back channel and comprises data (an encrypted International Mobile Equipment Identity (IMEI) and a Mobile Subscriber Integrated Services Digital Network Number (MSISDN) (i.e. “global public subscriber identifier”) ) which identifies the receiving device 24, i.e. the MSISDN of the receiving device making the request, and a purchase ID for the requested music track) . The rationale to combine Zheng and Cole is the same as provided for claim 3 due to the overlapping subject matter of claims 3 and 4 . 07-21-aia AIA Claim (s) 5-7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zheng in view of Leavy, and further in view of Guo et al (PGPUB 2025/0184726) and Matthews (US 10,892,999) . Regarding Claim 5: Zheng in view of Leavy teaches an apparatus as claimed in claim 2. Neither Zheng nor Leavy explicitly teaches wherein the at least one memory further causes the apparatus to perform: generating the first identifier by: inputting an authentication key into a second key derivation function. However, Guo teaches the concept of generating a first identifier by: inputting an authentication key into a second key derivation function ([0007] derive a first pre-shared key based on a first root key, a first Internet protocol address… and a second Internet protocol address) . It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the key derivation function teachings of Guo with the digital asset encryption teachings of Zheng in view of Leavy, in order to add additional factors of uniqueness into generation of an identifier, increasing the overall entropy of an identification element, resulting in a reduction in the possibility of identifier collisions (i.e. that two elements have the same identifier), as well as linking the identifier to an authentication element (e.g. key), thereby improving the security environment. Neither Zheng nor Leavy nor Guo explicitly teaches combining an output of the second key derivation function with an identifier of a user of the user equipment to form the first identifier. However, Matthews teaches the concept of combining an output of a second key derivation function with an identifier of a user of a user equipment to form a first identifier ([col 2 line 41-col 3 line 11] … creating an assistance identifier for the gateway that adheres to a predefined format; the hash function may use a combination of a virtual network identifier for the virtual network that belongs to the customer, a preshared key (PSK), a user name, a date or time, and/or a domain name to create a unique hash that adheres to the predefined format) . It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the key derivation function teachings of Matthews with the digital asset encryption teachings of Zheng in view of Leavy and Guo, in order to add additional factors of uniqueness into generation of an identifier, increasing the overall entropy of an identification element, resulting in a reduction in the possibility of identifier collisions (i.e. that two elements have the same identifier), as well as linking the identifier to an authentication element (e.g. key, user name, domain name, etc.), thereby improving the security environment. Regarding Claim 6: Zheng in view of Leavy, Guo, and Matthews teaches an apparatus as claimed in claim 5. In addition, Matthews teaches wherein the combining comprises combining the output of the second key derivation function with the identifier of the user and an identifier of an administrative domain to which the user is registered ([col 2 line 41-col 3 line 11] … creating an assistance identifier for the gateway that adheres to a predefined format; the hash function may use a combination of a virtual network identifier for the virtual network that belongs to the customer, a preshared key (PSK), a user name, a date or time, and/or a domain name to create a unique hash that adheres to the predefined format) . The rationale to combine Zheng and Matthews is the same as provided for claim 5 due to the overlapping subject matter between claims 5 and 6. Regarding Claim 7: Zheng in view of Leavy, Guo, and Matthews teaches an apparatus as claimed in claim 5. In addition, Leavy teaches wherein the at least one memory further causes the apparatus to perform: determining that a flag has been set to indicate that the first identifier is to be generated by inputting the [parameter] into the first key derivation function prior to the inputting of the [parameter] into the second key derivation function ([0068] the call initiator and the first receiver may set parameters (i.e. “flags”) for when the transmission and receiving keys should be updated; these parameters may include updating the keys after a predetermined number of packets, after a predetermined time, when a new user enters an ongoing communication, when a member leaves the communication, etc.; [0088] FIG. 9 shows a key derivation function (KDF) 910 ( i.e. “second key derivation function” ) connected to counter 920 and memory 930; KDF 910 is a hash-based key derivation function (HKDF) to create cryptographically strong key material; KDF 910 typically has three inputs and one output; the first input and the second input receive cryptographic material used to derive the key material; as illustrated in FIG. 9, the first input receives a previous encryption key (K.sub.cipheri-1) and the second input receives a salt (K.sub.evol-1), such as the nonce value established during the three-way handshake; typically, the previous encryption key is either a transmission key or a receiving key established during the three-way handshake described above ( i.e. “first key derivation function” ); in operation, the transmission key and the receiving key may be updated concurrently using the techniques described herein in response to an external trigger, such as counter 920) ; and Guo teaches wherein the parameter is the authentication key ([0007] derive a first pre-shared key based on a first root key, a first Internet protocol address… and a second Internet protocol address) . The rationale to combine Zheng and Leavy is the same as provided for claim 1, due to the overlapping subject matter between claims 1 and 7. The rationale to combine Zheng and Gui is the same as provided for claim 5 due to the overlapping subject matter between claims 5 and 7 . 07-21-aia AIA Claim (s) 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zheng in view of Leavy, and further in view of Adams (PGPUB 2024/0289856) . Regarding Claim 10: Zheng in view of Leavy teaches an apparatus as claimed in claim 1. Neither Zheng nor Leavy explicitly teaches wherein the providing the identification comprises providing the identification with a session establishment request. However, Adams teaches the concept wherein providing identification comprises providing the identification with a session establishment request ([abstract] first client device detects a light signal transmitted by the light emitter in the video data; the first client device extracts a handshake identifier from the light signal by decoding the light signal; a machine learning model may be used to translate the light signal into a numerical or an alphanumerical identifier; the first client device established a communication session with the other client device by transmitting a request to establish the communication session via an online concierge system; the request contains the extracted handshake identifier) . It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the session establishment request teachings of Adams with the digital asset encryption teachings of Zheng in view of Leavy, in order to improve the security of file/data transfers by establishing a connection using with identification data, thereby allowing the ends of the connection to be more confident that the opposing party is authorized . Response to Arguments 07-37 AIA Applicant's arguments filed 2/26/2026 have been fully considered but they are not persuasive. Regarding the rejection of claims under 35 USC 112(b): Applicant’s amendments have overcome the 35 USC 112(b) rejection(s), which are therefore withdrawn. Regarding the rejection of claims under 35 USC 102/103: Examiner’s response to applicant’s arguments, page 7 paragraph 4-page 8 paragraph 1: However, Leavy does teach generating an encryption key using a third key determined during a primary authentication process. Leavy teaches distributing a nonce during a handshaking procedure during which signatures are verified (i.e. primary authentication process), and using the nonce in a key generator to generate keys (e.g. [0074]-[0076], [0088]). Applicant’s remaining arguments relate to the other prior art of record fail to cure the deficiencies of Zheng in view of Leavy; however, as shown above, Zheng and Leavy teach all of the elements of claim 1. Conclusion 07-40 AIA Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL . See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Korzuch can be reached at (571) 272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /FORREST L CAREY/Examiner, Art Unit 2491 /WILLIAM R KORZUCH/Supervisory Patent Examiner, Art Unit 2491 Application/Control Number: 18/671,659 Page 2 Art Unit: 2491 Application/Control Number: 18/671,659 Page 3 Art Unit: 2491 Application/Control Number: 18/671,659 Page 4 Art Unit: 2491 Application/Control Number: 18/671,659 Page 5 Art Unit: 2491 Application/Control Number: 18/671,659 Page 6 Art Unit: 2491 Application/Control Number: 18/671,659 Page 7 Art Unit: 2491 Application/Control Number: 18/671,659 Page 8 Art Unit: 2491 Application/Control Number: 18/671,659 Page 9 Art Unit: 2491 Application/Control Number: 18/671,659 Page 10 Art Unit: 2491 Application/Control Number: 18/671,659 Page 11 Art Unit: 2491 Application/Control Number: 18/671,659 Page 12 Art Unit: 2491 Application/Control Number: 18/671,659 Page 13 Art Unit: 2491 Application/Control Number: 18/671,659 Page 14 Art Unit: 2491