DETAILED ACTION
This Non Final Office Action is in response to Application filed on 07/23/2024.
Claims 1-20 filed on 07/23/2024 are being considered on the merits.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings filed on 07/23/2024 are objected.
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 10/23/2024 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly an initialed and dated copy of Applicant's IDS form 1449 filed 10/23/2024 are attached to the instant Office action.
Specification
The disclosure is objected to because of the following informalities:
Paragraphs [0037-0043] in conjunction with Figure 1D disclose steps for validating a user key based on a usage limit. However, the paragraphs and Figure 1D seem to emphasize that a key is invalid and the requested operation is rejected when the following conditions are stratified:
the key’s ownership is correct (152),
requested operation is allowed (156),
“Not before” is true (158), and
“Not after” is true (160).
However, the key should be valid and the requested operation should be accepted when the above conditions is satisfied. This is consistent with:
The logical conclusion of allowing usage of a key for performing the operation when asserting that the key ownership is correct and allowing the requested operation.
the definition of “Not before” and “Not after” in the field and in [0002]
Appropriate correction is required.
Drawings
The drawings are objected to because: the (Yes and No) of the conditional blocks (152, 156, 158 and 160) should be reversed, consistent with the rationale discussed under the specification header. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Claim Objections
Claim objected to because of the following informalities:
Claim 10 recites “the AES key”, should be “the .
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 4, 6, 9 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Roth (US 20180167381 A1) in view of Murray (US 20190013936 A1) and Gonabal (US 20240160582 A1).
Regarding claim 1, Roth teaches an integrated circuit (Roth [0018] “…the cryptographic service and the trusted platform can both be included in provider environment 106”) comprising:
an input/output interface configured to receive inputs including plaintext user keys, metadata, [and revocation bits] (Roth discloses receiving keys K1, i.e. plaintext user keys, and metadata associated with K1 from database 232 in Figure 2, [0022] “K1 and other customer key information and/or security information such as metadata can be stored in at least one database 232 managed by the cryptographic service. When the customer makes a request to the cryptographic service calling a suspend API… in response to such a request, the cryptographic service creates a restore key, “K1_restore 244” or other such key in the account of the customer, where K1_restore 244 is used to encrypt K1 242 along with at least a portion of the metadata associated with K1 242 using any known cryptography.”, where the interface correspond to the interface receiving/transmitting from the database 232 and managed by the cryptographic service where both to be retrieved and encrypted, where plurality of keys and their associated metadata for different customers are stored as disclosed in e.g. [0018]);
cryptographic circuitry (Roth part of the cryptographic service performing the encryption on the K1 and metadata as disclosed in [0022]) configured to:
read a key from a first memory (Roth discloses in [0022] K1_restore 244 being created in a cryptographic service 230 and being used for encrypting K1);
encrypt the plaintext user keys based on the key to provide encrypted user keys (Roth [0022] discloses encrypting K1 using K1_restore 244 “…in response to such a request, the cryptographic service creates a restore key, “K1_restore 244” or other such key in the account of the customer, where K1_restore 244 is used to encrypt K1 242 along with at least a portion of the metadata associated with K1 242 using any known cryptography.”);
encrypt the metadata based on the key to provide encrypted metadata (Roth [0022] discloses encrypting the metadata using K1_restore 244 “…in response to such a request, the cryptographic service creates a restore key, “K1_restore 244” or other such key in the account of the customer, where K1_restore 244 is used to encrypt K1 242 along with at least a portion of the metadata associated with K1 242 using any known cryptography.”);
a processor configured to write the encrypted user keys, the encrypted metadata, the encrypted revocation bits, [[and the GCM tag]] to a second memory to provision the plaintext user keys (Roth discloses in [0022] encrypting K1 and associated metadata and exporting to the customer 102 via the provider environment 106 in Figure 1, where 106 is a different part, i.e. second memory, of the database 232 of the cryptographic service, where the integrated circuit is the circuit that includes all entities of the 106 and 136 as disclosed in [0018] “…the cryptographic service and the trusted platform can both be included in provider environment 106”, where the process is utilized (Examiner Note: intended use) to provision or ensure availability of a valid K1, according to its metadata, to perform cryptographic operations and access data, as disclosed in [0024] “…access data encrypted by K1”, where provider environment 106 includes a processing device to process requests, resources and data as disclosed in [0013-0014]).
Roth does not disclose the below limitation. Emphasis in italic.
Murray discloses compute a Galois/Counter Mode (GCM) tag based on the key; and a processor configured to write…the GCM tag to a second memory (Murray discloses in [0121] computing T.sub.FK utilizing AES/GCM, where the T.sub.FK is based on the wrapping key WK “As noted above, file-key FK is wrapped or encrypted using a symmetric wrapping-key WK to produce wrapped-file-key WFK. This encryption is again an authenticated encryption preferably utilizing AES/GCM. For this purpose, Eq. 1A above is adapted as follows:
ENC(WK, IV.sub.FK, FK, AAD)=WFK and T.sub.FK. Eq. 2A”,
where the [0111] “Authentication tag T.sub.FK, which is generated by authenticated encryption of file-key FK per Eq. 2A below, and is used later for verifying the integrity of WFK during authenticated decryption of Eq. 2B.”, [0157] “…process engine 122 performs an authenticated decryption of wrapped-file-key WFK attribute of file-metadata per Eq. 2B above by utilizing tag T.sub.FK also stored in file-metadata. If the authentication succeeds, then process engine 122 obtains the resulting file-key FK of the file. Otherwise, if the integrity check fails, an error is returned and the operation is aborted as shown again by error box 310.”, where T.sub.FK is stored in file-metadata for being used later, where the storage where T.sub.FK is stored is interpreted as the second memory).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth to incorporate the teaching of Murray to utilize the above feature, with the motivation of verification and integrity for provision of a file key, as recognized by (Murray [0111, 0157]).
Roth in view of Murray does not disclose the below limitation.
Gonabal discloses receiving revocation bits, encrypting revocation bits based on the key and writing the revocation bits (Gonabal [0022] “…another layer of security is introduced as the contents of the KRL are also encrypted. Therefore, to spoof a KRL, an attacker against an asset would need to both overcome the digital signature authentication of the KRL and be able to decrypt the contents of the KRL.”, [0039] “the KRL 304 can be encrypted to protect it from being spoofed. Additionally, the contents of the KRL 304 related to the potentially compromised key and the new key can also be encrypted, thus adding an additional layer of security to embodiments of the present disclosure. Furthermore, the KRL 304 can be digitally signed with a key such that the identity of the KRL 304 can be authenticated to ensure it hasn't been maliciously altered in any way”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray to incorporate the teaching of Gonabal to utilize the above feature, with the motivation of adding another security layer to the revocation key information against spoofing, as recognized by (Gonabal [0022]).
Regarding claim 4, Roth in view of Murray and Gonabal teaches the integrated circuit of claim 1, wherein the cryptographic circuitry has read-only access to the first memory (Roth discloses [0048] utilizing read-only memory ).
Regarding claim 6, Roth in view of Murray and Gonabal teaches the integrated circuit of claim 1, wherein the metadata describes a usage limit for the plaintext user keys (Roth [0032] “…time sensitive metadata can be included with the master key encrypted with the restore key such that an encrypted master key cannot be authenticated due to expired metadata after a defined period of time if the master key is not updated with a different encryption, such as by being encrypted under a different restore key.”).
Regarding claim 9, Roth in view of Murray and Gonabal teaches the integrated circuit of claim 1. Roth in view of Murray does not disclose but Gonabal wherein the revocation bits indicate a revocation status of each of the plaintext user keys (Gonabal [0021-0022] discloses status of a list of identifiers of potentially compromised to be revoked).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray to incorporate the teaching of Gonabal to utilize the above feature, with the motivation of adding another security layer to the revocation key information against spoofing, as recognized by (Gonabal [0022]).
Regarding claim 12, Roth teaches a system (Roth system illustrated in Figure 1) comprising: one or more processors; and at least one memory coupled to the one or more processors, the at least one memory including a set of instructions that, when executed by the one or more processors (Roth system includes processor and memory in Figure 5 and [0037]), cause the one or more processors to:
read a user key, metadata, [[and revocation bits]] from a non-volatile memory, wherein the user key, the metadata, and [[the revocation bits]] are encrypted (Roth discloses receiving keys K1, i.e. plaintext user keys, and metadata associated with K1 from database 232 in Figure 2, [0022] “K1 and other customer key information and/or security information such as metadata can be stored in at least one database 232 managed by the cryptographic service. When the customer makes a request to the cryptographic service calling a suspend API… in response to such a request, the cryptographic service creates a restore key, “K1_restore 244” or other such key in the account of the customer, where K1_restore 244 is used to encrypt K1 242 along with at least a portion of the metadata associated with K1 242 using any known cryptography.”, [0049-0050] indicate using non-volatile memory).
Roth does not disclose the below limitation. Emphasis in italic.
Murray discloses compute a first Galois/Counter Mode (GCM) tag based on the user key and the metadata using a symmetric key stored in a first memory; compare the first GCM tag to a second GCM tag stored in a second memory to provide a comparison and determine validity of the user key based on the comparison (Murray discloses in [0121] computing T.sub.FK utilizing AES/GCM, where the T.sub.FK is based on the wrapping key WK “As noted above, file-key FK is wrapped or encrypted using a symmetric wrapping-key WK to produce wrapped-file-key WFK. This encryption is again an authenticated encryption preferably utilizing AES/GCM. For this purpose, Eq. 1A above is adapted as follows:
ENC(WK, IV.sub.FK, FK, AAD)=WFK and T.sub.FK. Eq. 2A”,
where the [0111] “Authentication tag T.sub.FK, which is generated by authenticated encryption of file-key FK per Eq. 2A below, and is used later for verifying the integrity of WFK during authenticated decryption of Eq. 2B.”, [0157] “…process engine 122 performs an authenticated decryption of wrapped-file-key WFK attribute of file-metadata per Eq. 2B above by utilizing tag T.sub.FK also stored in file-metadata. If the authentication succeeds, then process engine 122 obtains the resulting file-key FK of the file. Otherwise, if the integrity check fails, an error is returned and the operation is aborted as shown again by error box 310.”, where T.sub.FK is stored in file-metadata for being used later, where the storage where T.sub.FK is stored is interpreted as the second memory, where T.sub.FK is computed based on Eq. 2A, which is based on FK, i.e. user key, metadata elements AAD (Ver and IV illustrated in Figure 3) and using WK, i.e. symmetric key, and if authentication is successful, then the file-key FK is obtained);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth to incorporate the teaching of Murray to utilize the above feature, with the motivation of verification and integrity for provision of a file key, as recognized by (Murray [0111, 0157]).
Roth in view of Murray does not disclose the below limitation.
Gonabal discloses read revocation bits from a non-volatile memory, wherein the revocation bits are encrypted and determine validity of the user key based on…a revocation status identified using the revocation bits (Gonabal [0022] “…another layer of security is introduced as the contents of the KRL are also encrypted. Therefore, to spoof a KRL, an attacker against an asset would need to both overcome the digital signature authentication of the KRL and be able to decrypt the contents of the KRL.”, [0039] “the KRL 304 can be encrypted to protect it from being spoofed. Additionally, the contents of the KRL 304 related to the potentially compromised key and the new key can also be encrypted, thus adding an additional layer of security to embodiments of the present disclosure. Furthermore, the KRL 304 can be digitally signed with a key such that the identity of the KRL 304 can be authenticated to ensure it hasn't been maliciously altered in any way”, where validation is determined as illustrated in e.g. Figure 4. Further in [0029]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray to incorporate the teaching of Gonabal to utilize the above feature, with the motivation of adding another security layer to the revocation key information against spoofing, as recognized by (Gonabal [0022]).
Regarding claim 13, Roth in view of Murray and Gonabal teaches the system of claim 12, wherein the metadata describes a usage limit for the user key, and wherein the user key is revoked if a usage of the user key is greater than or equal to the usage limit (Roth [0032] “…time sensitive metadata can be included with the master key encrypted with the restore key such that an encrypted master key cannot be authenticated due to expired metadata after a defined period of time if the master key is not updated with a different encryption, such as by being encrypted under a different restore key.”).
Claims 2 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Roth (US 20180167381 A1) in view of Murray (US 20190013936 A1) and Gonabal (US 20240160582 A1) and Wilson (US 20240056290 A1).
Regarding claim 2, Roth in view of Murray and Gonabal teaches the integrated circuit of claim 1.
Roth in view of Murray and Gonabal discloses in e.g. Murray [0220] “obscured keys may be randomly generated and then stored in HSM 530”, however, Roth in view of Murray and Gonabal do not explicitly disclose the key/wrapping key is randomly generated, however, Wilson discloses further comprising a random number generator (RNG) configured to generate the key (Wilson [0018] “A key 132 that SPU 120 uses to encrypt its DEK 142 and decrypt the EDEK 152 is referred to herein as the key encryption key (KEK) 132. KEK 132 may be randomly generated at cluster formation time.”, further in [0020] “FIG. 4 illustrates a setup process in which a key encryption key and a data encryption key may be distributed in a secure cluster storage system. In the example of FIG. 1, one of the SPUs 120 in a cluster, i.e., SPU 120-1 in cluster 100, uses a random number generator 432, which may be implemented SPU 120-1 or its coprocessor 130-1, to generate initial or new values of KEK 132 and DEK 142. ”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal to incorporate the teaching of Wilson to utilize the above feature where randomly generating encryption keys reduces improves security of the generated key as it is generated based on random process as opposed to deterministic process.
Regarding claim 5, Roth in view of Murray and Gonabal teaches the integrated circuit of claim 1. Roth in view of Murray and Gonabal does not explicitly disclose, but Wilson discloses wherein the processor has write-only access to the first memory (Wilson [0020] “Each SPU 120 stores KEK 132 in unreadable, write-only memory of its encryption coprocessor 130 and clears KEK 132 from any readable memory, e.g., from volatile memory 140.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal to incorporate the teaching of Wilson to utilize the above feature where storing in write-only, makes the KEK unreadable as disclosed by Wilson [0020], and therefore, preventing any other entity from reading the KEK.
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Roth (US 20180167381 A1) in view of Murray (US 20190013936 A1) and Gonabal (US 20240160582 A1) and Buer (US 20060117177 A1).
Regarding claim 3, Roth in view of Murray and Gonabal teaches the integrated circuit of claim 1. Roth in view of Murray and Gonabal does not explicitly disclose BBRAM, however, Buer discloses wherein the first memory includes battery-backed random access memory (BBRAM) (Buer discloses in [0089] storing keys in BBRAM).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal to incorporate the teaching of Buer to utilize the above feature, with the motivation of choosing a secure against hardware attacks, as recognized by (Buer [0089]), where BBRAM is one of finite memory types to try and choose from.
Claims 7-8 are rejected under 35 U.S.C. 103 as being unpatentable over Roth (US 20180167381 A1) in view of Murray (US 20190013936 A1) and Gonabal (US 20240160582 A1) and Balabine (US 20250279880 A1).
Regarding claim 7, Roth in view of Murray and Gonabal teaches the integrated circuit of claim 6. Roth in view of Murray and Gonabal does not explicitly disclose, but Balabine discloses wherein the usage limit for the plaintext user keys includes a number of uses (Balabine [0036] “Based on intrinsic limitations of cryptographic modes, a key management policy can define when a cryptographic key may be considered overused by defining a limit on the number of uses for a given key or an amount of data encrypted with a given key.” and [0056]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal to incorporate the teaching of Balabine to utilize the above feature, with the motivation of ensuring adherence to recommended guidance for key security and management, as recognized by (Balabine [0036]).
Regarding claim 8, Roth in view of Murray and Gonabal teaches the integrated circuit of claim 6. Roth in view of Murray and Gonabal does not explicitly disclose, but Balabine discloses wherein the usage limit for the plaintext user keys includes an amount of data processed (Balabine [0036] “Based on intrinsic limitations of cryptographic modes, a key management policy can define when a cryptographic key may be considered overused by defining a limit on the number of uses for a given key or an amount of data encrypted with a given key.” and [0056]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal to incorporate the teaching of Balabine to utilize the above feature, with the motivation of ensuring adherence to recommended guidance for key security and management, as recognized by (Balabine [0036]).
Claims 10-11 and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Roth (US 20180167381 A1) in view of Murray (US 20190013936 A1) and Gonabal (US 20240160582 A1) and Maiman (US 20230083785 A1).
Regarding claim 10, Roth in view of Murray and Gonabal teaches the integrated circuit of claim 1, wherein the cryptographic circuitry is further configured to:
Roth in view of Murray and Gonabal does not explicitly disclose but Maiman discloses read a counter value from the first memory; and generate an encrypted counter value by encrypting the counter value using the AES key (Maiman discloses in [0056-0057] utilizing AES keys and the contactless card 420 may transmit an encrypted counter value, or an unencrypted counter value.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal to incorporate the teaching of Maiman to utilize the above feature, with the motivation ensuing the counter being transmitted is transmitted in a secured manner.
Regarding claim 11, Roth in view of Murray and Gonabal teaches the integrated circuit of claim 10, wherein the processor is further configured to, Roth in view of Murray and Gonabal does not explicitly disclose but Maiman discloses write the encrypted counter value to the second memory to provision the plaintext user keys (Maiman discloses in [0056-0057] utilizing AES keys and the contactless card 420 may transmit an encrypted counter value, or an unencrypted counter value., where the encrypted counter transmitted to a second entity interpreted as an entity where the encrypted counter is written on).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal to incorporate the teaching of Maiman to utilize the above feature, with the motivation ensuing the counter being transmitted is transmitted in a secured manner.
Regarding claim 14, the system of claim 12, wherein the set of instructions, when executed, further cause the one or more processors to determine the validity by…
Roth in view of Murray and Gonabal discloses utilizing volatile memory. Roth in view of Murray and Gonabal does not explicitly disclose but Maiman discloses reading a first counter value and reading a second counter value from the second memory; comparing the first counter value to the second counter value; and invalidating the user key based on comparing the first counter value to the second counter value (Maiman [0059] “ The extracted password and counter value may be compared with the valid password and valid counter value (see 1204). A determination is made whether the passwords match and the counter values match or if the extracted counter value otherwise indicates that the password has not expired (see 1206). If the passwords match and the extracted password has not expired based on the extracted counter value, other extracted information may be compared (see 1208).”, [0061] “With reference to FIG. 12 again, if the other information is valid (see 1210), then the user 418 is authenticated (see 1214). If not, the user 418 is not authenticated (see 1212). Similarly, if the passwords do not match or the password has expired as indicated by the extracted counter value, the user is not authenticated (see 1212).”, where password is validated based on the matching/comparing).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal to incorporate the teaching of Maiman to utilize the above feature, with the motivation ensuing successful authentication of parties (Maiman [0061]).
Regarding claim 15, Roth in view of Murray and Gonabal teaches the system of claim 14.
Roth in view of Murray and Gonabal does not explicitly disclose but Maiman discloses wherein the first counter value is encrypted (Maiman discloses in [0056-0057] utilizing AES keys and the contactless card 420 may transmit an encrypted counter value, or an unencrypted counter value.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal to incorporate the teaching of Maiman to utilize the above feature, with the motivation ensuing the counter being transmitted is transmitted in a secured manner.
Claims 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Roth (US 20180167381 A1) in view of Murray (US 20190013936 A1) and Gonabal (US 20240160582 A1) and Maiman (US 20230083785 A1) and Pinder (US 20140245009 A1).
Regarding claim 16, Roth in view of Murray and Gonabal and Maiman teaches the system of claim 15, wherein the set of instructions, when executed, further cause the one or more processors to:
Roth in view of Murray and Gonabal does not explicitly disclose but Maiman discloses increment the second counter value to a third counter value (Maiman discloses in [0054] “The master keys may be used in conjunction with the counters to enhance security using key diversification. The counters 415 and 1102 comprise values that are synchronized between the contactless card 420 and the authentication service 432. The counter value may comprise a number that changes each time data is exchanged between the contactless card 420 and the authentication service 432.”, where counter value is incremented as disclosed in [0055-0056]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal to incorporate the teaching of Maiman to utilize the above feature, with the motivation ensuing successful authentication of parties (Maiman [0061]).
Roth in view of Murray and Gonabal and Maiman does not explicitly disclose but
Pinder determine whether the third counter value is zero (Pinder [0034] “The key usage counter may be decremented by key access controller 705 for each block of data (e.g. packet) decrypted with the actual key, and when the key usage counter reaches zero, key access controller 705 may erase the actual key from key storage 715.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal and Maiman to incorporate the teaching of Pinder to utilize the above feature, with the motivation of enforcing a temporary lifetime of the cryptographic key and therefore improving security, as recognized by (Pinder).
17. Roth in view of Murray and Gonabal and Maiman and Pinder teaches the system of claim 16, wherein the set of instructions, when executed, further cause the one or more processors to
Roth in view of Murray and Gonabal and Maiman does not explicitly but Pinder disclose zero the symmetric key (Pinder [0034] “The key usage counter may be decremented by key access controller 705 for each block of data (e.g. packet) decrypted with the actual key, and when the key usage counter reaches zero, key access controller 705 may erase the actual key from key storage 715.”, where the actual key performs encryption and decryption as disclosed in [0011]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal and Maiman to incorporate the teaching of Pinder to utilize the above feature, with the motivation of enforcing a temporary lifetime of the cryptographic key and therefore improving security, as recognized by (Pinder).
Claims 18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Roth (US 20180167381 A1) in view of Murray (US 20190013936 A1) and Gonabal (US 20240160582 A1) and Maiman (US 20230083785 A1) and Kang (US 20190044746 A1).
Regarding claim 18, Roth teaches a method (Roth [0010] system and method performed by system in Figure 1) comprising:
reading a user key, metadata…from a non-volatile memory, wherein the user key, the metadata,…are encrypted (Roth discloses receiving keys K1, i.e. plaintext user keys, and metadata associated with K1 from database 232 in Figure 2, [0022] “K1 and other customer key information and/or security information such as metadata can be stored in at least one database 232 managed by the cryptographic service. When the customer makes a request to the cryptographic service calling a suspend API… in response to such a request, the cryptographic service creates a restore key, “K1_restore 244” or other such key in the account of the customer, where K1_restore 244 is used to encrypt K1 242 along with at least a portion of the metadata associated with K1 242 using any known cryptography.”, [0049-0050] indicate using volatile memory).
Roth does not disclose the below limitation.
Murray discloses computing a first Galois/Counter Mode (GCM) tag based on the user key and the metadata using a symmetric key stored in a first memory; reading a second GCM tag …from a second memory; comparing the first GCM tag to the second GCM tag…; and invalidating the user key based on at least one of comparing the first GCM tag to the second GCM tag, comparing the first counter value to the second counter value, comparing the usage to the usage limit, or a revocation status identified using the revocation bits (Murray discloses in [0121] computing T.sub.FK utilizing AES/GCM, where the T.sub.FK is based on the wrapping key WK “As noted above, file-key FK is wrapped or encrypted using a symmetric wrapping-key WK to produce wrapped-file-key WFK. This encryption is again an authenticated encryption preferably utilizing AES/GCM. For this purpose, Eq. 1A above is adapted as follows:
ENC(WK, IV.sub.FK, FK, AAD)=WFK and T.sub.FK. Eq. 2A”,
where the [0111] “Authentication tag T.sub.FK, which is generated by authenticated encryption of file-key FK per Eq. 2A below, and is used later for verifying the integrity of WFK during authenticated decryption of Eq. 2B.”, [0157] “…process engine 122 performs an authenticated decryption of wrapped-file-key WFK attribute of file-metadata per Eq. 2B above by utilizing tag T.sub.FK also stored in file-metadata. If the authentication succeeds, then process engine 122 obtains the resulting file-key FK of the file. Otherwise, if the integrity check fails, an error is returned and the operation is aborted as shown again by error box 310.”, where T.sub.FK is stored in file-metadata for being used later, where the storage where T.sub.FK is stored is interpreted as the second memory, where T.sub.FK is computed based on Eq. 2A, which is based on FK, i.e. user key, metadata elements AAD (Ver and IV illustrated in Figure 3) and using WK, i.e. symmetric key, and if authentication is successful, then the file-key FK is obtained. Examiner notes the above limitation is recited in the alternative);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth to incorporate the teaching of Murray to utilize the above feature, with the motivation of verification and integrity for provision of a file key, as recognized by (Murray [0111, 0157]).
Roth in view of Murray does not disclose the below limitation. Emphasis in italic.
Gonabal discloses reading …revocation bits…wherein the revocation bits are encrypted (Gonabal [0022] “…another layer of security is introduced as the contents of the KRL are also encrypted. Therefore, to spoof a KRL, an attacker against an asset would need to both overcome the digital signature authentication of the KRL and be able to decrypt the contents of the KRL.”, [0039] “the KRL 304 can be encrypted to protect it from being spoofed. Additionally, the contents of the KRL 304 related to the potentially compromised key and the new key can also be encrypted, thus adding an additional layer of security to embodiments of the present disclosure. Furthermore, the KRL 304 can be digitally signed with a key such that the identity of the KRL 304 can be authenticated to ensure it hasn't been maliciously altered in any way”, where validation is determined as illustrated in e.g. Figure 4.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray to incorporate the teaching of Gonabal to utilize the above feature, with the motivation of adding another security layer to the revocation key information against spoofing, as recognized by (Gonabal [0022]).
Roth in view of Murray and Gonabal does not explicitly disclose but Maiman discloses reading a first counter value… wherein the first counter value encrypted, reading a second counter value from a second memory and comparing the first counter value to the second counter value (Maiman discloses in [0056-0057] utilizing AES keys and the contactless card 420 may transmit an encrypted counter value, or an unencrypted counter value, [0059] “ The extracted password and counter value may be compared with the valid password and valid counter value (see 1204). A determination is made whether the passwords match and the counter values match or if the extracted counter value otherwise indicates that the password has not expired (see 1206). If the passwords match and the extracted password has not expired based on the extracted counter value, other extracted information may be compared (see 1208).”, [0061] “With reference to FIG. 12 again, if the other information is valid (see 1210), then the user 418 is authenticated (see 1214). If not, the user 418 is not authenticated (see 1212). Similarly, if the passwords do not match or the password has expired as indicated by the extracted counter value, the user is not authenticated (see 1212).”, where password is validated based on the matching/comparing).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal to incorporate the teaching of Maiman to utilize the above feature, with the motivation ensuing the counter being transmitted is transmitted in a secured manner and ensuing successful authentication of parties (Maiman [0061]).
Roth in view of Murray and Gonabal and Maiman does not explicitly disclose the below limitation.
Kang discloses reading a usage limit and a usage from a non-volatile memory, wherein the usage limit, and the usage are encrypted, comparing the usage to the usage limit ([0007] “The usable time management process includes: reading the encrypted usable time or the encrypted expiry date stored in the data memory, decrypting the encrypted usable time or the encrypted expiry date, decreasing the usable time per time unit or comparing with the expiry date, encrypting the decreased usable time or the expiry date, storing the encrypted and decreased usable time or the encrypted expiry date into the data memory, and instructing the product controller to disable some or all functions of the terminal product, if the usable time (i.e. usage) is inaccessible or decreased to zero, or it reaches the expiry date (i.e. usage limit). The customer service software of the remote server generates, encrypts and sends the new expiry date to the local apparatus.”)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal and Maiman to incorporate the teaching of Kang to utilize the above feature, with the motivation of providing an improved system, device and method for terminal product usable time management to mitigate issues with fake or expired license, as recognized by (Kang [0004-0006]).
Regarding claim 20, Roth in view of Murray and Gonabal and Maiman and Kang teaches the method of claim 18, further comprising: generating an additional user key (Roth [0011] additional key is generated, after shredding the original customer key, at the secret management service, where “…the service can decrypt the encrypted key material using the restore key such that the key material can be used to access one or more resources and/or data secured by the key material.”).
Roth in view of Murray and Gonabal does not disclose the below limitation.
Maiman discloses incrementing the second counter value to a third counter value (Maiman discloses in [0054] “The master keys may be used in conjunction with the counters to enhance security using key diversification. The counters 415 and 1102 comprise values that are synchronized between the contactless card 420 and the authentication service 432. The counter value may comprise a number that changes each time data is exchanged between the contactless card 420 and the authentication service 432.”, where counter value is incremented as disclosed in [0055-0056]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal to incorporate the teaching of Maiman to utilize the above feature, with the motivation ensuing successful authentication of parties (Maiman [0061]).
Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Roth (US 20180167381 A1) in view of Murray (US 20190013936 A1) and Gonabal (US 20240160582 A1) and Maiman (US 20230083785 A1) and Kang (US 20190044746 A1) and Buer (US 20060117177 A1).
Regarding claim 19, Roth in view of Murray and Gonabal and Maiman teaches the method of claim 18.
Roth in view of Murray and Gonabal and Maiman does not explicitly disclose BBRAM, however, Buer discloses wherein the first memory includes battery-backed random access memory (BBRAM) (Buer discloses in [0089] storing keys in BBRAM).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Roth in view of Murray and Gonabal and Maiman to incorporate the teaching of Buer to utilize the above feature, with the motivation of choosing a secure against hardware attacks, as recognized by (Buer [0089]), where BBRAM is one of finite memory types to try and choose from.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
SANTHANA (US 20220360979 A1) discloses key refreshment with session count for wireless management of modular subsystems
Ghetie (US 20220006653 A1) discloses encrypting a counter block with an integrity key to generate an integrity counter block, and utilizing an AES algorithm.
Oz (US 8068516 B1) discloses a key validly field
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BASSAM A NOAMAN/ Primary Examiner, Art Unit 2497