SYSTEM AND METHOD FOR SECURING CRYPTOGRAPHIC KEY MATERIAL

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Detailed Action Office Action is in response to the Applicant’s response filed on 3/5/2026. Claims 1-11 are pending. This Office Action is Final. Response to Arguments A) Applicant’s amendments and arguments regarding 35 USC 101 for a being a transitory medium has been considered and deemed persuasive. As a result, these amendments have been Withdrawn. B) Applicant’s arguments with respect to claim(s) 1, 7 and 11 have been considered but are moot because the new ground of rejection does not rely on the same combination of references applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Journet et al. (US 2020/0364353) in view of Alness et al. (US 2016/0344543). As per claim 1, Journet teaches a method for operating secure computer processes, comprising: storing a local encryption key in one or more registers of a processor, wherein the local encryption key is stored in a masked state (Journet, Paragraph 0040 recites “According to another aspect, an integrated circuit is proposed comprising a module comprising a first register containing a first mask, a second register containing masked data, the first mask and said masked data forming a secret key and processing means configured to generate a second mask and to mask the secret key with the second mask when the secret key is not used for an encryption operation and during the reception of a validation signal.”). But fails to teach receiving, from a memory of a computing device communicating with the processor, an operational encryption key; encrypting the operational encryption key using the local encryption key and an initialization vector to generate an encrypted operational key, wherein the local encryption key is unmasked prior to encrypting the operational encryption key; storing the encrypted operational key, the initialization vector, and a verification hash value in the memory; and removing the operational encryption key from the memory. However, in an analogous art Alness teaches receiving, from a memory of a computing device communicating with the processor, an operational encryption key; encrypting the operational encryption key using the local encryption key and an initialization vector to generate an encrypted operational key, wherein the local encryption key is unmasked prior to encrypting the operational encryption key; storing the encrypted operational key, the initialization vector, and a verification hash value in the memory; and removing the operational encryption key from the memory (Alness, Paragraph 0043 recites “FIG. 4 specifically illustrates loading of an operational master key 64 into the service 50 by the master key loader 54. At 71, a service instance is initialized. At 72, M custodians are assembled by the master key loader 54, wherein M is more than one, but less than N. At 73, each custodian, 1 to M, decrypts their respective bundle with their respective passphrase. Each custodian then sends the decrypted master key share to the service 50. The request by the respective custodian is authenticated by the custodian and service TLS keys by the service 50 as is commonly understood by one skilled in the art. After the service 50 receives the M shares, the service 50, at 75, derives the operational master key 64 from the M shares. All versions of the operational master key are hashed within the database 52. At 76, if the master key hash exists in the database, the service 50 ensures that the master key hash is the same. If the master key hash is the same, the service 50 can store the respective operational master key 64 within the service 50 for later use. Alternatively, at 77, if the master key hash does not exist, then the service 50 stores a new version and hash of the operational maser key within the database 52. At 78, the service 50 then stores the new version of the operational master key as the master key 64 within the service for later use.”). It would have been obvious to a person of ordinary skill in the art, before the earliest effective filing date to use Alness’s security system forming part of a bitcoin host computer with Journet’s device for protecting encrypted data and associated method because it offers the advantage of securing a key used fore secure communications. As per claim 2, Journet in view of Alness teaches the method of claim 1, Journet further teaches further comprising: receiving, from the memory, input data to be encrypted and the encrypted operational key; decrypting the encrypted operational key to recover the operational encryption key; storing the operational encryption key in the one or more registers of the processor, and encrypting the input data using the operational encryption key (Journet, Paragraph 0040 recites “According to another aspect, an integrated circuit is proposed comprising a module comprising a first register containing a first mask, a second register containing masked data, the first mask and said masked data forming a secret key and processing means configured to generate a second mask and to mask the secret key with the second mask when the secret key is not used for an encryption operation and during the reception of a validation signal.”). As per claim 3, Journet in view of Alness teaches the method of claim 2, Journet further teaches wherein the operational encryption key is a symmetric key and the operational encryption key is never stored in the memory of the computing device (Journet, Paragraph 0007 recites “The data is encrypted, for example, using an “AES” (Advanced Encryption Standard) type algorithm.”). Claim(s) 4 and 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Journet et al. (US 2020/0364353) and Alness et al. (US 2016/0344543) and in further view of Peddada (US 2024/0421982). As per claim 4, Journet in view of Alness teaches the method of claim 2, but fails to teach further comprising: decrypting a private key of an asymmetric key pair using the operational encryption key, wherein the private key is temporarily stored in the memory of the computing device, and the memory of the computing device is sanitized after the use of the private key. However, in an analogous art Peddada teaches decrypting a private key of an asymmetric key pair using the operational encryption key, wherein the private key is temporarily stored in the memory of the computing device, and the memory of the computing device is sanitized after the use of the private key (Peddada, Paragraph 0066 recites “In some examples, the API call may be configured to cause a key protection component of the server host to unwrap the symmetric key using an asymmetric private key of the server host, decrypt the encrypted private key of the tenant using the unwrapped symmetric key, generate the cryptographic signature using the decrypted private key of the tenant, and return the cryptographic signature via the API response”). It would have been obvious to a person of ordinary skill in the art, before the earliest effective filing date to use Peddada’s multi-tenant hardware-backed transport layer security key management with Journet’s device for protecting encrypted data and associated method because it offers the advantage of ensuring secure communications in a network environment. As per claim 5, Journet in view of Alness and Peddada teaches the method of claim 4, Peddada further teaches further comprising: generating one or more digital signatures using the private key (Peddada, Paragraph 0066 recites “In some examples, the API call may be configured to cause a key protection component of the server host to unwrap the symmetric key using an asymmetric private key of the server host, decrypt the encrypted private key of the tenant using the unwrapped symmetric key, generate the cryptographic signature using the decrypted private key of the tenant, and return the cryptographic signature via the API response”). Claim(s) 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Journet et al. (US 2020/0364353) and Alness et al. (US 2016/0344543) and in further view of Kothari et al. (US 9,432,342). As per claim 6, Journet in view of Alness teaches the method of claim 1, but fails to teach further comprising: generating a random number seed; and performing a logical combination function on the random number seed and a mask to generate the local encryption key in a masked state. However, in an analogous at Kothari teaches further comprising: generating a random number seed; and performing a logical combination function on the random number seed and a mask to generate the local encryption key in a masked state (Kothari, Col. 19 Lines 49-63 recites “In some examples, the key manager system 756 may maintain a table cross-referencing the request identifier and the DEK seed value used to generate the masked data encryption key. FIG. 7J shows an example table 790, with column 792 storing request identifier 782 and column 794 storing corresponding DEK seed 774. If there is a subsequent request for a data encryption key and the request identifier matches a stored request identifier in table 790, in one example, the corresponding stored DEK seed 774 along with the masked master key 770 to generate a masked data encryption key using the second crypto function 772 as previously described with reference to FIG. 7G. The generated masked data encryption key is returned by the key manager system 756 as a response to the request for the data encryption key from the anonymization system 752.”). It would have been obvious to a person of ordinary skill in the art, before the earliest effective filing date to use Kothari’s System And Method To Anonymize Data Transmitted To A Destination Computing Device with Journet’s device for protecting encrypted data and associated method because it offers the advantage of protecting encryption keys. Claim(s) 7, 10 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Tewari et al. (US 8,1261,45) in view of Journet et al. (US 2020/0364353). As per claim 7, Tewari teaches a method for operating secure computer processes, comprising: receiving, from a memory of a computing device communicating with a processor, an operational encryption key that is encrypted; decrypting the operational encryption key using a local encryption key stored in one or more registers of the processor (Tewari, Col. 3 Lines 16-44 recites “According to another aspect, a method for associating a client with an access point is provided. The method includes transmitting a probe request for identifying a desired access point having connection capability that does not require separate authentication of the client, sending an association request for associating with the identified access point, participating in a key exchange, exchanging operational information during the key exchange, receiving and decrypting an encrypted operational key, and entering an operational phase using the operational key. Identifying a desired access point can include evaluating a signal strength between the access point and the client. The method can include selecting a new access point having a next highest signal strength if an authentication with the access point fails. The method can include providing a client-specific WEP, WPA-PSK or WPA2-PSK pair-wise master key (PMK) for establishing a secure WEP/WPA/WPA2 session between the access point and the client. The method can include determining if the client fails to establish the secure session with the access point using a pair-wise master key, and selecting a new access point after determining the client has failed to establish the secure session in a predetermined number of attempts. The key exchange can be an asymmetric Diffie-Hellman key exchange to establish a shared secret key between the access point and the client, and the method can include decrypting the operational key using the shared secret key derived from the Diffie-Hellman key exchange”). But fails to teach maintaining the operational encryption key, which was decrypted, in the one or more registers of the processor, wherein the operational encryption key is never stored in the memory of the computing device; receiving input data to be encrypted or decrypted using the operational encryption key; and encrypting or decrypting the input data using the operational encryption key of one or more registers of the processor. However, in an analogous art Journet teaches maintaining the operational encryption key, which was decrypted, in the one or more registers of the processor, wherein the operational encryption key is never stored in the memory of the computing device; receiving input data to be encrypted or decrypted using the operational encryption key; and encrypting or decrypting the input data using the operational encryption key of one or more registers of the processor (Journet, Paragraph 0040 recites “] According to another aspect, an integrated circuit is proposed comprising a module comprising a first register containing a first mask, a second register containing masked data, the first mask and said masked data forming a secret key and processing means configured to generate a second mask and to mask the secret key with the second mask when the secret key is not used for an encryption operation and during the reception of a validation signal.”). It would have been obvious to a person of ordinary skill in the art, before the earliest effective filing date to use Journet’s device for protecting encrypted data and associated method with Tewari’s Enhanced Association For Access Points because it offers the advantage of protecting encrypted data. Regarding claims 10 and 11, claims 10 and 11 are directed to a system and a computer readable medium associated with the method of claim 7. Claims 10 and 11 are of similar scope to claim 7, and are therefore rejected under similar rationale. Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Tewari et al. (US 8,1261,45) and Journet et al. (US 2020/0364353) and in further view of Peddada (US 2024/0421982). As per claim 8, Tewari in combination with Journet teaches the method of claim 7, but fails to teach wherein the input data is a private key of an asymmetric key pair. However, in an analogous art Peddada teaches wherein the input data is a private key of an asymmetric key pair (Peddada, Paragraph 0066 recites “In some examples, the API call may be configured to cause a key protection component of the server host to unwrap the symmetric key using an asymmetric private key of the server host, decrypt the encrypted private key of the tenant using the unwrapped symmetric key, generate the cryptographic signature using the decrypted private key of the tenant, and return the cryptographic signature via the API response”). It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Peddada’s multi-tenant hardware-backed transport layer security key management with Tewari’s Enhanced Association For Access Points because it offers the advantage of ensuring secure communications in a network environment. Claim(s) 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Tewari et al. (US 8,1261,45) and Journet et al. (US 2020/0364353) and in further view of Kothari et al. (US 9,432,342). As per claim 9, Tewari in combination with Journet teaches the method of claim 7, but fails to teach wherein the local encryption key is masked when stored in the one or more registers of the processor. However, in an analogous Kothari teaches wherein the local encryption key is masked when stored in the one or more registers of the processor (Kothari, Col. 19 Lines 49-63 recites “In some examples, the key manager system 756 may maintain a table cross-referencing the request identifier and the DEK seed value used to generate the masked data encryption key. FIG. 7J shows an example table 790, with column 792 storing request identifier 782 and column 794 storing corresponding DEK seed 774. If there is a subsequent request for a data encryption key and the request identifier matches a stored request identifier in table 790, in one example, the corresponding stored DEK seed 774 along with the masked master key 770 to generate a masked data encryption key using the second crypto function 772 as previously described with reference to FIG. 7G. The generated masked data encryption key is returned by the key manager system 756 as a response to the request for the data encryption key from the anonymization system 752.”). It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Kothari’s System And Method To Anonymize Data Transmitted To A Destination Computing Device with Tewari’s Enhanced Association For Access Points because it offers the advantage of protecting encryption keys. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661. The examiner can normally be reached Mon- Fri 8am-4pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. RODERICK . TOLENTINO Examiner Art Unit 2439 /RODERICK TOLENTINO/Primary Examiner, Art Unit 2439