DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted by applicant dated 12/03/2025 has been considered by the examiner.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after allowance or after an Office action under Ex Parte Quayle, 25 USPQ 74, 453 O.G. 213 (Comm'r Pat. 1935). Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, prosecution in this application has been reopened pursuant to 37 CFR 1.114. Applicant's submission filed on 12/03/2025 has been entered.
Examiner’s Remarks
The notice of allowance dated 10/14/2025 is hereby withdrawn.
New ground(s) of rejection are presented due to the information disclosure statement filed on 12/03/2025.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-9 are rejected under 35 U.S.C. 102 (a)(1) as being anticipated by 1Password Security Design: Teams Families and Individual Accounts (hereinafter 1Password).
As per claim 1, 1Password teaches a method for accessing encrypted data using a client device, said encrypted data being transmitted from a server to said client device, the method comprising: - undergoing a login and authentication process to thereby authenticate a user and said client device to said server, said login and authentication process involving a user first password (1Password pgs 13-14, 18, 26-27, 29-30, sign in to server using derived key);
- receiving an encrypted private key from said server at said device (1Password pgs 17-18, 29-30, receiving key sets from server, which includes an encrypted private key);
- decrypting said encrypted private key at said client device using a private key decryption key, said private key decryption key being derived from a user second password and from at least one identification credential (1Password pgs 18, 24-26, 31, decrypt encrypted private key using derived key based on master password and secret key and other parameters);
- receiving said encrypted data from said server (1Password pgs 13, 21, download encrypted data);
- decrypting said encrypted data using said decrypted private key (1Password pgs 17-18, 21, 31, decrypt encrypted data using private key);
wherein - said user first password and said user second password are only available to said user (1Password pgs 29, 33, neither client nor server reveals any secrets to the other. The server does not learn the user’s secret key or master password);
- said encrypted private key is undecryptable by said server (1Password pgs 17, 29, 33, neither client nor server reveals any secrets to the other. The server does not learn the user’s secret key or master password. The private key is encrypted using the master password and secret key);
- said encrypted private key can only be decrypted using said private key decryption key (1Password pgs 17, 29, 33, neither client nor server reveals any secrets to the other. The server does not learn the user’s secret key or master password. The private key is encrypted using the master password and secret key);
- said decrypted private key is only ever used by said client device (1Password pgs 17, 29, 33, neither client nor server reveals any secrets to the other. The server does not learn the user’s secret key or master password. The private key is encrypted using the master password and secret key).
As per claim 2, 1Password teaches the method according to claim 1, wherein said encrypted data is encrypted by a public key that corresponds to said private key (1Password pgs 17-18, 21, 31, data encrypted with public key).
As per claim 3, 1Password teaches the method according to claim 1, wherein said first user password and said second user password are both derived from a master password, said master password only being available to said user (1Password pgs 13-14, 18, 24, 33, keys derived from master password. The server does not learn the user’s secret key or master password).
As per claim 4, 1Password teaches the method according to claim 1, wherein said login and authentication process comprises: - receiving user credentials from said user, said user credentials including a user entered password; - creating an authentication password based on said user credentials; - transmitting a version of said authentication password to said server to thereby get said client and said user authenticated by said server (1Password pgs 13-14, 18, 24-27, 29, obtain credentials such as an entered master password, derive key based on the credentials, and use derived key to sign in to server).
As per claim 5, 1Password teaches the method according to claim 4, wherein said authentication password is formulated from a combination of at least two of said user credentials, said user credentials including at least one of:- a username; - an email address; - a telephone number; and - a user supplied password (1Password pgs 13-14, 18, 24-27, 29, obtain credentials such as an entered master password, derive key based on the credentials).
As per claim 6, 1Password teaches the method according to claim 1, wherein derivation of said first user password and said second user password involves a non-reversible hashing process (1Password pgs 13-14, 17-18, 24-27, 29, derive keys hash function).
As per claim 7, 1Password teaches the method according to claim 1, wherein derivation of said first user password and said second user password involves a one-way encryption process (1Password pgs 13-14, 17-18, 24-27, 29, derive keys using functions such as key hash functions and xor functions).
As per claim 8, 1Password teaches the method according to claim 1, wherein derivation of said private key decryption key involves a passphrase specific to an implementation of said method (1Password pgs 13-14, 17-18, 24-27, 29, obtain credentials such as an entered master password, derive key based on the credentials).
As per claim 9, 1Password teaches the method according to claim 4, wherein creation of said authentication password involves a passphrase specific to an implementation of said method (1Password pgs 13-14, 17-18, 24-27, 29, obtain credentials such as an entered master password, derive key based on the credentials).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959. The examiner can normally be reached M-F 9am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HENRY TSANG/ Primary Examiner, Art Unit 2495