SYSTEMS AND METHODS FOR HANDLING ENCRYPTED DATA

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Specification The use of the trademarks BLUETOOTH [paragraphs 0020, 0032, 0035, 0055] and APPLETALK [paragraph 0067], have been noted in this application. They should be capitalized wherever they appear and be accompanied by the generic terminology. Although the use of trademarks is permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as trademarks. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Thirumalai et al., (US 11012428 B1) hereinafter referred to as Thirumalai in view of Topps (US 20200344055 A1) hereinafter referred to as Topps and further in view of Lu (US 20170180128 A1) hereinafter referred to as Lu. Regarding Claims 1, 11, and 16, Thirumalai discloses A method, comprising: receiving, by an application executed on a user device, data; generating, by the application executed on the user device, a hash of at least a portion of the data; [Column 10, lines 1-15, FIG. 6 is a flow diagram of logic 600 to perform privacy preserving deduplication of a remote or cloud storage system, according to an embodiment. A system, such as a client device of a user who has a cloud storage account, that implements an encryption system for the remote or cloud storage environment can implement the logic 600 described herein. The logic 600 can implement a process or method of storing data on a cloud storage system using the scheme 500 to perform privacy-preserving deduplication. While a cloud storage system is described below, the logic is generally applicable to any networked and encrypted multi-user storage system and the logic 600 can be implemented by a client device that uploads content to a cloud storage account used by the client device which performs the deduplication before uploading the content – teaches that the activities shown in Figures 5 and 6 can be performed by a “client device of a user”][Column 8, lines 53-54, The file plaintext 502 is used to generate a file digest 504 using a secure hashing algorithm – teaches that data is obtained (received) and then hashed] generating, by the application executed on the user device, a first key associated with the user device; [Figure 6, element 602, create a boundary key for an account associated with a cloud storage system] Thirumalai does not explicitly teach encrypting, by the application executed on the user device, the data and the hash of at least a portion of the data using the first key to create encrypted data; and transmitting, by the application executed on the user device, the encrypted data and the encrypted key to a third party device. Topps teaches encrypting, by the application executed on the user device, the data and the hash of at least a portion of the data using the first key to create encrypted data; [paragraph 0058, The first device 802 computes a secure hash of the original message M.sub.o and appends it to the secure hash of the original message M.sub.O to create an augmented message M.sub.1A having a data section and a hash section] [paragraph 0059, The augmented message M.sub.1A is encrypted in the first device 802 using the session keys exchanged between the first device 802 and the third device 806 (S.sub.1(3)) to create an encrypted augmented message M.sub.1B][paragraph 0060, The encrypted augmented message M.sub.1B is encrypted using the session keys exchanged between the first device 802 and the second device 804 (S.sub.1(2)) to create a double-encrypted augmented message M.sub.1C] and transmitting, by the application executed on the user device, the encrypted data and the encrypted key to a third party device. [paragraph 0061, The double-encrypted augmented message M.sub.1C is transmitted to the second device 804] Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Topps with the disclosure of Thirumalai. The motivation or suggestion would have been for “secure storage of cryptographic keys on decentralized individual devices.” (paragraph 0001) The combination of Thirumalai and Topps does not explicitly teach encrypting, by the application executed on the user device, the first key using a public key of a public-private key pair to create an encrypted key. Lu teaches encrypting, by the application executed on the user device, the first key using a public key of a public-private key pair to create an encrypted key; [paragraph 0007, The user device may generate an encrypted key by encrypting the secret key using a key encryption key] [paragraph 0008, Advantageously, the key encryption key may be a public key belonging to a key pair generated by the user device] Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Lu with the disclosures of Thirumalai and Topps. The motivation or suggestion would have been for “deploying user's trusted identity and to methods of authenticating user's trusted identity.” (paragraph 0001) Regarding Claims 2 and 12, the combination of Thirumalai and Lu does not explicitly teach wherein the encrypted key is configured to be validated and re-encrypted as a re-encrypted key by a computing system associated with the application executed on the user device, such that the third party device is able to decrypt the encrypted data. Topps teaches wherein the encrypted key is configured to be validated and re-encrypted as a re-encrypted key by a computing system associated with the application executed on the user device, such that the third party device is able to decrypt the encrypted data. [paragraph 0058, The first device 802 computes a secure hash of the original message M.sub.o and appends it to the secure hash of the original message M.sub.O to create an augmented message M.sub.1A having a data section and a hash section] [paragraph 0059, The augmented message M.sub.1A is encrypted in the first device 802 using the session keys exchanged between the first device 802 and the third device 806 (S.sub.1(3)) to create an encrypted augmented message M.sub.1B] [paragraph 0060, The encrypted augmented message M.sub.1B is encrypted using the session keys exchanged between the first device 802 and the second device 804 (S.sub.1(2)) to create a double-encrypted augmented message M.sub.1C] [paragraph 0062, The second device 804 decrypts the double-encrypted augmented message M.sub.1C using the session keys exchanged between the first device 802 and the second device] Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Topps with the disclosures of Thirumalai and Lu. The motivation or suggestion would have been for “secure storage of cryptographic keys on decentralized individual devices.” (paragraph 0001) Regarding Claim 3, the combination of Thirumalai and Lu does not explicitly teach wherein the re-encrypted key includes a signature from the computing system such that the third party devices authenticates the re-encrypted key. Topps teaches wherein the re-encrypted key includes a signature from the computing system such that the third party devices authenticates the re-encrypted key. [paragraph 0042, Furthermore, there can also be additional authentication steps, such as returning the signature of random of data that is sent encrypted with the requesting device's public key to prove ownership of the public key pair, and thus the encrypted seed] Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Topps with the disclosures of Thirumalai and Lu. The motivation or suggestion would have been for “secure storage of cryptographic keys on decentralized individual devices.” (paragraph 0001) Regarding Claim 4, Thirumalai discloses as a data blob.[Column 13, lines 12-14, Once the group blob has been created and accepted by the server, the group blob can be sent to all the devices involved in the group] The combination of Thirumalai and Lu does not explicitly teach wherein the application executed on the user device transmits the encrypted data and the encrypted key. Topps teaches wherein the application executed on the user device transmits the encrypted data and the encrypted key [paragraph 0061, The double-encrypted augmented message M.sub.1C is transmitted to the second device 804] Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Topps with the disclosures of Thirumalai and Lu. The motivation or suggestion would have been for “secure storage of cryptographic keys on decentralized individual devices.” (paragraph 0001) Regarding Claim 5, Thirumalai discloses wherein the third party device splits the data blob and stores the data. [Column 16, lines 54-62, A group blob may also contain a session encrypted blob which can contain an administration key (ADK) (e.g., group key admin key 726 as in FIG. 7A) and other data. The administration Key (ADK), contains the private key pair {dg,Pg} which is used to sign the Group Blob and to transition the group to a new group blob. The arbitrary payload can include a first message to the group and/or define a name for a group, which can be broadcast to the group members.] Regarding Claim 6, the combination of Thirumalai and Topps does not explicitly teach wherein the data comprises health data. Lu teaches wherein the data comprises health data. [paragraph 0030, Identity issuer is the entity who issues the trusted identity, e.g. driver license, social security number, passport, health care ID, etc. Thus the trusted identity can be an identity document issued by an issuer and may contain an identifier, various information, or user attributes. The trusted identity can also be one or more vetted attributes associated with a user] Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Lu with the disclosures of Thirumalai and Topps. The motivation or suggestion would have been for “deploying user's trusted identity and to methods of authenticating user's trusted identity.” (paragraph 0001) Regarding Claim 7, Thirumalai discloses wherein the first key is unique to the data. [Column 10, lines 37-38, the logic 600 can derive an encryption key for the unique chunk from the chunk key and a digest of the chunk] Regarding Claims 8 and 18, Thirumalai discloses wherein the data includes one or more of a server identifier, a session token, a certificate, a transaction identifier, or a user device identifier. [Column 5, lines 13-15, a key or device identifier for the first device 202 and second device 204 can be associated with a key or account identifier for user or user account 212] Regarding Claims 9 and 19, Thirumalai discloses wherein the first key is associated with a symmetrical encryption scheme. [Column 13, lines 47-51, A symmetric key (e.g., a single key used for both encryption and decryption) is also used in the embodiments described herein (e.g., the message key (msgKey) can be a symmetric key and the group key KG can be a symmetric key)] Regarding Claims 10, 13, and 20, Thirumalai discloses therein the application is configured to collect data via optical code. [Column 37, lines 33-36, Communication functions can be facilitated through one or more wireless communication subsystems 2124, which can include radio frequency receivers and transmitters and/or optical (e.g., infrared) receivers and transmitters] Regarding Claim 14, Thirumalai discloses wherein the application causes the data and/or the encrypted data to be deleted after transmitting the encrypted key and the encrypted data to the third party device. [Column 27, lines 49-54, To delete an asset, a participant can delete the cryptographic material used to recover the asset. The deletion is a cryptographic deletion, such that neither the user, the cloud service provider, nor any associated storage vendors can recover the cryptographic material used to access or recover the asset] Regarding Claim 15, Thirumalai discloses wherein the data comprises at least one of card holder data, a personal identification number, or a primary account number. [Column 6, lines 38-42, In one embodiment each record 310A-310N can store a set of fields, where each field can contain various types of data, such as strings, numbers, dates, locations, references, or files – the “various types of data” including “numbers” could include things like a personal identification number or a primary account number] Regarding Claim 17, Thirumalai discloses wherein the application is to collect data via near field communication, magnetic strip reading, and/or a user input. [Column 37, lines 33-36, Communication functions can be facilitated through one or more wireless communication subsystems 2124, which can include radio frequency receivers and transmitters and/or optical (e.g., infrared) receivers and transmitters] Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW J STEINLE whose telephone number is (571)272-9923. The examiner can normally be reached M-F 10am-6pm CT. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ANDREW J STEINLE/Primary Examiner, Art Unit 2497