DETAILED ACTION
Notice of Pre-AIA or AIA Status
1.The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
2. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement.
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
3. Claims 1-20 are rejected on the ground of non-statutory obviousness-type double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 12,169,587. Although the claims at issue are not identical, but they are not patentably distinct from each other because the claims of the current application encompass the same subject matter as the patent claims, with obvious wording [such as the mobile device may receive a request from a mobile application executing on the mobile device to store data in the secure memory. The request may comprise the data and a group identifier associated with the mobile application. A primary symmetric key associated with the group identifier may be determined. The data may be encrypted, using the primary symmetric key, to produce first encrypted data. A secondary symmetric key associated with the group identifier may be determined. The first encrypted data may be encrypted, using the secondary symmetric key, to produce second encrypted data. The second encrypted data may be stored to the secure memory]. So, the above mentioned claims of the instant application are rejected under non-statutory obviousness-type double patenting rejection.
Claim Rejections - 35 USC § 103
4. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
5. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
6.Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Wagner (US Pub.No.2014/0177839) in view of Narayanan (US Pat.No.11,063,926)
7. Regarding claims 1, 7 and 13 Wagner teaches a method, a non-transitory computer-readable medium, and a mobile device comprising: encrypting, using a symmetric key associated with the group of mobile applications executing on a mobile device, data associated with a first mobile application of the group of mobile applications; receiving, from a second mobile application executing on the mobile device, a request to access the encrypted data; decrypting, based on the request and using the symmetric key, the encrypted data; and granting the second mobile application access to the decrypted data (Para:0017 teaches a shared encryption key may be used to encrypt data to be transferred from a first mobile application to a second mobile application. The encrypted data is provided to a shared storage location (e.g., a named pasteboard, shared keychain location). The second mobile application is configured to retrieve the encrypted data from the shared storage location.
Para:0065-0069 and Figs.1, 5 teaches a process of secure application to application communication. At 500, a shared encryption key may be used to encrypt data to be transferred from a first mobile application to a second mobile application. The shared encryption key may be used as an encryption key for symmetric key encryption approach. At 510, it may be determined (e.g., by the first mobile application) whether a suitable shared storage location exists on the device for transfer of data between the first mobile application and the second mobile application. In the event a shared storage location exists on the device (e.g., was previously generated). Para:0069 teaches at 530, the encrypted data may be provided to a shared storage location. The second mobile application may, for example, be configured to retrieve the encrypted data from the shared storage location. The data is transferred securely between the first application and the second mobile application via the shared storage location (e.g., pasteboard). In various embodiments, the encrypted data may be provided from the mobile application to the shared storage (e.g., pasteboard, secure keychain storage location, a storage location associated with an MDM framework native to the device) location as cyphertext. The second application may retrieve the cyphertext (e.g., the encrypted data) from the shared storage location and decrypt the encrypted data using the shared encryption key and access the unencrypted data using the decryption key);
But Wagner fails to teach encrypting data, with a group identifier associated with a group of mobile applications executing on a mobile device; and receiving, from a second mobile application executing on the mobile device, a request to access the encrypted data, wherein the request comprises the group identifier.
Narayanan teaches encrypting data, with a group identifier associated with a group of mobile applications executing on a mobile device; the data is associated with a first mobile application of the group of mobile applications; and receiving, from a second mobile application executing on the mobile device, a request to access the encrypted data, wherein the request comprises the group identifier (Fig.1 and Col.2, lines.7-11; Col.4, lines.51-67; Col.5, lines.3-8 teaches the user's device 102 may include a mobile application 112 [first mobile application herein] of a service provider, such as a financial institution, with an authentication module 114 and one or more third party modules or cooperating applications, such as a vendor A module or application 116 and a vendor B module or application 118, running on the one or more processors of the device 102. The user's device 102 may include a secure vault 120, such as KEYCHAIN which may be accessed from time-to-time by each of the provider's application 112, the vendor A module 116, and the vendor B module 118. The service provider's application and the third parties' cooperating applications may share a same group identifier (ID), which allows all applications in the group to share the secure vault 120, wherein, the secure authentication tokens may be saved and retrieved by the cooperating applications. Col.5, lines.40-45 teaches the modules or applications may run on one or more processors of a user's communication device 102, such as a user's mobile smart phone device. For example, the user may download the modules or cooperating applications from an app store, or they may be pre-installed on the user's device.
Col.6, lines.27-55 teaches the user 202 may log on and launch the service provider's application 112 [first mobile application] , and at 2002, the user's credentials may be submitted via the service provider's authentication module 114 to the provider's backend server 106 via the service provider's authentication module 114. At 2003, the provider's backend server 106 may authenticate the user and return an authentication message via the service provider's authentication module 114 to the provider's application 112. Thereafter, at 2004, the service provider's application 112 may generate, encrypt, and save a secure user authentication token to the secure vault 120, and the user 202 may perform an action on the provider's application 112. If the user 202 wishes to interact with another functionality, at 2005, the user may launch a third-party module or cooperating application, such as third-party module or application 204 [second mobile application]. At 2006, the third-party module or application may retrieve the secure user authentication token from the secure vault 120 and, at 2007, send the token data via the third-party backend server 206 to the provider backend server 106 for validation. Thereafter, the provider backend server 106 may validate the token data and, at 2008, may return a user authentication message via the third-party backend server 206 to the third-party module or application 204. User can then perform an action on the third-party module or application 204.
Col.8, lines.55-67; Col.9, lines.1-2 teaches secure vault 120, such as the KEYCHAIN may have a secure enclave that stores a group ID for the modules or cooperating applications, and values may be searched and retrieved from the secure enclave. The key of the group ID and the group ID may be established at design time and may be known and accessed only by the modules or cooperating applications. In addition, all of the group information may be embedded in a digital certificate. The information in the token may be the key of the particular group ID, and all may reside inside the secure vault 120).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Wagner to include encrypting data, with a group identifier associated with a group of mobile applications executing on a mobile device; and receiving, from a second mobile application executing on the mobile device, a request to access the encrypted data, wherein the request comprises the group identifier
as taught by Narayanan such a setup will allow user logging into a second entity application executing on the processor of the communication device based on the retrieved user authentication data (from the secure vault) without requiring entry of further user authentication data (Col.7, lines.47-52).
8. Regarding claims 2,8 and 14 Wagner teaches the method, the non-transitory computer-readable medium, and the mobile device, wherein the symmetric key is stored to a memory of the mobile device, and wherein the method further comprises retrieving the symmetric key from the memory (Para:0040, Para:0043 and Para:0065-0066 teaches the symmetric key is stored to the memory of the mobile device) .
9. Regarding claims 3,9 and 15 Wager in view of Narayanan teaches the method, the non-transitory computer-readable medium, and the mobile device, wherein the symmetric key and the group identifier are stored to a file on the mobile device, and wherein the method further comprises searching the file using the group identifier to locate the symmetric key within the file (Wagner: Para:0046 teaches the pasteboard (e.g., a pasteboard used in search operations).
Narayanan :Col.8, lines.55-67; Col.9, lines.1-2 teaches storing the encryption keys and group identifier on the mobile device).
10. Regarding claims 4,10 and 16 Wagner teaches the method, the non-transitory computer-readable medium, and the mobile device, wherein the granting the second mobile application access to the decrypted data comprises saving the decrypted data to a portion of a memory on the mobile device that is accessible to the second mobile application (Para:0065-0066 and Figs.1, 5 teaches a process of secure application to application communication. At 500, a shared encryption key may be used to encrypt data to be transferred from a first mobile application to a second mobile application. The shared encryption key may be used as an encryption key for symmetric key encryption approach. At 510, it may be determined (e.g., by the first mobile application) whether a suitable shared storage location exists on the device for transfer of data between the first mobile application and the second mobile application. In the event a shared storage location exists on the device (e.g., was previously generated). Para:0069 teaches at 530, the encrypted data may be provided to a shared storage location. The second mobile application may, for example, be configured to retrieve the encrypted data from the shared storage location. The data is transferred securely between the first application and the second mobile application via the shared storage location (e.g., pasteboard). In various embodiments, the encrypted data may be provided from the mobile application to the shared storage (e.g., pasteboard, secure keychain storage location, a storage location associated with an MDM framework native to the device) location as cyphertext. The second application may retrieve the cyphertext (e.g., the encrypted data) from the shared storage location and decrypt the encrypted data using the shared encryption key).
11. Regarding claims 5,11 and 17 Wagner teaches the method, the non-transitory computer-readable medium, and the mobile device, further comprising: generating, based on a determination that the symmetric key is not stored to the mobile device, the symmetric key; and storing the symmetric key to the mobile device (Para:0040, Para:0043 and Para:0065-0069 teaches storing the generated symmetric key to the mobile device).
12. Regarding claims 6,12 and 18 Wagner teaches the method, the non-transitory computer-readable medium, and the mobile device,, wherein the granting the second mobile application access to the decrypted data comprises sending the decrypted data to the second mobile application on the mobile device (Para:0065-0066 and Figs.1, 5 teaches a process of secure application to application communication. At 500, a shared encryption key may be used to encrypt data to be transferred from a first mobile application to a second mobile application. The shared encryption key may be used as an encryption key for symmetric key encryption approach. At 510, it may be determined (e.g., by the first mobile application) whether a suitable shared storage location exists on the device for transfer of data between the first mobile application and the second mobile application. In the event a shared storage location exists on the device (e.g., was previously generated). Para:0069 teaches at 530, the encrypted data may be provided to a shared storage location. The second mobile application may, for example, be configured to retrieve the encrypted data from the shared storage location. The data is transferred securely between the first application and the second mobile application via the shared storage location (e.g., pasteboard). In various embodiments, the encrypted data may be provided from the mobile application to the shared storage (e.g., pasteboard, secure keychain storage location, a storage location associated with an MDM framework native to the device) location as cyphertext. The second application may retrieve the cyphertext (e.g., the encrypted data) from the shared storage location and decrypt the encrypted data using the shared encryption key).
13. Regarding claims 19 and 20 Wagner in view of Narayanan teaches the mobile device, wherein the portion of the memory comprises at least one of secure memory or private memory (Wagner: Para:0040 and Para: 0069 teaches the encrypted data may be provided from the mobile application to the shared storage (e.g., pasteboard, secure keychain storage location, a storage location associated with an MDM framework native to the device).
Narayanan :Fig.1,Col.4, lines.57-67 teaches secure memory [secure vault 120]).
.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506. The examiner can normally be reached Mon-Fri : 7:30 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached at 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DEREENA T CATTUNGAL/Primary Examiner, Art Unit 2431