DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the application filed on 11/11/2024.
Claims 1-14 are currently pending in this application.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/11/2024 was filed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Examiner’s Note
Applicants are suggested to include information from figures 5 and 6 with related text into the claims to provide a better condition for an allowance.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B) CONCLUSION. —The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claims 1-14 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
Claim 1 (claim 12 includes similar limitations) recites:
“A method of securely storing critical information … generating … access control request information … authenticating … the at least one application program … processing … the access control request information …”, however, it is not clear whether the claimed functions, such as generating, authenticating and processing have any relationship with securely storing critical information or not – or omitting necessary step/component which cause the limitations unclear;
“… generating, by a host, access control request information for requesting control of access to … when the at least one application program is executed …”, however, it is not clear (1) whether the control of access is performed/executed by the at least one application program or not;
“… processing … the access control request information according to a result of the authentication”, however, it is not clear whether the access control request information (e.g., time of the request) – not “an access control request” – is processed or not – or it is not clear to define a boundary of the limitations.
Claims 2-11, 13 and 14 depend from the claim 1 or 12, and are analyzed and rejected accordingly.
Claim 2 recites “… establish a communication connection therebetween through a communication means”, however, it is not clear what the term, a communication means” is referred to (note: if the applicant intends to use “means plus function” interpretation, suggested to use a proper format.
Claim 3 recites “… authenticating the management unit, whether or not a request … is effective, using an access table having information associated with the secure data piece”, however, it is not clear (1) whether the information of the access table includes any information about the management unit to process the authentication – or omitting necessary step/component which causes the limitations unclear; (2) whether the request is effective is the result of authenticating the management unit or not.
Claim 4 recites “… renewing … the access table when a change to the at least one application program is made”, however, it is not clear whether the access table having information associated with the secure data piece (see the claim 3) has any relationship with the (change of) at least one application program.
Claim 9 recites:
“… the authenticating by the security module comprises: checking … whether or not update information is an effective electronic signature, using a public key that is stored in the storage region …”, however, it is not clear (1) how to define the effective electronic signature (e.g., whether the signature is effective or not); (2) how to check the update information using the public key – omitting necessary step/component which cause the limitations unclear;
“… updating … authority information within the storage region or transmitting … an error return message …”, however, it is not clear whether “authority information” is the as “effective electronic signature” or not – it is not clear to define a boundary of the limitations.
Claim 10 recites “… the public key is pre-provisioned from the outside and is stored in the storage region”, however, it is not clear (1) whether processes from the outside is the outside of the storage region or the security module; (2) the term “the outside” has an antecedent basis issue (e.g., not defining outside before).
Claim 11 recites “… only for an application program that successfully passes the authentication among the application programs”, however, it is not clear (1) whether “an application program” has any relationship (e.g., the same or difference) with “the at least one application program” or not; (2) the term, “the application programs”, has an antecedent basis issue.
Claim 12 recites “… detecting … counterfeit or falsification of the at least one application program …”, however, it is not clear how to detect the application program is counterfeit (e.g., fake) or falsification (e.g., the act of deliberately lying) – it is not clear to define a boundary of the limitations.
Claim 13 recites “… pre-generating … MAC information for identification, based on a pre-provisioned private key, using a data piece corresponding to a size associated with a specific address range of the at least one application program”, however, it is not clear (1) whether the MAC information (of the security module or the host) is pre-generated or not (e.g., the standard MAC information according to IEEE 802 standard); (2) how the MAC information is pre-generated based on a private key and using size of the address range – omitting necessary step/component which cause the limitations unclear.
Claim 14 recites “… detecting is performed by comparing address information … and MAC information …”, however, it is not clear how detecting according to the access control request information (see the claim 12) can be comparing of address information and pre-generated MAC information (see the claim 13) – or omitting necessary step/component which cause the limitations unclear.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-8, 11 and 12 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Shepard et al. (US 9,635,028 B2).
As per claim 1, Shepard teaches a method of securely storing critical information, the method comprising:
generating, by a host, access control request information for requesting control of access to a secure data piece associated with at least one application program when the at least one application program is executed [fig. 1; col. 1, lines 61-67; col. 2, lines 1-6; col. 3, lines 63-67; claim 1, lines 1-11 of Shepard teaches generating, by a host (e.g., the operating system of the first computing/user device), access control request information (e.g., the information included in the request) for requesting control of access to a secure data piece (e.g., the second request for accessing the set of data) associated with at least one application program (e.g., the client application) when the at least one application program is executed];
authenticating, by a security module, the at least one application program according to the access control request information; and processing, by the security module, the access control request information according to a result of the authenticating [fig. 1; col. 2, lines 6-16; col. 4, lines 63-67; col. 5, lines 1-9; claim 1, lines 15-22 of Shepard teaches authenticating, by a security module (e.g., the data manager), the at least one application program according to the access control request information (e.g., the information included in the request, such as the application identifier, the developer identifier, the access type, etc.); and processing, by the security module, the access control request information (e.g., granting or denying the request) according to a result of the authenticating].
As per claim 2, Shepard teaches the method of claim 1.
Shepard further teaches wherein the host and the security module are physically or logically separated from each other, and establish a communication connection therebetween through a communication means [figs. 1-3; col. 3, lines 13-42; col. 4, lines 48-62; col. 9, lines 41-67; col. 10, lines 1-6 of Shepard teaches wherein the host (e.g., the first computing/user device) and the security module (e.g., the remote host or the data manager of the second computing device) are physically or logically separated from each other, and establish a communication connection therebetween through a communication means (e.g., the communication between the first computing device and the second computing device)].
As per claim 3, Shepard teaches the method of claim 1.
Shepard further teaches wherein the authenticating by the security module comprises: receiving, by a management unit of the security module, the access control request information; and authenticating the management unit, whether or not a request for control of access to the secure data piece that is stored in a storage region is effective, using an access table having information associated with the secure data piece [figs. 1, 2; col. 4, lines 63-67; col. 5, lines 1-9; claim 1, lines 1-11 of Shepard teaches receiving, by a management unit of the security module (e.g., a component or data manager of the remote host), the access control request information (e.g., the information included in the request, such as the application identifier, the developer identifier, etc.); and authenticating the management unit, whether or not a request for control of access to the secure data piece that is stored in a storage region (e.g., the portion/set of data stored at the remote host) is effective, using an access table (e.g., the record of all client applications that have access to the user data) having information associated with the secure data piece].
As per claim 4, Shepard teaches the method of claim 3.
Shepard further teaches wherein the authenticating by the security module comprises: renewing, by the management unit, the access table when a change to the at least one application program is made [figs. 1, 2; col. 5, lines 25-31; col. 6, lines 11-14, 29-43 of Shepard teaches renewing (e.g., modifying), by the management unit (e.g., the data manager), the access table (e.g., the setup option or the setting) when a change to the at least one application program is made (e.g., according to the specification previously made by the user regarding access to the user’s information)].
As per claim 5, Shepard teaches the method of claim 3.
Shepard further teaches wherein the storage region is a separate storage space provided within the security module in such a manner that the host does not have direct access thereto [figs. 1, 2; col. 4, lines 35-48 of Shepard teaches wherein the storage region is a separate storage space provided within the security module (e.g., the data stored in the remote host) in such a manner that the host does not have direct access thereto (e.g., the operating system of the user device does not have access to the user data so that it sends a request to the data manager on behalf of the requesting client application)].
As per claim 6, Shepard teaches the method of claim 5.
Shepard further teaches wherein the authenticating is performed based on address information of the at least one application program [figs. 1, 2; col. 4, lines 63-67; col. 5, lines 1-9 of Shepard teaches wherein the authenticating is performed based on address information (e.g., the application identifier) of the at least one application program].
As per claim 7, Shepard teaches the method of claim 6.
Shepard further teaches wherein the authenticating is performed by comparing address information of the at least one application program and address information stored in the access table with each other [figs. 1, 2; col. 4, lines 63-67; col. 5, lines 1-9 of Shepard teaches wherein the authenticating is performed by comparing address information of the at least one application program (e.g., the identifier of the requesting client application) and address information stored in the access table (e.g., the maintained record of all client applications that have access to the data) with each other].
As per claim 8, Shepard teaches the method of claim 7.
Shepard further teaches wherein the address information has a unique value that is distinguishable according to the at least one application program [col. 4, lines 63-67; col. 5, lines 1-9 of Shepard teaches wherein the address information (e.g., the application identifier) has a unique value that is distinguishable according to the at least one application program (e.g., the identifier of the requesting client application).
As per claim 11, Shepard teaches the method of claim 1.
Shepard further teaches wherein in the processing by the security module, according to a result of the authenticating, the security module processes the access control request information only for an application program that successfully passes the authentication among the application programs [col. 5, lines 1-44 of Shepard teaches wherein in the processing by the security module, according to a result of the authenticating, the security module processes the access control request information only for an application program that successfully passes the authentication among the application programs (e.g., the client applications other than the requesting client application installed on user device cannot use the access token or accessing the granted user data)].
As per claim 12, Shepard teaches a method of securely storing critical information, the method comprising:
generating, by a host, access control request information for requesting control of access to a secure data piece associated with at least one application program when the at least one application program is executed [fig. 1; col. 1, lines 61-67; col. 2, lines 1-6; col. 3, lines 63-67; claim 1, lines 1-11 of Shepard teaches generating, by a host (e.g., the operating system of the first computing/user device), access control request information (e.g., the information included in the request) for requesting control of access to a secure data piece (e.g., the second request for accessing the set of data) associated with at least one application program (e.g., the client application) when the at least one application program is executed];
detecting, by a security module, counterfeit or falsification of the at least one application program according to the access control request information; authenticating, by a security module, the at least one application program according to a result of the detecting; and processing, by the security module, the access control request information according to a result of the authenticating [fig. 1; col. 2, lines 6-16; col. 4, lines 41-67; col. 5, lines 1-9; claim 1, lines 15-22 of Shepard teaches detecting, by a security module (e.g., the data manager), counterfeit or falsification of the at least one application program (e.g., the client application associated with the user identifier and the client-side digital certificate associated with the SSL connection) according to the access control request information; authenticating, by a security module (e.g., the data manager), the at least one application program according to a result of the detection (e.g., the information included in the request, such as the application identifier, the developer identifier, the user identifier according to the request, etc.); and processing, by the security module, the access control request information (e.g., granting or denying the request) according to a result of the authenticating].
Allowable Subject Matter
Claims 9, 10, 13 and 14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and amended to overcome the 112(b) rejections stated above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845. The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MAUNG T LWIN/Primary Examiner, Art Unit 2495
Prosecution Insights