DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the application filed on 11/22/2024.
Claims 1-20 are currently pending in this application.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-5, 8-15, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Melton et al. US 20170048221 hereinafter referred to as Melton in view of Barton et al. US 20140108794 hereinafter referred to as Barton.
As per claim 1, Melton teaches a system for mobile application encryption, comprising: a mobile device having at least a sensor; and a mobile application executable on the mobile device, the mobile application, upon execution, programmed to (Melton [FIG.1], [0022-0024]: secure storage application executes on mobile device):
retrieve sensor data of the mobile device through the at least a sensor (Melton [Clm. 1], [FIG. 3], [0032], [0035]: capture module captures sensitive data from sensors on a mobile device including camera, microphone, and input devices, see e.g., “capture the sensitive data from a sensor on a device”);
bypassing interaction with any default applications of the mobile device, the sensor data inaccessible to a default application of the mobile device (Melton [Clm. 1], [Abstract], [0036]: bypass storage mechanisms – interaction, and data is inaccessible to default applications, see e.g., “bypass storing the captured sensitive data in any non-volatile memory in the device and streams the captured sensitive data to the service from the sensor”);
and wherein the secure data file is hidden from any of the default applications of the mobile device (Melton [0036]: skipping the non-volatile memory like hard drives or SD cards where apps search for data, so the data remains hidden – also is directly streamed, so it is not stored locally, see e.g., “a streaming module bypasses storing the captured sensitive data in any non-volatile memory device in the device and streams the captured sensitive data to the service from the sensor”).
Melton does not explicitly teach generate a secure data file within the mobile application, the secure data file configured to receive the sensor data, transfer the sensor data directly into the secure data file, and store the sensor data within the secure data file of the mobile application.
Barton teaches generate a secure data file within the mobile application, the secure data file configured to receive the sensor data (Barton [0116]: generation/provision of a secure vault where the vault is configured to receive application data which includes sensor data, see e.g., “provide an encrypted data vault also referred variously herein as a secure container, container, data vault, vault or private data vault for use with… one or more managed applications of a mobile device… encrypted data vault can be considered a logical interface into which any or all persistent data read/written by a mobile application”),
transfer the sensor data directly into the secure data file (Barton [0133]: mechanism where sensor data or any application data can be transferred to a secure file by intercepting file system API calls),
and store the sensor data within the secure data file of the mobile application (Barton [0160-0161]: when data is to be stored in a container, the mobile device encrypts the data and stores the encrypted data within the container, see e.g., “the mobile device may store the data, which is now encrypted, within a container”).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Melton of a secure storage application that bypasses interaction with default applications to allow the sensor and secured data to remain inaccessible and hidden with the teaches of Barton to include generating a secure data file, transferring the sensor data into the secured data file, and storing the sensor data within the secure data file in order to provide a secure local storage destination for captured sensor data (Barton [0116]), ensure captured sensor data remains protected and isolated from unauthorized applications on the device (Barton [0145]), and maintain confidentiality of stored data (Barton [0094], [0116]).
As per claim 2, Melton in view of Barton teaches the apparatus of claim 1, wherein the mobile application is a camera application (Melton [FIG. 3], [0032], [0035]: secure storage application described as functioning as a camera application, where the capture module uses the device’s camera sensor to capture photos, videos, and audios).
As per claim 3, Melton in view of Barton teaches the apparatus of claim 1.
Melton does not explicitly teach wherein an operating system of the mobile device is unaware of the sensor data of the secure data file.
Barton teaches wherein an operating system of the mobile device is unaware of the sensor data of the secure data file (Barton [0116], [0139]: data inside encrypted value is made unaware to the OS, all file contents and metadata are encrypted).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Melton of a secure storage application with the teachings of Barton to include the operating system (OS) being unaware of the sensor data of the secure data file in order to prevent the OS from indexing or exposing the sensor data to other applications through other OS services (Barton [0116], [0133], [0139]).
As per claim 4, Melton in view of Barton teaches the apparatus of claim 1, wherein the sensor data includes a video, photograph, audio recording, or combination thereof (Melton [0035]: sensor data can be photos, videos, or audios, see e.g., “the sensitive data can be a photo, video, or an audio”).
As per claim 5, Melton in view of Barton teaches the apparatus of claim 1.
Melton teaches wherein the mobile application is further configured to determine metadata relating to the sensor data (Melton [0037]: indicates event information which constitutes metadata relating to sensitive data and sends the metadata to a file header, storing directly within or associated with a file, see e.g., “sends event information to the service in a file header for grouping the captured sensitive data based on the event information… sensitive information can have event information included in the file header of the sensitive data stream”).
Melton does not explicitly teach store the metadata in the secure data file.
Barton teaches store the metadata in the secure data file (Barton [0116]: encrypted vault stores files and file metadata, see e.g., “the contents of all files and the file metadata itself name, size, access times, etc. may be all encrypted”).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Melton to determine metadata relating to the sensor data with the teachings of Barton to include storing the metadata in the secure data file in order to protect the metadata from revealing information about the sensor data to unauthorized parties or applications (Barton [0116]).
As per claim 8, Melton in view of Barton teaches the apparatus of claim 1.
Melton does not explicitly teach wherein the secure data file is inaccessible to a user of the mobile device.
Barton teaches wherein the secure data file is inaccessible to a user of the mobile device (Barton [0149]: user prevented from extracting data, see e.g., “can be programmed to prevent a user from copying data and pasting it into another file or application interface, or locally saving the data as a new file outside of the container”).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Melton of a secure storage application with the teachings of Barton to include the secure data file being inaccessible to a user of the mobile device in order to prevent the user from extracting, copying, or saving the sensor data outside of the secure data file (Barton [0149]).
As per claim 9, Melton in view of Barton teaches the apparatus of claim 1.
Melton teaches wherein the mobile application is further programmed to retrieve the sensor data simultaneously (Melton [0033-0039]: credential module authenticates, then capture and streaming – can occur simultaneously, etc., however, blocks can be executed in any order, see e.g., “process flow diagram is not intended to indicate that the blocks of the method 300 are to be executed in any particular order, or that all of the blocks are to be included in every case”).
Melton does not explicitly teach wherein the mobile application is further programmed to generate the secure data file and retrieve the sensor data simultaneously.
Barton teaches wherein the mobile application is further programmed to generate the secure data file (Barton [FIG. 10, steps 1001-1007], [0137], [0174], [0179]: vault/container configured during managed application setup before capture).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Melton of sensor data retrieval and secure destination initiation occurring simultaneously with the teachings of Barton to include generating local encrypted vaults in order to generate a secure data file simultaneously with retrieving sensor data because it is the most resource-efficient as there are only three logical timing options: before, simultaneously, or after.
As per claim 10, Melton in view of Barton teaches the apparatus of claim 1.
Melton does not explicitly teach wherein the mobile application is further programmed to generate the secure data file before retrieving the sensor data.
Barton teaches wherein the mobile application is further programmed to generate the secure data file before retrieving the sensor data (Barton [FIG. 10, steps 1001-1007], [0137], [0174], [0179]: vault/container configured during managed application setup before any data capture and container must exist before any read/write operations redirected to it, see e.g., “If a configured data vault does not already exist, a new empty vault is initialized”).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Melton of a secure storage application to include the teachings of Barton to include generating a secure data file before retrieving the sensor data in order to ensure that the encrypted secure container is fully initialized and ready to prevent any data loss of exposure of unencrypted data (Barton [0137]).
As per claim 11, the claim discloses a method corresponding to the apparatus claim 1 above, and they are rejected, at least for the same reasons.
As per claim 12, the claim discloses a method corresponding to the apparatus claim 2 above, and they are rejected, at least for the same reasons.
As per claim 13, the claim discloses a method corresponding to the apparatus claim 3 above, and they are rejected, at least for the same reasons.
As per claim 14, the claim discloses a method corresponding to the apparatus claim 4 above, and they are rejected, at least for the same reasons.
As per claim 15, the claim discloses a method corresponding to the apparatus claim 5 above, and they are rejected, at least for the same reasons.
As per claim 18, the claim discloses a method corresponding to the apparatus claim 8 above, and they are rejected, at least for the same reasons.
As per claim 19, the claim discloses a method corresponding to the apparatus claim 9 above, and they are rejected, at least for the same reasons.
As per claim 20, the claim discloses a method corresponding to the apparatus claim 10 above, and they are rejected, at least for the same reasons.
Claims 6-7 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Melton in view of Barton, and in further view of Mukherjee et al. US 20250148109 hereinafter referred to as Mukherjee.
As per claim 6, Melton in view of Barton teach the apparatus of claim 1.
Melton in view of Barton teaches wherein the mobile application is further configured to provide one or more user options to a user (Melton [0033-0039]: describes modules where the user interacts with the application – credential module, quality module, sharing module, etc.).
Melton in view of Barton does not explicitly teach wherein the mobile application is further configured to provide one or more user options to a user through a graphical user interface (GUI).
Mukherjee teaches wherein the mobile application is further configured to provide one or more user options to a user through a graphical user interface (GUI) (Mukherjee [0020]: a graphical user interface (GUI) as a user interface that allows for input/output and providing user options, see e.g., “the user interface includes a graphical user interface (GUI)… the user interface typically employs certain input and output devices such as a display... touchpad, touch screen... and/or other user input/output device for communicating with one or more users").
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Melton in view of Barton of providing one or more user options to a user with the teachings of Mukherjee to include one or more user options to a user through a graphical user interface (GUI) in order to provide the user with an interface for interacting with the mobile application (Mukherjee [0020]).
As per claim 7, Melton in view of Barton and Mukherjee teach the apparatus of claim 6, wherein the mobile application is further configured to activate the at least a sensor of the mobile device in response to user input received through the GUI (Melton [0024], [0035], [0050], [0057]: activates device sensors to capture sensitive data in response to input via touch on a touch screen – user is interacting directly with GUI components to trigger the actions, see e.g., “mobile device 102 can detect user input or a user gesture indicating that sensitive data… is to be captured. For example, the user may touch one or more on-screen buttons on the mobile device 102 or push a hardware shutter on the mobile device 102 to perform a capture of the sensitive data… the capture module can capture the sensitive data in response to receiving an input such as a touch on a touch screen”; Mukherjee [0020]: GUI).
As per claim 16, the claim discloses a method corresponding to the apparatus claim 6 above, and they are rejected, at least for the same reasons.
As per claim 17, the claim discloses a method corresponding to the apparatus claim 7 above, and they are rejected, at least for the same reasons.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CAROLINE HOANG-ANH NGUYEN whose telephone number is (571)272-8309. The examiner can normally be reached Monday-Thursday 7am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CAROLINE HOANG-ANH NGUYEN/Examiner, Art Unit 2495
/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495