DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
Applicant's election without traverse of 1-9,16-20 in the reply filed on 06/16/26 is acknowledged.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-5, 7, are rejected under 35 U.S.C. 103 as being unpatentable over HAO (CN 101459505 A:IDS supplied) in view of TANJI(US 20200220724 A1:IDS supplied).
With regards to claim 1, 16 HAO discloses, A method, comprising: receiving, by a computing system and from a client device, a request for a key (page 2 para 10; the user equipment sending the private key generation request message to the key generation center, );
after confirming authentication of the client device, generating, by the computing system, a first key based at least in part on an identifier of the client [[device]] (Page 10 para 2; private key generation request unit 530, for sending authentication request to the bootstrapping server function unit sends the private key generation request message to the key generation center, so that the key generation centre after receiving said private key generation request message. and returning the shared key after the authentication is passed, the key generating centre generates user private key according to said private key generation request message, returning the user equipment by using the shared key encryption, a decryption unit 560 for receiving the encrypted user private key and decrypts to obtain the private key of the user. page 11 para 5; the private key generation request message is carried with the user ID, private key requirement parameter. ), wherein the first key is a temporary key (page 17 para 3; receiving valid period of said private key returned by said KGC);
encrypting, by the computing system, the first key using a shared key, the shared key including a key or key-pair that is shared between the computing system and the client device(Page 10 para 2; the key generating centre generates user private key according to said private key generation request message, returning the user equipment by using the shared key encryption, a decryption unit 560 for receiving the encrypted user private key and decrypts to obtain the private key of the user.);
and sending, by the computing system, the encrypted first key via a connection that is established between the client device and the computing system, wherein the encrypted first key, after being decrypted by the shared key (Page 10 para 2; the key generating centre generates user private key according to said private key generation request message, returning the user equipment by using the shared key encryption, a decryption unit 560 for receiving the encrypted user private key and decrypts to obtain the private key of the user.), is usable by the client device either to encrypt first data for sending over an external network via the computing system or to decrypt second data that is received over the external network via the computing system (page 11 para 8; private key application type comprises: encryption, signature, etc. different types, for example, if the user specified key application type is encrypted, the KGC can be selected which can generate private key generated by encrypting with a private key for the user algorithm. Note: by reciting “usable” applicant is not using private key, this is for intended use, therefor no rejection is rendered now ).
after receiving, from the client device, first data that has been encrypted using the first key, sending, by the computing system, the encrypted first data to one of the external network or a first network device over the external network ()
HAO does not exclusively but TANJI teaches,
generating, a first key based at least in part on an identifier of the client device (0033] an apparatus key generation unit to generate a communication apparatus key corresponding to the communication apparatus identifier using the communication apparatus identifier included in the key request, and to generate a terminal apparatus key corresponding to the terminal apparatus identifier using the terminal apparatus identifier included in the key request;). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify HAO’s method with teaching of TANJI in order to a technique for sharing a key(TANJI [0001])
With regards to claim 2, HAO further discloses, wherein the computing system includes one of a wireless access point device, a router, a server, a gateway device, or other network node (Page 10 para 2; private key generation request unit 530, for sending authentication request to the bootstrapping server function unit sends the private key generation request message to the key generation center,).
With regards to claim 3, HAO in view of TANJI teaches, wherein the identifier of the client device includes one of a media access control ("MAC") address, a serial number, a combination of model number and device number, or an Internet protocol ("IP") address (TANJI [0033] an apparatus key generation unit to generate a communication apparatus key corresponding to the communication apparatus identifier using the communication apparatus identifier includedinthe key request,into generate a terminal apparatus key correspondingtothe terminal apparatus identifier usingthe terminal apparatus identifier included in the key request; ).
With regards to claim 4, HAO in view of TANJI teaches, wherein the first data and the second data each includes at least one of textual data, numerical data, alphanumerical data, image data, video data, game data, business data, health data, or personal data (TANJI [0154] The storage unit 220 stores data such as a first manufacturer key 221, a first manufacturer identifier 222, a gateway identifier 223, and a third in-vehicle apparatus identifier 224. A content of each data will be described later. [0155] These pieces of data are major data stored in the storage unit 220. The data stored in the storage unit 220 is managed securely so as not to leak to the outside.).
With regards to claim 5, HAO further discloses, wherein confirming authentication of the client device comprises: authenticating, by the computing system, the client device; and after authenticating the client device, establishing, by the computing system, the connection between the client device and the computing system (Page 10 para 2; private key generation request unit 530, for sending authentication request to the bootstrapping server function unit sends the private key generation request message to the key generation center, so that the key generation centre after receiving said private key generation request message. and returning the shared key after the authentication is passed, the key generating centre generates user private key according to said private key generation request message,).
With regards to claim 7, HAO in view of TANJI discloses, storing, by the computing system, one of the first key or the encrypted first key in a secure key storage system of a data storage device, in association with or in relation to the client device (TANJI [0175] The second manufacturer key 321, the second manufacturer identifier 322, and the first in-vehicle apparatus identifier 323 are stored in the auxiliary storage device 203 at the time they are received or generated.) and/or the identifier of the client device, wherein the data storage device is one of a local data storage device, a remote data storage device, or a cloud storage device.
Claim(s) 6 is rejected under 35 U.S.C. 103 as being unpatentable over HAO (CN 101459505 A:IDS supplied) in view of TANJI(US 20200220724 A1:IDS supplied) and further in view of Bryska et al(US 20160019475 A1)
With regards to claim 6, HAO in view of TANJI do not but Bryska teaches, wherein the computing system includes a wireless access point device (FIG 1 132 and associated text; ), wherein the method further comprises, after authenticating the client device and prior to establishing the connection (FIG 6 606 with “Yes” and associated text; ):
generating and associating, by the wireless access point device, a first credential for and with the client device (FIG 2 208 and associated text; );
setting, by the wireless access point device, a first time-to-live ("TTL") value for the first credential, wherein the first TTL value corresponds to a first time period, during which the first credential is valid, the first time period corresponding to a duration of a first session between the client device and the wireless access point device (FIG 2 210 to 214 and associated text;);
setting, by the wireless access point device, a second TTL value for the first credential, wherein the second TTL value corresponds to a second time period, during which the first credential is valid, a start of the second time period following termination of the first time period (FIG 6 608 with “NO”); and
sending, by the wireless access point device, the first credential to the client device (FIG 2, 210 and associated text; ); wherein establishing the connection is performed after receiving the first credential from the client device, while one of the first TTL value or the second TTL value is valid (FIG 6, 608 with “Yes” and associated text;). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify HAO in view of TANJI’s method with teaching of Bryska in order to authorizing a wireless client device for secured wireless access (Bryska [0003]).
Claim(s) 8, is rejected under 35 U.S.C. 103 as being unpatentable over HAO (CN 101459505 A:IDS supplied) in view of TANJI(US 20200220724 A1:IDS supplied) and further in view of Khatri et al(US 20230239280 A1)
With regards to claim 8, HAO in view of TANJI do not but Khatri teaches, in response to a determination or an indication that the client device has either lost connection to the computing system or lost power, causing, by the computing system, the first key to be invalidated or to expire (0012] In general, embodiments of the invention relate to a method and system for managing a storage system. Currently there are a few methods to manage drives by hardware resource manager. In one or more embodiments, the hardware resource manager stores key storage policies that specify whether a security key is to be stored. The security key may be obtained from a key management service (KMS), which may be an external entity that manages the security keys used to either secure (e.g., prevent access to) data in the storage devices of the storage system or to access (e.g., unlock) the data. The hardware resource manager may be, for example, a baseboard management controller (BMC), which in turn use the key(s) to protect the SEDs connected to it. The protection may be performed using encryption algorithms applied to the data in the SEDs. The key storage policy may specify policies for obtaining the security key and determining whether to store the security key for future use and/or when to delete the security key. The key storage policy may be determined by an administrator of the storage system. [0013] Embodiments of the invention include a method for initiating a boot-up of the hardware resource manager to determine whether communication with the KMS is intact. The hardware resource manager may further utilize key purge policies to determine a period of time, after a lost connection to the KMS, for storing the security key before deleting it (or purging it). The key purge policies may specify the time period as a combination of a synchronized real-time timer and a count-down timer. The synchronized real-time timer may utilize a point in time (e.g., a date and time) to determine when to purge the security key. Further, a count-down timer may initiate a specified period of time that counts down in response to detecting the lost connection.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify HAO in view of TANJI’s method with teaching of Khatri in order to provide insurance in such a way that an adversary cannot steal the data even if they get access to the drives (Khatri [0001]).
Claim(s) 9, 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over HAO (CN 101459505 A:IDS supplied) in view of TANJI(US 20200220724 A1:IDS supplied) and further in view of Zhang et al(CN 113747431 A).
With regards to claim 9 HAO in view of TANJI do not but ZHANG teaches, further comprising one of:
after receiving, from the client device, the first data that has been encrypted using the first key, sending, by the computing system, the encrypted first data to one of the external network or a first network device over the external network, wherein the first key includes one of an encryption key or a symmetric key (Page 9 para3/claim 8; wherein the user authentication is passed, the mobile device encrypts the device data, and the encrypted device data is transmitted to the cloud protection centre, comprising the following steps: the user authentication, the authentication server using international data encryption algorithm to generate the first key, and the first key broadcast to the current mobile device through the broadcast server; the current mobile device using the first key to encrypt the device data to obtain the encrypted device data, the first key as the attachment of the device data after encryption; the current mobile device passes through the firewall to the encrypted device data is transmitted to the broadcast server of the cloud protection centre.); or
after receiving, from one of the external network or a second network device over the external network, the second data, encrypting, by the computing system, the second data using a second key, and sending, by the computing system, the encrypted second data to the client device, wherein the first key is used to decrypt the encrypted second data, wherein the first key includes one of a decryption key or the symmetric key. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify HAO in view of TANJI’s method with teaching of ZHANG in order to provide data protection in cloud (ZHANG abstract).
With regards to claim 16 HAO discloses, A method, comprising: receiving, by a computing system and from a client device, a request for a key (page 2 para 10; the user equipment sending the private key generation request message to the key generation center, );
after confirming authentication of the client device, generating, by the computing system, a first key based at least in part on an identifier of the client [[device]] (Page 10 para 2; private key generation request unit 530, for sending authentication request to the bootstrapping server function unit sends the private key generation request message to the key generation center, so that the key generation centre after receiving said private key generation request message. and returning the shared key after the authentication is passed, the key generating centre generates user private key according to said private key generation request message, returning the user equipment by using the shared key encryption, a decryption unit 560 for receiving the encrypted user private key and decrypts to obtain the private key of the user. page 11 para 5; the private key generation request message is carried with the user ID, private key requirement parameter. ), wherein the first key is a temporary key (page 17 para 3; receiving valid period of said private key returned by said KGC);
encrypting, by the computing system, the first key using a shared key, the shared key including a key or key-pair that is shared between the computing system and the client device(Page 10 para 2; the key generating centre generates user private key according to said private key generation request message, returning the user equipment by using the shared key encryption, a decryption unit 560 for receiving the encrypted user private key and decrypts to obtain the private key of the user.);
sending, by the computing system, the encrypted first key via a connection that is established between the client device and the computing system; and (Page 10 para 2; the key generating centre generates user private key according to said private key generation request message, returning the user equipment by using the shared key encryption, a decryption unit 560 for receiving the encrypted user private key and decrypts to obtain the private key of the user.),
HAO does not exclusively but TANJI teaches,
generating, a first key based at least in part on an identifier of the client device (0033] an apparatus key generation unit to generate a communication apparatus key corresponding to the communication apparatus identifier using the communication apparatus identifier included in the key request, and to generate a terminal apparatus key corresponding to the terminal apparatus identifier using the terminal apparatus identifier included in the key request;). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify HAO’s method with teaching of TANJI in order to a technique for sharing a key(TANJI [0001])
HAO in view of TANJI do not but ZHANG teaches
after receiving, from the client device, first data that has been encrypted using the first key, sending, by the computing system, the encrypted first data to one of the external network or a first network device over the external network (Page 9 para3/claim 8; wherein the user authentication is passed, the mobile device encrypts the device data, and the encrypted device data is transmitted to the cloud protection centre, comprising the following steps: the user authentication, the authentication server using international data encryption algorithm to generate the first key, and the first key broadcast to the current mobile device through the broadcast server; the current mobile device using the first key to encrypt the device data to obtain the encrypted device data, the first key as the attachment of the device data after encryption; the current mobile device passes through the firewall to the encrypted device data is transmitted to the broadcast server of the cloud protection centre). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify HAO in view of TANJI’s method with teaching of ZHANG in order to provide data protection in cloud (ZHANG abstract).
With regards to claim 17, HAO in view of TANJI teaches, wherein the identifier of the client device includes one of a media access control ("MAC") address, a serial number, a combination of model number and device number, or an Internet protocol ("IP") address (TANJI [0033] an apparatus key generation unit to generate a communication apparatus key corresponding to the communication apparatus identifier using the communication apparatus identifier includedinthe key request,into generate a terminal apparatus key correspondingtothe terminal apparatus identifier usingthe terminal apparatus identifier included in the key request; ).
With regards to claim 18, HAO in view of TANJI teaches, wherein the first data and the second data each includes at least one of textual data, numerical data, alphanumerical data, image data, video data, game data, business data, health data, or personal data (TANJI [0154] The storage unit 220 stores data such as a first manufacturer key 221, a first manufacturer identifier 222, a gateway identifier 223, and a third in-vehicle apparatus identifier 224. A content of each data will be described later. [0155] These pieces of data are major data stored in the storage unit 220. The data stored in the storage unit 220 is managed securely so as not to leak to the outside.).
With regards to claim 19, HAO in view of TANJI discloses, storing, by the computing system, one of the first key or the encrypted first key in a secure key storage system of a data storage device, in association with or in relation to the client device (TANJI [0175] The second manufacturer key 321, the second manufacturer identifier 322, and the first in-vehicle apparatus identifier 323 are stored in the auxiliary storage device 203 at the time they are received or generated.) and/or the identifier of the client device, wherein the data storage device is one of a local data storage device, a remote data storage device, or a cloud storage device.
Claim(s) 20 is rejected under 35 U.S.C. 103 as being unpatentable over HAO (CN 101459505 A:IDS supplied) in view of TANJI(US 20200220724 A1:IDS supplied) and further in view of Zhang et al(CN 113747431 A) and further in view of Khatri et al(US 20230239280 A1)
With regards to claim 20, HAO in view of TANJI and ZHANG do not but Khatri teaches, in response to a determination or an indication that the client device has either lost connection to the computing system or lost power, causing, by the computing system, the first key to be invalidated or to expire (0012] In general, embodiments of the invention relate to a method and system for managing a storage system. Currently there are a few methods to manage drives by hardware resource manager. In one or more embodiments, the hardware resource manager stores key storage policies that specify whether a security key is to be stored. The security key may be obtained from a key management service (KMS), which may be an external entity that manages the security keys used to either secure (e.g., prevent access to) data in the storage devices of the storage system or to access (e.g., unlock) the data. The hardware resource manager may be, for example, a baseboard management controller (BMC), which in turn use the key(s) to protect the SEDs connected to it. The protection may be performed using encryption algorithms applied to the data in the SEDs. The key storage policy may specify policies for obtaining the security key and determining whether to store the security key for future use and/or when to delete the security key. The key storage policy may be determined by an administrator of the storage system. [0013] Embodiments of the invention include a method for initiating a boot-up of the hardware resource manager to determine whether communication with the KMS is intact. The hardware resource manager may further utilize key purge policies to determine a period of time, after a lost connection to the KMS, for storing the security key before deleting it (or purging it). The key purge policies may specify the time period as a combination of a synchronized real-time timer and a count-down timer. The synchronized real-time timer may utilize a point in time (e.g., a date and time) to determine when to purge the security key. Further, a count-down timer may initiate a specified period of time that counts down in response to detecting the lost connection.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify HAO in view of TANJI and ZHANG’s method with teaching of Khatri in order to provide insurance in such a way that an adversary cannot steal the data even if they get access to the drives (Khatri [0001]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 12244695 B2, US 20250030672 A1
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987. The examiner can normally be reached 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached at 1-571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498