Detailed Action
This is a Non-final Office action in response to communications received on 12/13/2024. Claims 1-8 are pending and are examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Drawings
The drawings, filed 12/13/2024, are acknowledged.
Foreign Priority
The foreign priority date of 1/10/2024 is acknowledged.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Regarding claims 1, 7 and 8, the claims recite “perform a process for providing a plurality of choices for an algorithm used for cryptographic communication” and “causing the application to set an algorithm selected in response to the provision as settings of communication with the network device”. It is unclear that these algorithms are the same or distinct. If it is to refer to the same algorithm selected, the second limitation should recite “causing the application to set the algorithm selected in response to the provision as settings of communication with the network device”.
Claims 2-6 depend on claim 1, inheriting the same deficiencies and are likewise similarly rejected.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-8 are rejected under 35 U.S.C. 103 as being unpatentable over Andrew (US 20020019935 A1), in view of Baptist (US 20170034273 A1).
Regarding claim 1, Andrew teaches the limitations of claim 1 substantially as follows:
An information processing apparatus in which an application for managing information of a network device and an operating system are executed, the information processing apparatus comprising: one or more memories storing instructions, and one or more processors capable of executing the instructions causing the information processing apparatus to: (Andrew; [0032]: the computer system includes a processor connected to a memory having an operating system)
cause the application to perform a process for providing a plurality of choices for an algorithm used for cryptographic communication; and (Andrew; [0074]: the user is able to choose from among available algorithms to select an algorithm having greater or less security (i.e., providing a plurality of choices for an algorithm used for cryptographic communication))
cause the application to set an algorithm selected in response to the provision as settings of communication with the network device, (Andrew; [0075]: the user (or an administrator) can choose a given encryption/decryption algorithm for all files by default, on a per-file or per-directory basis, and so on. (i.e., set an algorithm selected in response to the provision as settings of communication with the network device) Once saved, information stored with the encrypted file can identify which algorithm was used to encrypt the data)
Andrew does not teach the limitations of claim 1 as follows:
wherein a combination of the plurality of choices provided in the process by the application differs between when the operating system is not operating in an FIPS 140 mode and when the operating system is operating in the FIPS 140 mode of FIPS 140-3.
However, in the same field of endeavor, Baptist discloses the limitations of claim 1 as follows:
wherein a combination of the plurality of choices provided in the process by the application differs between when the operating system is not operating in an FIPS 140 mode and when the operating system is operating in the FIPS 140 mode of FIPS 140-3. (Baptist; [0033]: the selection of the algorithm may be based on which is most optimized for the computing architecture used by the DST execution unit to perform the encoding. At other times, external policies, such as compliance with certain regulations may drive which algorithms are used, for example, when running in a FIPS-140-2 complaint mode, certain hash functions may be mandated over others (i.e., a combination of the plurality of choices provided in the process by the application differs between when the operating system is not operating in an FIPS 140 mode and when the operating system is operating in the FIPS 140 mode of FIPS 140-3))
Baptist is combinable with Andrew because all are from the same field of endeavor of encryption algorithm selection. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Andrew to incorporate operating mode compliant encryption algorithm selection as in Baptist in order to improve the system by restricting available encryption algorithms to those which are compliant with the mode of operation for predictable results.
Regarding claim 2, Andrew and Baptist teach the limitations of claim 1.
Andrew and Baptist teach the limitations of claim 2 as follows:
The information processing apparatus according to claim 1, wherein the plurality of choices provided in the process by the application does not include SHA1 when the operating system is operating in the FIPS 140 mode of FIPS 140-3, and wherein the plurality of choices provided in the process by the application includes SHA1 when the operating system is not operating in the FIPS 140 mode of FIPS 140-3. (Andrew; [0078]: A preferred FIPS cryptographic module runs as a kernel mode export driver and encapsulates several different cryptographic algorithms in a cryptographic module that is accessible by other kernel mode drivers and can be linked into other kernel mode services (e.g., to permit the use of FIPS 140-1 Level 1 compliant cryptography) (i.e., FIPS compliance of cryptographic algorithms depending on FIPS level))
Regarding claim 3, Andrew and Baptist teach the limitations of claim 2.
Andrew and Baptist teach the limitations of claim 3 as follows:
The information processing apparatus according to claim 2, wherein the plurality of choices provided in the process by the application includes at least two of SHA2-256, SHA2-384, and SHA2-512 when the operating system is operating in the FIPS 140 mode of FIPS 140-3. (Andrew; [0078]: A preferred FIPS cryptographic module runs as a kernel mode export driver and encapsulates several different cryptographic algorithms in a cryptographic module that is accessible by other kernel mode drivers and can be linked into other kernel mode services (e.g., to permit the use of FIPS 140-1 Level 1 compliant cryptography) (i.e., FIPS compliance of cryptographic algorithms depending on FIPS level and selection of stronger/weaker encryption algorithms))
Regarding claim 4, Andrew and Baptist teach the limitations of claim 1.
Andrew and Baptist teach the limitations of claim 4 as follows:
The information processing apparatus according to claim 1, wherein the case in which the operating system is not operating in the FIPS 140 mode of FIPS 140-3 includes a case in which the operating system is operating in the FIPS 140 mode of FIPS 140-2. (Andrew; [0078]: A preferred FIPS cryptographic module runs as a kernel mode export driver and encapsulates several different cryptographic algorithms in a cryptographic module that is accessible by other kernel mode drivers and can be linked into other kernel mode services (e.g., to permit the use of FIPS 140-1 Level 1 compliant cryptography) (i.e., permit use of different FIPS levels))
Regarding claim 5, Andrew and Baptist teach the limitations of claim 4.
Andrew and Baptist teach the limitations of claim 5 as follows:
The information processing apparatus according to claim 4, wherein the plurality of choices provided in the process by the application includes at least one of SHA2-256, SHA2-384, and SHA2-512 in addition to SHA1 when the operating system is operating in the FIPS 140 mode of FIPS 140-2. (Andrew; [0078]: A preferred FIPS cryptographic module runs as a kernel mode export driver and encapsulates several different cryptographic algorithms in a cryptographic module that is accessible by other kernel mode drivers and can be linked into other kernel mode services (e.g., to permit the use of FIPS 140-1 Level 1 compliant cryptography) (i.e., FIPS compliance of cryptographic algorithms depending on FIPS level and selection of stronger/weaker encryption algorithms))
Regarding claim 6, Andrew and Baptist teach the limitations of claim 1.
Andrew and Baptist teach the limitations of claim 6 as follows:
The information processing apparatus according to claim 1, wherein the instructions further cause the information processing apparatus to cause the application to determine whether the operating system is operating in the FIPS 140 mode of FIPS 140-3, and wherein it is determined that the operating system is operating in the FIPS 140 mode of FIPS 140-3 when an exception occurs at the time of performing a process of a predetermined algorithm using a library of the operating system. (Baptist; [0033]: external policies, such as compliance with certain regulations may drive which algorithms are used (i.e., appropriate algorithms are enforced based on the mode of compliance))
The same motivation to combine as in claim 1 is applicable to the instant claim.
Regarding claim 7, Andrew teaches the limitations of claim 7 substantially as follows:
A method that is performed by an information processing apparatus in which an application for managing information of a network device and an operating system are executed, the method comprising: (Andrew; [0032]: the computer system includes a processor connected to a memory having an operating system)
causing the application to perform a process for providing a plurality of choices for an algorithm used for cryptographic communication; and (Andrew; [0074]: the user is able to choose from among available algorithms to select an algorithm having greater or less security (i.e., providing a plurality of choices for an algorithm used for cryptographic communication))
causing the application to set an algorithm selected in response to the provision as settings of communication with the network device, (Andrew; [0075]: the user (or an administrator) can choose a given encryption/decryption algorithm for all files by default, on a per-file or per-directory basis, and so on. (i.e., set an algorithm selected in response to the provision as settings of communication with the network device) Once saved, information stored with the encrypted file can identify which algorithm was used to encrypt the data)
Andrew does not teach the limitations of claim 7 as follows:
wherein a combination of the plurality of choices provided in the process by the application differs between when the operating system is not operating in an FIPS 140 mode and when the operating system is operating in the FIPS 140 mode of FIPS 140-3.
However, in the same field of endeavor, Baptist discloses the limitations of claim 7 as follows:
wherein a combination of the plurality of choices provided in the process by the application differs between when the operating system is not operating in an FIPS 140 mode and when the operating system is operating in the FIPS 140 mode of FIPS 140-3. (Baptist; [0033]: the selection of the algorithm may be based on which is most optimized for the computing architecture used by the DST execution unit to perform the encoding. At other times, external policies, such as compliance with certain regulations may drive which algorithms are used, for example, when running in a FIPS-140-2 complaint mode, certain hash functions may be mandated over others (i.e., a combination of the plurality of choices provided in the process by the application differs between when the operating system is not operating in an FIPS 140 mode and when the operating system is operating in the FIPS 140 mode of FIPS 140-3))
Baptist is combinable with Andrew because all are from the same field of endeavor of encryption algorithm selection. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Andrew to incorporate operating mode compliant encryption algorithm selection as in Baptist in order to improve the system by restricting available encryption algorithms to those which are compliant with the mode of operation for predictable results.
Regarding claim 8, Andrew teaches the limitations of claim 8 substantially as follows:
A non-transitory computer-readable storage medium configured to store a computer program to control an information processing apparatus in which an application for managing information of a network device and an operating system are executed, wherein the computer program comprises instructions for executing following processes: (Andrew; [0032]: the computer system includes a processor connected to a memory having an operating system)
causing the application to perform a process for providing a plurality of choices for an algorithm used for cryptographic communication; and (Andrew; [0074]: the user is able to choose from among available algorithms to select an algorithm having greater or less security (i.e., providing a plurality of choices for an algorithm used for cryptographic communication))
causing the application to set an algorithm selected in response to the provision as settings of communication with the network device, (Andrew; [0075]: the user (or an administrator) can choose a given encryption/decryption algorithm for all files by default, on a per-file or per-directory basis, and so on. (i.e., set an algorithm selected in response to the provision as settings of communication with the network device) Once saved, information stored with the encrypted file can identify which algorithm was used to encrypt the data)
Andrew does not teach the limitations of claim 8 as follows:
wherein a combination of the plurality of choices provided in the process by the application differs between when the operating system is not operating in an FIPS 140 mode and when the operating system is operating in the FIPS 140 mode of FIPS 140-3.
However, in the same field of endeavor, Baptist discloses the limitations of claim 8 as follows:
wherein a combination of the plurality of choices provided in the process by the application differs between when the operating system is not operating in an FIPS 140 mode and when the operating system is operating in the FIPS 140 mode of FIPS 140-3. (Baptist; [0033]: the selection of the algorithm may be based on which is most optimized for the computing architecture used by the DST execution unit to perform the encoding. At other times, external policies, such as compliance with certain regulations may drive which algorithms are used, for example, when running in a FIPS-140-2 complaint mode, certain hash functions may be mandated over others (i.e., a combination of the plurality of choices provided in the process by the application differs between when the operating system is not operating in an FIPS 140 mode and when the operating system is operating in the FIPS 140 mode of FIPS 140-3))
Baptist is combinable with Andrew because all are from the same field of endeavor of encryption algorithm selection. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Andrew to incorporate operating mode compliant encryption algorithm selection as in Baptist in order to improve the system by restricting available encryption algorithms to those which are compliant with the mode of operation for predictable results.
Prior Art Considered But Not Relied Upon
Kettlewell (US 20250217519 A1) which teaches configuration settings of an HSM can control which cryptographic algorithms can be executed by the HSM.
Cordray (US 9077611 B2) which teaches an applicable management policy which is identified by a device; and the identified policy is used to manage at least one aspect of the network's operation.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BLAKE ISAAC NARRAMORE whose telephone number is (303)297-4357. The examiner can normally be reached on Monday - Friday 0700-1700 MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BLAKE I NARRAMORE/Examiner, Art Unit 2438