DETAILED ACTION
This Office action is in response to a non-provisional utility patent application filed by Applicant on 2/18/2025.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement PTO-1449
The Information Disclosure Statement submitted by applicant on 2/18/2025 has been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.
Double Patenting
No conflicting application or issued patent was identified that would require a rejection under double patenting.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1–13 rejected under 35 U.S.C. 101 because the claims cover material not found in any of the four statutory categories and is therefore outside the scope of 35 U.S.C. 101. The claims recite a computer platform with data vaults. While the claims can be interpreted as hardware, which would be within the scope of the statute, the claims are also able to be interpreted as being wholly software, which would be outside the scope of the statute. Therefore, the claims are rejected as being software per se. Applicant may be able to overcome this rejection by amending the claims to recite terms, which preclude interpretation of the invention in a manner that is wholly software.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1–11, 14 rejected under 35 U.S.C. 103 as being unpatentable over Parker (US 2024/0037163 A1, published Feb. 1, 2024) in view of Borzycki (US 9,189,645 B2, issued Nov. 17, 2015, acknowledged by Applicant in the Background section of Applicant’s Specification).
Regarding claims 1 and 14, Parker discloses: a computer platform for separately and securely processing data associated with different data providers, wherein the computer platform comprises: a first data vault, and a plurality of applications comprising at least a first application and a second application (a trusted platform module (TPM) used for secure storage of data including keys, credentials, and sensitive or private data. Parker ¶ 56.), the computer platform being arranged to: store one or more first encryption keys associated with the first data provider (storing cryptographic keys in a trusted platform module (TPM) security device. Parker ¶ 56.), receive first encrypted data associated with a first data provider (storing received downloaded data and other sensitive data in a secure or encrypted way. Parker ¶ 56. Receiving downloaded (financial) data associated with a user account. Parker ¶ 60.), wherein the first encrypted data is encrypted using the one or more first encryption keys (using dedicated security hardware for processing secure downloaded data using a secure cryptoprocessor, which does not output decrypted data to unsecure storage. Parker ¶¶ 55–56.), store the first encrypted data on the first data vault (storing sensitive decrypted data in the security hardware module. Parker ¶ 56.), decrypt the first encrypted data stored on the first data vault using the respective one or more first encryption keys to obtain respective first decrypted data (communication with other devices using a secure encrypted protocol using stored credentials and processing secure downloaded data using a secure cryptoprocessor, which does not output decrypted data to unsecure storage. Parker ¶¶ 55–56.), decide to provide the first decrypted data from the first data vault and/or the second decrypted data from the second data vault to the first and/or second application on the computer platform, depending on permissions of the first data provider and/or the second data provider (downloading data associated with a user from both the first party service provider and from one or more third-party service providers, aggregating the data together so that the user may access the data in a single interface application. Parker ¶ 66.).
Parker does not disclose a computer platform with a second data vault, one or more second encryption keys associated with a second data provider, receiving a second encrypted data associated with a second data provider, the second encrypted data is encrypted using the one or more second encryption keys, store the second encrypted data on the second data vault, and decrypt the second data stored on the second data vault using the one or more second encryption keys to obtain second decrypted data,
However, Borzycki does disclose: a computer platform with a second data vault, one or more second encryption keys associated with a second data provider, receiving a second encrypted data associated with a second data provider, the second encrypted data is encrypted using the one or more second encryption keys, store the second encrypted data on the second data vault, and decrypt the second data stored on the second data vault using the one or more second encryption keys to obtain second decrypted data (multiple “application private data vaults” managing and storing private keys for use with respective applications on a common computing platform. Borzycki Figures 5-6 and 23:15–63 and 23:64–24:29. See also Borzycki 54:2–7 and 60:52–62.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the handling of encrypted sensitive data from diverse data providers to aggregate the information for use by a user of Parker with the user of multiple key management and encryption handling vaults on a single computing platform based upon the teachings of Borzucki. The motivation being to separately secure sensitive cryptographic information to protect data from being mishandled.
Regarding claim 2, Parker in view of Borzucki discloses the limitations of claim 1, wherein the first application is to display decrypted data from the first data vault on the computer platform and the second application is to display decrypted data from the second data vault on the computer platform (display data from various applications and sources across devices in a collaborative environment. Borzucki 30:65–31:19.).
Regarding claim 3, Parker in view of Borzucki discloses the limitations of claim 1, wherein the first data vault and/or the second data vault are hosted by the respective first and second applications (third-party data on the application of the third-party service provider. Parker ¶¶ 65–66.).
Regarding claim 4, Parker in view of Borzucki discloses the limitations of claim 1, wherein the encryption keys are symmetric keys associated with a symmetric encryption system (the platform can support public-key cryptography standards. Borzycki 72:54–73:8.).
Regarding claim 5, Parker in view of Borzucki discloses the limitations of claim 4, wherein the computer platform is equipped with a client key pair including a public client key and a private client key, and is arranged to store a symmetric server key, the symmetric server key being encrypted with the client public key, decrypt the symmetric server key using the private client key (the platform can support public-key cryptography standards. Borzycki 72:54–73:8.).
Regarding claim 6, Parker in view of Borzucki discloses the limitations of claim 1, wherein the encryption keys are received by the applications and passed to a vault engine through the applications, wherein the encryption is performed application specific (Parker ¶ 56.).
Regarding claim 7, Parker in view of Borzucki discloses the limitations of claim 6, wherein the encryption is performed specific to the secure data vault version used at the computer platform and/or where one or more first and second encryption keys have a predetermined expiration date (Borzucki 58:52–59:8.).
Regarding claim 8, Parker in view of Borzucki discloses the limitations of claim 2, wherein the computer platform comprises an offer generator, wherein the computer platform is to receive executable code from the encryption server to enable the application software to present the decrypted provider data in a customized format associated with the first or the second provider (the direct access module receives data from multiple service providers and can customize the associated data from a variety of providers into a single social networking application, financial services application, or photo application. Parker ¶ 66.).
Regarding claim 9, Parker in view of Borzucki discloses the limitations of claim 8, wherein the executable code is encrypted with the respective key associated with the first or second data provider (using dedicated security hardware for processing secure downloaded data using a secure cryptoprocessor and stored keys. Parker ¶¶ 55–56.).
Regarding claim 10, Parker in view of Borzucki discloses the limitations of claim 1, wherein the computer platform is to receive the encrypted data and/or the encryption keys via a content delivery network (communication with other devices using a secure encrypted protocol using stored credentials and processing secure downloaded data using a secure cryptoprocessor, which does not output decrypted data to unsecure storage. Parker ¶¶ 55–56.).
Regarding claim 11, Parker in view of Borzucki discloses the limitations of claim 2, wherein data associated with the first and second data providers is aggregated before being provided to the applications for display (the direct access module receives data from multiple service providers and can customize the associated data from a variety of providers into a single social networking application, financial services application, or photo application. Parker ¶ 66.).
Regarding claim 15, Parker in view of Borzucki discloses the limitations of claim 14, when said program is executed on a computer platform (Parker Figure 1 and ¶ 33.).
Allowable Subject Matter
Claims 12–13 are subject to the above rejection under 35 U.S.C. 101 as being software per se. However, claims 12–13 are objected to as being dependent upon a rejected base claim, but would be allowable if the subject matter eligibility rejection (35 U.S.C. 101) is overcome and the claims are rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Mullins (US 2018/0198610 A1, published Jul. 12, 2018), using multiple key vaults to store cryptographic keys; Ness (US 2018/0123781 A1, published May 3, 2018), computing architecture including multiple key vaults; and Keum (US 2023/0180007 A1, published Jun. 8, 2023), issuing a separate key to store in a separate key vault in a mobile device.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE M LITTLE whose telephone number is (571) 270-0408. The examiner can normally be reached on Monday - Friday 9:30am - 5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VANCE M LITTLE/Primary Examiner, Art Unit 2493