Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-16 are pending in the application.
Specification
The title of the invention is not descriptive. A new title is required that is clearly indicative of the invention to which the claims are directed.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 2-7, 10-15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Regarding claim 2, the claim uses the terms “a secure hardware module” and “the security hardware module.” Claim 1 comprises the term “a security hardware module.” As the terms, “secure” vs “security,” are similar, it is not clear whether “secure hardware module” is intended as “security hardware module.” The term “secure hardware module” is not stated and described in the specification.
Regarding claim 2, the claim recites, “the key generation request including a first parameter of the application containing a user ID and first authentication information.” It is not clear whether the “first authentication information” is contained in the first parameter or is included in the key generation request.
Regarding claim 3, the claim recites, “the key acquisition request including a second parameter.” Claims 1 and 3 do not recite a “first parameter.” As such, it is not clear whether the claim requires a first parameter since the claim states a “second parameter.”
Regarding claim 10, the claim uses the term “a secure hardware module” and “the security hardware module.” Claim 9 comprises the term “a security hardware module.” As the terms are similar, “secure” vs “security,” it is not clear whether “a secure hardware module” is intended as “security hardware module.”
Regarding claim 10, the claim recites, “the key generation request including a first parameter of the application containing a user ID and first authentication information.” It is not clear whether the “first authentication information” is contained in the first parameter or is included in the key generation request.
Regarding claim 11, the claim recites, “the key acquisition request including a second parameter.” Claims 9 and 11 do not recite a “first parameter.” As such, it is not clear whether the claim requires a first parameter since the claim states a “second parameter.”
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 3, 9, and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Bar-el et al. US Patent Publication No. 2009/0202078 (“Bar-el”) in view of Iyer et al. US Patent Publication No. 2020/0175179 (“Iyer”).
Regarding claim 1, Bar-el teaches a processing method, performed by an electronic device, comprising:
obtaining a key to be used from a security hardware module of the electronic device (para. [0078] SEP hardware module 102 may store application keys 115); and
encrypting local user data on the electronic device based on the key to be used to generate encrypted user data, the encrypted user data being configured to enable an application on the electronic device to perform local processing (para. [0069] SEP hardware module 102 may be configured to perform at least one of encrypting and decrypting data handled, used, utilized, generated and/or processed by a SEP application 103 (generally referred to as "data handled by the SEP application") being executed by processor 111. perform at least one of the encrypting and decrypting using an application-specific application-key 115 corresponding to the SEP application 103. para. [0114] SEP hardware module 102, e.g., crypto engine 107, may encrypt and/or decrypt the data using the application-key 115 corresponding to the requesting SEP application 103).
Bar-el teaches an application on the electronic device performing local processing but not expressly in response to a user input to the application.
Iyer teaches local processing in response to a user input to an application (para. [0031] user activity is associated with an entity application stored on a user device. para. [0058] application (e.g., application, systems, and/or user 4 associated therewith) is allowed to create encryption for the application and/or data associated therewith. application may include data related to confidential information of an entity. para. [0070] application (e.g., a user 4 within the organization) may request to access encrypted data from a database). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bar-el with Iyer’s disclosure such that the local processing of Bar-el is in response to a user input to the application. One of ordinary skill in the in the art would have been motivated to do so because it would have been desirable to provide encryption of data for different types of application including applications used by a user.
Regarding claim 9, Bar-el teaches an electronic device, comprising:
a security hardware module for storing a key to be used (para. [0078] SEP hardware module 102 may store application keys 115); and
one or more processors configured to perform: obtaining the key to be used from the security hardware module, and encrypting local user data on the electronic device based on the key to be used to obtain encrypted user data, the encrypted user data being configured to enable an application on the electronic device to perform local processing (para. [0069] SEP hardware module 102 may be configured to perform at least one of encrypting and decrypting data handled, used, utilized, generated and/or processed by a SEP application 103 (generally referred to as "data handled by the SEP application") being executed by processor 111. perform at least one of the encrypting and decrypting using an application-specific application-key 115 corresponding to the SEP application 103. para. [0114] SEP hardware module 102, e.g., crypto engine 107, may encrypt and/or decrypt the data using the application-key 115 corresponding to the requesting SEP application 103).
Bar-el teaches an application on the electronic device performing local processing but not expressly in response to a user input to the application.
Iyer teaches local processing in response to a user input to an application (para. [0031] user activity is associated with an entity application stored on a user device. para. [0058] application (e.g., application, systems, and/or user 4 associated therewith) is allowed to create encryption for the application and/or data associated therewith. application may include data related to confidential information of an entity. para. [0070] application (e.g., a user 4 within the organization) may request to access encrypted data from a database). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bar-el with Iyer’s disclosure such that the local processing of Bar-el is in response to a user input to the application. One of ordinary skill in the in the art would have been motivated to do so because it would have been desirable to provide encryption of data for different types of application including applications used by a user.
Regarding claim 3, Bar-el in view of Iyer teach the processing method according to claim 1. Bar-el teaches wherein obtaining the key to be used from the security hardware module of the electronic device includes: determining a second parameter containing an ID of the key to be used; and obtaining the key to be used from the security hardware module (para. [0078] determine a plurality of application-specific descriptor values 114 corresponding to a plurality of SEP applications 103 based at least on the application-specific information of the SEP applications 103. determine the application-key 115… corresponding to a certain SEP application 103 being executed, or to-be-executed, based on the descriptor value 114 corresponding to the certain SEP application). Bar-el does not teach transmitting a key acquisition request to the security hardware module of the electronic device, the key acquisition request including a second parameter containing an ID of the key to be used, the key acquisition request being configured to enable the security hardware module to obtain the key to be used corresponding to the second parameter based on the second parameter.
Iyer teaches transmitting a key acquisition request to a security hardware module, the key acquisition request including a second parameter containing an ID of the key to be used, the key acquisition request being configured to enable the security hardware module to obtain the key to be used corresponding to the second parameter based on the second parameter; and obtaining the key to be used from the security hardware module (para. [0054] encryption key that the application requests may be identified from the plurality of encryption keys within a partition by the key identifier of the encryption key, which may be included in the request made by the application and/or API. para. [0061] encryption key that the application requests may be identified from the plurality of encryption keys within a partition by the key identifier of the encryption key, which may be included in the request made by the application and/or API. para. [0070] an application (e.g., a user 4 within the organization) may request to access encrypted data from a database). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bar-el with Iyer’s disclosure. One of ordinary skill in the in the art would have been motivated to do so because Bar-el discloses a key corresponding to an application, and Iyer would have provided the capability for the application to request a particular key for use with the application.
Regarding claim 11, Bar-el in view of Iyer teach the electronic device according to claim 9. Bar-el teaches wherein the one or more processors are further configured to perform: obtaining the key to be used from the security hardware module of the electronic device includes: determining a second parameter containing an ID of the key to be used; and obtaining the key to be used from the security hardware module (para. [0078] determine a plurality of application-specific descriptor values 114 corresponding to a plurality of SEP applications 103 based at least on the application-specific information of the SEP applications 103. determine the application-key 115… corresponding to a certain SEP application 103 being executed, or to-be-executed, based on the descriptor value 114 corresponding to the certain SEP application). Bar-el does not teach wherein the one or more processors are further configured to perform: transmitting a key acquisition request to the security hardware module of the electronic device, the key acquisition request including a second parameter containing an ID of the key to be used, the key acquisition request being configured to enable the security hardware module to obtain the key to be used corresponding to the second parameter based on the second parameter; and obtaining the key to be used from the security hardware module.
Iyer teaches transmitting a key acquisition request to a security hardware module, the key acquisition request including a second parameter containing an ID of the key to be used, the key acquisition request being configured to enable the security hardware module to obtain the key to be used corresponding to the second parameter based on the second parameter; and obtaining the key to be used from the security hardware module (para. [0054] encryption key that the application requests may be identified from the plurality of encryption keys within a partition by the key identifier of the encryption key, which may be included in the request made by the application and/or API. para. [0061] encryption key that the application requests may be identified from the plurality of encryption keys within a partition by the key identifier of the encryption key, which may be included in the request made by the application and/or API. para. [0070] an application (e.g., a user 4 within the organization) may request to access encrypted data from a database). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bar-el with Iyer’s disclosure. One of ordinary skill in the in the art would have been motivated to do so because Bar-el discloses a key corresponding to an application, and Iyer would have provided the capability for the application to request a particular key for use with the application.
Claims 4 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Bar-el in view of Iyer and Ureche et al. US Patent Publication No. 2023/0291565 (“Ureche”).
Regarding claim 4, Bar-el does not teach the processing method according to claim 3, wherein the second parameter in the key acquisition request also includes first authentication information, the key acquisition request is configured to return the key to be used corresponding to the ID of the key to be used in the key acquisition request when existing first authentication information of the security hardware module is consistent with the first authentication information in the key acquisition request.
Ureche teaches second parameter in a key acquisition request includes first authentication information, the key acquisition request is configured to return the key to be used corresponding to the ID of the key to be used in the key acquisition request when existing first authentication information of the security hardware module is consistent with the first authentication information in the key acquisition request (para. [0050] key request to the hardware security module 110, where the key request includes identification information about the third party, identification information about the user, and/or identification information about the computing device 120. key request may include authorization information. hardware security module 110 may perform (e.g., independently perform) an authentication check to authenticate the third party 103 (or the user 101) before returning the second key portion 131). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bar-el and Iyer with Urech’s disclosure. One of ordinary skill in the in the art would have been motivated to do so for preventing unauthorized use of the encryption key by performing authentication before returning the key.
Regarding claim 12, Bar-el does not teach the electronic device according to claim 11, wherein the second parameter in the key acquisition request also includes first authentication information, the key acquisition request is configured to return the key to be used corresponding to the ID of the key to be used in the key acquisition request when existing first authentication information of the security hardware module is consistent with the first authentication information in the key acquisition request.
Ureche teaches second parameter in a key acquisition request includes first authentication information, the key acquisition request is configured to return the key to be used corresponding to the ID of the key to be used in the key acquisition request when existing first authentication information of the security hardware module is consistent with the first authentication information in the key acquisition request (para. [0050] key request to the hardware security module 110, where the key request includes identification information about the third party, identification information about the user, and/or identification information about the computing device 120. In some examples, the key request may include authorization information. hardware security module 110 may perform (e.g., independently perform) an authentication check to authenticate the third party 103 (or the user 101) before returning the second key portion 131). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bar-el and Iyer with Urech’s disclosure. One of ordinary skill in the in the art would have been motivated to do so for preventing unauthorized use of the encryption key by performing authentication before returning the key.
Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Bar-el in view of Iyer and Pruss et al. US Patent Publication No. 2024/0179000 (“Pruss”).
Regarding claim 8, Bar-el does not teach the processing method according to claim 1, wherein when the electronic device includes a plurality of security hardware modules, obtaining the key to be used from the security hardware module of the electronic device includes: obtaining hardware parameters of the plurality of security hardware modules of the electronic device, and determining a target security hardware module, hardware parameter capabilities of the target security hardware module meeting preset conditions; and obtaining the key to be used from the target security hardware module (Note: The claim recites the contingent limitation, “when the electronic device includes a plurality of security hardware modules.” The claim does not require the condition to be met and therefore, does not require a plurality of security hardware modules and the steps of the claim to be performed. See MPEP 2111.04(II)
However, Pruss teaches obtaining hardware parameters of a plurality of security hardware modules of the electronic device, and determining a target security hardware module, hardware parameter capabilities of the target security hardware module meeting preset conditions; and obtaining the key to be used from the target security hardware module (fig. 1; para. [0023] host device comprises a memory and an electronic processor configured to designate a first HSM as a primary HSM, designate a second HSM as a subordinate HSM, receive an encrypted multi-HSM exchange key. para. [0037] one of the plurality of HSMs 104 is designated at a primary HSM 402. one of the HSMs 104 may be designated as a primary HSM 402 based on detection, by the host device 102 and/or the particular one of the plurality of HSMs 104, that the particular one of the HSMs is connected to a key variable loader (“KVL”) 406). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bar-el and Iyer with Pruss’s disclosure. One of ordinary skill in the in the art would have been motivated to do so for benefits of expanded processing capacity by using multiple HSMs (para. [0020]).
Regarding claim 16, Bar-el does not teach the electronic device according to claim 9, wherein when the electronic device includes a plurality of security hardware modules, the one or more processors are further configured to perform: obtaining hardware parameters of the plurality of security hardware modules of the electronic device, and determining a target security hardware module, hardware parameter capabilities of the target security hardware module meeting preset conditions; and obtaining the key to be used from the target security hardware module.
Pruss teaches obtaining hardware parameters of a plurality of security hardware modules of the electronic device, and determining a target security hardware module, hardware parameter capabilities of the target security hardware module meeting preset conditions; and obtaining the key to be used from the target security hardware module (fig. 1; para. [0023] host device comprises a memory and an electronic processor configured to designate a first HSM as a primary HSM, designate a second HSM as a subordinate HSM, receive an encrypted multi-HSM exchange key. para. [0037] one of the plurality of HSMs 104 is designated at a primary HSM 402. one of the HSMs 104 may be designated as a primary HSM 402 based on detection, by the host device 102 and/or the particular one of the plurality of HSMs 104, that the particular one of the HSMs is connected to a key variable loader (“KVL”) 406). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bar-el and Iyer with Pruss’s disclosure. One of ordinary skill in the in the art would have been motivated to do so for benefits of expanded processing capacity by using multiple HSMs (para. [0020]).
Allowable Subject Matter
Claims 2, 5-7, 10, 13-15 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.
Examiner’s Note
The following prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
Christofferson et al. US Patent Publication No. 2021/0150044 (para. [0027] software application 22 causes or instructs the hardware processor 28 to perform operations, such as obtaining the electronic representation of the vault key 40. software application, for example, may retrieve the vault key 40 from the hardware memory device 30 of the smartphone 26. encryption algorithm 72 may thus encrypt the electronic data 24 using the vault key 40. para. [0032] vault key 40 may then be used to encrypt and decrypt, as explained. para. [0033] user may thus tactilely select or request the decryption operation 46. software application 22 may thus retrieve the vault key 40 from the hardware memory device 30 of the smartphone 26)
Kettlewell US Patent Publication No. 2025/0217519 (para. [0069] HSM 11 is located in a user system. In this case, the user system has a dedicated local HSM 11 device. para. [0152] HSM receives a request to use a first cryptographic key in a first operation. user wishes to use the first application key to decrypt some encrypted data. command corresponds to a request to use the first cryptographic key. para. [0153] first operation comprises retrieving the encrypted first application key from the external storage device, and decrypting the encrypted first application key using the first cryptographic key (master key))
Conclusion
A shortened statutory period for reply to this Office action is set to expire THREE MONTHS from the mailing date of this action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Joshua Joo whose telephone number is (571)272-3966. The examiner can normally be reached Monday-Friday 7am-3pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached at 571-270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JOSHUA JOO/Primary Examiner, Art Unit 2445