DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 1/25/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(4) because reference character “110B” has been used to designate both Multisite Controller and Controller of Fig. 1.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Specification
The disclosure is objected to because of the following informalities:
Reference numbers in paragraph 28, line 2 for the Sites are incorrect. 115B and 115C should be 105B and 105C, respectively.
Reference numbers in paragraph 30 line 2 for the Sites are incorrect. 110B and 110C should be 105B and 105C, respectively.
Reference number in paragraph 30 line 5 for the Site is incorrect. 150C should be 105C.
Appropriate correction is required.
Reference number in paragraph 34 line 4 for the Controller is incorrect. 105 should be 110.
Appropriate correction is required.
Reference numbers in paragraph 66 lines 8-11 for the Sites are incorrect. 110A should be 105A, 110B should be 105B and 110C should be 105C.
Paragraph 74 line 8 is missing “with” where it should read “data packets encrypted with the old key k5”.
Reference numeral in paragraph 77 lines 8-9 should be 105A instead of 110A and 105B instead of 110B for the Site.
Reference numerals in paragraph 80 line 2 and paragraph 81 line 9 should be 105B instead of 110B for the Site.
Appropriate correction is required.
Claim Objections
Claims 2, 4, 5, 10, 12 and 17 objected to because of the following informalities:  
The claims recite first, second and then fourth instead of the third in these claims or the claims they are depending from.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 4-10, 12-17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 8,347,376 B2, to Weis et al. (hereinafter “Weis”), in view of U.S. Patent No. 10,169,119 B1, to Snyder (hereinafter “Snyder”), further in view of U.S. Patent No. 7,089,211 B1, to Trostle et al. (hereinafter “Trostle”)

Regarding claim 1, Weis teaches:
	A method comprising: 
generating a … symmetric key (Weis, col. 7 line 50, generating of new encryption key, col. 3 lines 24-29, shared secret key which is a symmetric key) …
transmitting the … symmetric key to the … downstream site; (Weis, Fig. 2, 210, column 4 lines 39-47, unique message with a new encryption key is sent to each member of the VPN in a point-to-point communication); …
upon receiving an indication that the … symmetric key was successfully deployed at the … downstream site (Weis, Fig. 2, 220, column 5 lines 31-44, key server tracks which members have acknowledged receipt of the key successfully), …
Weis does not teach the limitation of separate keys for first and second site, deploying key on a first network node of upstream site and determining of the second key not successfully deployed at the second downstream site, refraining from deploying the second key to a second network node of the upstream site, wherein the second network node continues to communicate with the second downstream site using an original key. Snyder remedies and teaches that the two sites A and B are rekeyed with separate keys New Key 3 and New Key 2, respectively (Fig. 9 912 & 914, col. 16 lines 1-13), deploying of the key on the sender side (Fig. 18, 1802, col. 31 lines 12-30) and refraining deploying the second key to the upstream site and continue using the original key with the downstream site (Fig. 17, col. 30 lines 53-67, using old key if the attempted transmission using the first new key is not successful). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to perform gradual rekeying instead of an all or nothing approach of rekeying to allow overlap of validity of the old and the new keys so that the sender and receiver can communicate without interruption (col. 18, lines 35-54).
The combination of Weis and Snyder does not teach the limitation of first and second symmetric keys for first and second downstream sites, respectively. Trostle remedies and teaches first and second symmetric keys for the first and second downstream sites, respectively (Fig. 2, col. 7, lines 11-32, col. 6, lines 19-23, where each member can belong to multiple multicast groups). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have separate symmetric keys for each individual site for more secure communication and also such symmetric key distribution can serve as authentication signatures to authenticate messages (col. 7 Lines 19-32, col. 17 lines 11-18).

Regarding claim 2, Weis in view of Snyder further in view of Trostle teaches:
The method of claim 1, the method further comprising: 
generating a fourth symmetric key for the first downstream site (Weis, col. 7 line 50, generating of new encryption key, col. 3 lines 24-29, shared secret key which is a symmetric key); 
deploying the fourth symmetric key on the first network node of the upstream site; upon determining that the fourth symmetric key was successfully deployed on the first network node of the upstream site (Snyder, Fig. 18, 1802, col. 31 lines 12-30, see claim 1 for motivation to combine with Snyder), 
(Weis, Fig. 2, 210, column 4 lines 39-47, unique message with a new encryption key is sent to each member of the VPN in a point-to-point communication); and 
upon determining that an acknowledgment has not been received from the first downstream site, retransmitting the fourth symmetric key to the first downstream site (Weis, Fig. 1, 140, col. 3 lines 55-57, if no acknowledgement is received, then the key is resent to members that have not acknowledged its receipt).

Regarding claim 4, Weis in view of Snyder further in view of Trostle teaches:
The method of claim 1, wherein prior to transmitting the first symmetric key to the first downstream site, the first network node communicated with the first downstream site using a fourth symmetric key (Snyder, Fig. 9, col. 18 lines 4-34, old key is used before newer key 2 is used for communication. See claim 1 for motivation to combine with Snyder), and wherein after deploying the first symmetric key on the first network node, the first network node communicates with the first downstream site using the first symmetric key (Snyder, Fig. 10, 1007, col. 19 lines 1-7, New Key is used after it was successfully deployed and acknowledged by all subscribers. See claim 1 for motivation to combine with Snyder).

Regarding claim 5, Weis in view of Snyder further in view of Trostle teaches:
The method of claim 4, wherein, upon deploying the first symmetric key on the first downstream site, the first downstream site decrypts packets received from the upstream site using the first and the fourth symmetric keys for a predefined period of time (Snyder, Fig. 9, col. 18 lines 45-50, period of overlap where both old and new keys are in use. See claim 1 for motivation to combine with Snyder), and wherein, upon determining that the predefined (Snyder, Fig. 10, col. 19 lines 1-8, when all subscribers of the site have been rekeyed, the new key is used. See claim 1 for motivation to combine with Snyder).

Regarding claim 6, Weis in view of Snyder further in view of Trostle teaches:
The method of claim 1, the method further comprising: associating a first association number (AN) with the first symmetric key; transmitting the first AN to the first downstream site; and upon receiving the indication that the first symmetric key was successfully deployed at the first downstream site (Weis, Fig. 2, col. 5 lines 45-55, each acknowledgement of successful deployment of the key has a sequence number), marking the first AN as in use (Weis, Fig. 4, 406, col. 8 lines 42-55, the sequencing service along with the record service provides a mechanism for marking who has and has not received the encryption key). 

Regarding claim 7, Weis in view of Snyder further in view of Trostle teaches:
The method of claim 6, the method further comprising: associating a second AN with the second symmetric key (Weis, Fig. 2., instructions can identify an acknowledgement by associating the message with a sequence number); transmitting the second AN to the second downstream site (Weis, Fig. 2, 214, each new key message sent includes a sequence number); and upon receiving the indication that the second symmetric key was not successfully deployed at the second downstream site, marking the first AN as available (Weis, Fig. 4, 406, col. 8 lines 42-55 the sequencing service along with the record service provides a mechanism for recording who has and has not received the encryption key).

claim 8, Weis in view of Snyder further in view of Trostle teaches:
The method of claim 6, wherein the first network node communicates with the first downstream site by: encrypting a first communication using the first symmetric key (Weis, Fig. 2, 213, encrypt each message using shared secret key which is a symmetric key before sending to each member); associating the first AN with the first communication (Weis, Fig. 2, 214, each new key message sent includes a sequence number); and transmitting the first communication to the first downstream site (Weis, Fig. 1, 120, Col. 2 lines 43-46, key distribution service sends a message to each member of the VPN).

Regarding claim 9, Weis teaches:
A network controller comprising: one or more computer processors (Weis, Fig 5, 502, col. 9 lines 36-38), a central processing unit and a graphics processing unit); and a memory (Weis, Fig 5, 504, col. 9 line 38), main memory) containing a program which when executed by the one or more computer processors performs an operation (Weis, Fig. 5, col. 9 lines 37-40, memory and processor communicate via a bus 508), the operation comprising: 
generating a … symmetric key (Weis, col. 7 line 50, generating of new encryption key, col. 3 lines 24-29, shared secret key which is a symmetric key) …; 
transmitting the … symmetric key to the … downstream site (Weis, Fig. 2, 210, column 4 lines 39-47, unique message with a new encryption key is sent to each member of the VPN in a point-to-point communication); …; 
upon receiving an indication that the … symmetric key was successfully deployed at the … downstream site (Weis, Fig. 2, 220, column 5 lines 31-44, key server tracks which members have acknowledged receipt of the key successfully) …
(Fig. 9 912 & 914, col. 16 lines 1-13), deploying of the key on the sender side (Fig. 18, 1802, col. 31 lines 12-30) and refraining deploying the second key to the upstream site and continue using the original key with the downstream site (Fig. 17, col. 30 lines 53-67, using old key if the attempted transmission using the first new key is not successful). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to perform gradual rekeying instead of an all or nothing approach of rekeying to allow overlap of validity of the old and the new keys so that the sender and receiver can communicate without interruption (col. 18, lines 35-54).
The combination of Weis and Snyder does not teach the limitation of symmetric keys for individual sites. Trostle remedies and teaches first and second symmetric keys for the first and second downstream sites, respectively (Fig. 2, col. 7, lines 11-32, col. 6, lines 19-23, where each member can belong to multiple multicast groups). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have separate symmetric keys for each individual site for more secure communication and also such symmetric key distribution can serve as authentication signatures to authenticate messages (col. 7 Lines 19-32, col. 17 lines 11-18).

Regarding claim 10, Weis in view of Snyder further in view of Trostle teaches:

generating a fourth symmetric key for the first downstream site (Weis, col. 7 line 50, generating of new encryption key, col. 3 lines 24-29, shared secret key which is a symmetric key); 
deploying the fourth symmetric key on the first network node of the upstream site; upon determining that the fourth symmetric key was successfully deployed on the first network node of the upstream site (Snyder, Fig. 18, 1802, col. 31 lines 12-30. See claim 9 for motivation to combine with Snyder), 
transmitting the fourth symmetric key to the first downstream site (Weis, Fig. 2, 210, column 4 lines 39-47, unique message with a new encryption key is sent to each member of the VPN in a point-to-point communication); and 
upon determining that an acknowledgment has not been received from the first downstream site, retransmitting the fourth symmetric key to the first downstream site (Weis, Fig. 1, 140, col. 3 lines 55-57, if no acknowledgement is received, then the key is resent to members that have not acknowledged its receipt).

Regarding claim 12, Weis in view of Snyder further in view of Trostle teaches:
The network controller of claim 9, wherein prior to transmitting the first symmetric key to the first downstream site, the first network node communicated with the first downstream site using a fourth symmetric key (Snyder, Fig. 9, col. 18 lines 4-34, old key is used before newer key 2 is used for communication), wherein, upon deploying the first symmetric key on the first downstream site, the first downstream site decrypts packets received from the upstream site using the first and the fourth symmetric keys for a predefined period of time (Snyder, Fig. 9, col. 18 lines 45-50, period of overlap where both old and new keys are in use.  See claim 1 for motivation to combine with Snyder), and wherein, upon determining that the predefined period of time has passed, the first downstream site decrypts packets received from the upstream site using only the first symmetric key (Snyder, Fig. 10, col. 19 lines 1-8, when all subscribers of the site have been rekeyed, the new key is used. See claim 9 for motivation to combine with Snyder).

Regarding claim 13, Weis in view of Snyder further in view of Trostle teaches:
The network controller of claim 9, the operation further comprising: associating a first association number (AN) with the first symmetric key; transmitting the first AN to the first downstream site; and upon receiving the indication that the first symmetric key was successfully deployed at the first downstream site (Weis, Fig. 2, col. 5 lines 45-55, each acknowledgement of successful deployment of the key has a sequence number), marking the first AN as in use (Weis, Fig. 4, 406, col. 8 lines 42-55, the sequencing service along with the record service provides a mechanism for marking who has and has not received the encryption key).

Regarding claim 14, Weis in view of Snyder further in view of Trostle teaches:
The network controller of claim 13, the operation further comprising: associating a second AN with the second symmetric key (Weis, Fig. 2., instructions can identify an acknowledgement by associating the message with a sequence number); transmitting the second AN to the second downstream site (Weis, Fig. 2, 214, each new key message sent includes a sequences number); and upon receiving the indication that the second symmetric key was not successfully deployed at the second downstream site, marking the first AN as available (Weis, Fig. 4, 406, col. 8 lines 42-55, the sequencing service along with the record service provides a mechanism for marking who has and has not received the encryption key).

Regarding claim 15, Weis in view of Snyder further in view of Trostle teaches:
The network controller of claim 13, wherein the first network node communicates with the first downstream site by: encrypting a first communication using the first symmetric key (Weis, Fig. 2, 213, encrypt each message using shared secret key which is a symmetric key before sending to each member); associating the first AN with the first communication (Weis, Fig. 2, 214, each new key message sent includes a sequences number); and transmitting the first communication to the first downstream site (Weis, Fig. 1, 120, Col. 2 lines 43-46, key distribution service sends a message to each member of the VPN).

Regarding claim 16, Weis teaches:
A computer product comprising logic encoded in a non-transitory medium, the logic executable by operation of one or more computer processors to perform an operation (Weis, Fig. 5, 516, drive unit on which is stored one or more sets of instructions executable by operations of the processor and memory) comprising: 
generating a … symmetric key (Weis, col. 7 line 50, generating of new encryption key, col. 3 lines 24-29, shared secret key which is a symmetric key) …
transmitting the … symmetric key to the … downstream site; (Weis, Fig. 2, 210, column 4 lines 39-47, unique message with a new encryption key is sent to each member of the VPN in a point-to-point communication); …
upon receiving an indication that the … symmetric key was successfully deployed at the … downstream site (Weis, Fig. 2, 220, column 5 lines 31-44, key server tracks which members have acknowledged receipt of the key successfully), …
(Fig. 9 912 & 914, col. 16 lines 1-13), deploying of the key on the sender side (Fig. 18, 1802, col. 31 lines 12-30) and refraining deploying the second key to the upstream site and continue using the original key with the downstream site (Fig. 17, col. 30 lines 53-67, using old key if the attempted transmission using the first new key is not successful). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to perform gradual rekeying instead of an all or nothing approach of rekeying to allow overlap of validity of the old and the new keys so that the sender and receiver can communicate without interruption (col. 18, lines 35-54).
The combination of Weis and Snyder does not teach the limitation of symmetric keys for individual sites. Trostle remedies and teaches first and second symmetric keys for the first and second downstream sites, respectively (Fig. 2, col. 7, lines 11-32, col. 6, lines 19-23, where each member can belong to multiple multicast groups). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have separate symmetric keys for each individual site for more secure communication and also such symmetric key distribution can serve as authentication signatures to authenticate messages (col. 7 Lines 19-32, col. 17 lines 11-18).

Regarding claim 17, Weis in view of Snyder further in view of Trostle teaches:

generating a fourth symmetric key for the first downstream site (Weis, col. 7 line 50, generating of new encryption key, col. 3 lines 24-29, shared secret key which is a symmetric key); 
deploying the fourth symmetric key on the first network node of the upstream site; upon determining that the fourth symmetric key was successfully deployed on the first network node of the upstream site (Snyder, Fig. 18, 1802, col. 31 lines 12-30. See claim 16 for motivation to combine with Snyder), 
transmitting the fourth symmetric key to the first downstream site (Weis, Fig. 2, 210, column 4 lines 39-47, unique message with a new encryption key is sent to each member of the VPN in a point-to-point communication); and 
upon determining that an acknowledgment has not been received from the first downstream site, retransmitting the fourth symmetric key to the first downstream site (Weis, Fig. 1, 140, col. 3 lines 55-57, if no acknowledgement is received, then the key is resent to members that have not acknowledged its receipt).

Regarding claim 19, Weis in view of Snyder further in view of Trostle teaches:
The computer product of claim 16, the operation further comprising: associating a first association number (AN) with the first symmetric key; transmitting the first AN to the first downstream site; and upon receiving the indication that the first symmetric key was successfully deployed at the first downstream site (Weis, Fig. 2, col. 5 lines 45-55, each acknowledgement of successful deployment of the key has a sequence number), marking the first AN as in use (Weis, Fig. 4, 406, col. 8 lines 42-55, the sequencing service along with the record service provides a mechanism for marking who has and has not received the encryption key).

Regarding claim 20, Weis in view of Snyder further in view of Trostle teaches:
The computer product of claim 19, the operation further comprising: associating a second AN with the second symmetric key (Weis, Fig. 2., instructions can identify an acknowledgement by associating the message with a sequence number); transmitting the second AN to the second downstream site (Weis, Fig. 2, 214, each new key message sent includes a sequences number); and upon receiving the indication that the second symmetric key was not successfully deployed at the second downstream site, marking the first AN as available (Weis, Fig. 4, 406, col. 8 lines 42-55, the sequencing service along with the record service provides a mechanism for marking who has and has not received the encryption key).

Claims 3, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 8,347,376 B2, to Weis et al. (hereinafter “Weis”), in view of U.S. Patent No. 10,169,119 B1, to Snyder (hereinafter “Snyder”), further in view of U.S. Patent No. 7,089,211 B1, to Trostle et al. (hereinafter “Trostle”) and further in view of U.S. Pat. Appl. Publ’n No. 2002/0154781 A1, to Sowa et al. (hereinafter “Sowa”)

Regarding claim 3, Weis in view of Snyder further in view of Trostle teaches:
The method of claim 1, wherein the first and second symmetric keys are transmitted (Snyder, Fig. 9 912 & 914, col. 16 lines 1-13, first and second keys are transmitted. See claim 1 for motivation to combine with Snyder), … 
The combination of Weis, Snyder and Trostle does not teach the limitation of transmitting the keys to the multisite controller that decrypts the first and second symmetric keys using the KEK associated with the upstream site; encrypts the first symmetric key using a (Fig. 1, 107 and 121, ¶ [0037]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have some kind of an extension to the key server like a multisite controller or a zone controller with location register to encrypt/decrypt the encryption keys to provide a secure infrastructure for a communication system thereby dividing system devices into groups or pools and encryption keys are defined to provide secure transfer of key material among system devices (¶ [0023]).

Regarding claim 11, Weis in view of Snyder further in view of Trostle teaches:
The network controller of claim 9, wherein the first and second symmetric keys are transmitted (Snyder, Fig. 9 912 & 914, col. 16 lines 1-13, first and second keys are transmitted. See claim 9 for motivation to combine with Snyder), …
The combination of Weis, Snyder and Trostle does not teach the limitation of transmitting the keys to the multisite controller that decrypts the first and second symmetric keys using the KEK associated with the upstream site; encrypts the first symmetric key using a KEK associated with the first downstream site; encrypts the second symmetric key using a KEK associated with the second downstream site; and forwards the encrypted first and second symmetric keys to the first and second downstream sites, respectively. Sowa remedies and teaches transmitting of the keys from HLR to VLR where VLR decrypts the key using KEKE and re-encrypts with KEK of the zone of the destination zone (Fig. 1, 107 and 121, ¶ [0037]). It would (¶ [0023]).

Regarding claim 18, Weis in view of Snyder further in view of Trostle teaches:
The computer product of claim 16, wherein the first and second symmetric keys are transmitted (Snyder, Fig. 9 912 & 914, col. 16 lines 1-13, first and second keys are transmitted. See claim 16 for motivation to combine with Snyder), … 
The combination of Weis, Snyder and Trostle does not teach the limitation of transmitting the keys to the multisite controller that decrypts the first and second symmetric keys using the KEK associated with the upstream site; encrypts the first symmetric key using a KEK associated with the first downstream site; encrypts the second symmetric key using a KEK associated with the second downstream site; and forwards the encrypted first and second symmetric keys to the first and second downstream sites, respectively. Sowa remedies and teaches transmitting of the keys from HLR to VLR where VLR decrypts the key using KEKE and re-encrypts with KEK of the zone of the destination zone (Fig. 1, 107 and 121, ¶ [0037]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have some kind of an extension to the key server like a multisite controller or a zone controller with location register to encrypt/decrypt the encryption keys to provide a secure infrastructure for a communication system thereby dividing system devices into groups (¶ [0023]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Laurent Eschenauer, A Key-Management Scheme for Distributed Sensor Networks, 2002, discloses key-management scheme for efficient operation and security of distributed sensor networks
Detienne et al. U.S. Pat. Appl. Publ’n No. 2014/0115325 A1 discloses cryptography scheme for a multi-tenant virtual network for the data protection.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to NIRAV SHAH whose telephone number is (408)918-7592.  The examiner can normally be reached on Monday - Thursday and alternate Fridays, 7:30-4:30 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact 






/N.C.S./Examiner, Art Unit 2493                                                                                                                                                                                                        
/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        1/15/2021