Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The present Office Action is responsive to communications received 11/17/2020. Claism 1-19 are pending.

Examiner’s Amendments 
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a communication with Attorney of Record David H. Judson on 1/15/2021.
Please replace the claims listing by the following one, in which claim 19 is amended:

1.	(previously presented) A method of sharing cryptographic material among a set of computing entities, wherein given computing entities do not share a direct trust relationship or network connectivity with one another, comprising:
at a conduit entity with which each of the set of computing entities shares a trusted communication path:
storing an indication that identifies a given one of the computing entities as a leader entity, wherein the cryptographic material to be shared is generated by the leader entity; 

receiving a message from a computing entity that is not the leader entity and, in response, determining whether the computing entity has the cryptographic material; 
when it is determined that the computing entity does not have the cryptographic material, initiating a synchronization protocol among the computing entity, the conduit entity and the leader entity to provide the cryptographic material from the leader entity to the computing entity via the conduit entity, the conduit entity being restricted from viewing the cryptographic material as the cryptographic material passes through to the computing entity.   

2.	(original) The method as described in claim 1 wherein determining whether the computing entity has the cryptographic material compares information in the message to the value.   

3.	(original) The method as described in claim 1 wherein the synchronization protocol comprises: 
receiving at the conduit entity a public key associated with the computing entity; 
forwarding the public key associated with the computing entity to the leader entity; 

returning the result to the computing entity.  

4.	(previously presented) The method as described in claim 3 further including receiving a confirmation message from a target entity, the confirmation message having been generated at the target entity upon (i) the target entity’s receipt of the result, and (ii) decrypting of the result using a private key to recover the cryptographic material, wherein the private key and the public key comprise an asymmetric key pair. 

5.	(original) The method as described in claim 1 wherein the value is a cryptographic hash of the cryptographic material.

6.	(original) The method as described in claim 1 further including periodically checking for liveness of the leader entity.  

7.	(original) The method as described in claim 6 further including promoting a new computing entity to be a new leader entity upon a determination that the leader entity does not pass a periodic liveness check.  

8.	(original) The method as described in claim 1 further including periodically initiating a key material rotation by which a current leader entity generates new 

9.	(original) The method as described in claim 1 wherein the conduit entity is associated with an overlay network.  

10.	(original) The method as described in claim 9 wherein the overlay network is a content delivery network (CDN). 


storing an indication that identifies a given one of the computing entities as a leader entity, wherein the cryptographic material to be shared is generated by the leader entity; 
storing a value representing a synchronization state, the value having been generated by the leader entity applying a given function to the cryptographic material;
receiving a message from a computing entity that is not the leader entity and, in response, determining whether the computing entity has the cryptographic material; and
when it is determined that the computing entity does not have the cryptographic material, initiating a synchronization protocol among the computing entity, the conduit entity and the leader entity to provide the cryptographic material from the leader entity to the computing entity via the conduit entity, the conduit entity being restricted from viewing the cryptographic material as the cryptographic material passes through to the computing entity;
wherein each of a set of computing entities shares a trusted communication path with the conduct entity that executes the synchronization protocol.



13.	(original) The computer program product as described in claim 11 wherein the synchronization protocol comprises: 
receiving at the conduit entity a public key associated with the computing entity; 
forwarding the public key associated with the computing entity to the leader entity; 
receiving from the leader entity a result of the leader entity encrypting the cryptographic material with the public key associated with the computing entity; and
returning the result to the computing entity.  

14.	(previously presented) The computer program product as described in claim 13 further including receiving a confirmation message from a target entity, the confirmation message having been generated at the target entity upon (i) the target entity’s receipt of the result, and (ii) decrypting of the result using a private key to recover the cryptographic material, wherein the private key and the public key comprise an asymmetric key pair. 

15.	(original) The computer program product as described in claim 11 wherein the value is a cryptographic hash of the cryptographic material.


  
17.	(original) The computer program product as described in claim 16 further including promoting a new computing entity to be a new leader entity upon a determination that the leader entity does not pass a periodic liveness check.  

18.	(original) The computer program product as described in claim 11 further including periodically initiating a key material rotation by which a current leader entity generates new cryptographic material that is thereafter shared according to the synchronization protocol. 


a hardware processor; and
computer memory storing computer program instructions executed by the hardware processor and configured to provide a conduit for secure transfer of material between a set of computing entities each connected to the apparatus over a secure transmission path, the material having been generated at a computing entity acting as a leader, the material between transferred from the leader to a given one of the computing entities via the apparatus when it is determined by the apparatus that the given one of the computing entities does not then possess the material and in response the apparatus initiates a synchronization protocol among the apparatus, the given computing entity and the leader, wherein prior to transfer the material is encrypted by the leader using a public key of the given computing entity, the public key having been provided to the leader by the apparatus, wherein a private key necessary to recover the material is not held by the apparatus such that the apparatus is restricted from viewing the material as the material passes through to the given computing entity;
wherein the computer program instructions are further configured to store a value representing a synchronization state, the value having been generated by the leader applying a given function to the material. 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/17/2019 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Allowed Claims
Claims 1-19 are allowed, in view of the examiner’s amendments above.


Reason for Allowance

 This communication warrants no examiner's reason for allowance, as applicant's reply makes evident the reason for allowance, satisfying the record as whole as required by rule 37 CFR 1.104 (e). In this case, the substance of applicant's remarks filed on 11/17/2019 with respect to the amended claim limitations along with the examiner’s amendments point out the reason claims are patentable over the prior art of record. Thus, the reason for allowance is in all probability evident from the record and no statement for examiner's reason for allowance is necessary (see MPEP 13202.14).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138.  The examiner can normally be reached on Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        1/16/2021