Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is in response to the RCE filed 5/20/2020.  Claims 1, 3-9, 11-18, and 20-26 are pending.  Of such, claims 1 (a method), 9 (a system) and 18 (a non-transitory CRM) are independent.

Response to Arguments
Applicant’s arguments, see page 8, filed 2/24/2021, with respect to the rejection(s) of claim(s) 1, 3-5, 9, 11-14, 18, and 20-23 under Ryan in view of Hanna have been fully considered and are persuasive.  Ryan does not disclose deriving a key based on an application ID. Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Ryan et al., US 9,590,956, in view of Hanna, US 2002/0136410, and Tang “A Reflection on the Security of Two-Party Key Establishment Protocols”.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

Claims 1, 3-5, 9, 11-14, 18, and 20-23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ryan et al., US 9,590,956 (published 2017-03), in view of Hanna, US 2002/0136410 (filed 2001-03), and Tang “A Reflection on the Security of Two-Party Key Establishment Protocols” (published 2010).
As to claims 1, 9, and 18, Ryan discloses the method/system/CRM comprising:
…
receiving, at the first device, a first encrypted communication from a second device, wherein: (“FIG. 4 illustrates an exemplary process for receiving and decrypting a datagram received from a sender. In block 410, the receiver receives the sender's datagram.” Ryan col. 10, ln. 39)
the second device belongs to a different secure communication network than the first device; and (“Communications between users of client devices 210, 220, 230 may be exchanged via network 112. Network 112 may include various configurations and use various protocols including the Internet, World Wide Web, intranets, virtual private networks, local Ethernet networks, private networks using communication protocols proprietary to one or more companies, cellular and wireless networks (e.g., WiFi), instant messaging, HTTP and SMTP, and various combinations of the foregoing.” Ryan col. 6, ln. 48. A multitude of networks.)
the first encrypted communication includes a first unique identifier of a first public ephemeral key of the plurality of ephemeral keys transmitted to the first server; (“The datagram includes a payload and a header. The payload comprises the encrypted message, while the header includes destination entries for each of receiver's apps. That is, the sender's app addresses the message in a one-to-many manner. For instance, the sender addresses the message to the receiver, but the sender's app composes a datagram that is addressed to each of the receiver's apps. Accordingly, each destination entry includes the twice-encrypted message key specific to that app; the ephemeral ECDH key identifier unique to the receiver's app; and the sender's signed ephemeral public component.” Ryan col. 10, ln. 18)
deriving, by the first device, a key-encrypting key using a private ephemeral key associated with the first unique identifier; (“in block 440, the receiver's secure messaging app derives the key-encrypting key using the retrieved ephemeral private component and the sender's ephemeral public component that was received in the datagram.” Ryan col. 10, ln. 56)
…
decrypting, by the first device, a first encrypted communication encryption key using the derived key-encrypting key; (“After deriving the key-encrypting key, the receiver's secure messaging app decrypts the encrypted message key in block 450 to obtain a decrypted message key.” Ryan col. 10, ln. 59)
decrypting the first encrypted communication using the first decrypted communication encryption key; and (“In block 460, the decrypted message key is used to decrypt the message contained in the sender's datagram.” Ryan col. 10, ln. 62)
providing, by the first device, the first decrypted communication to a first user of the first device. (“the decrypted message is provided to the receiver in block 470.”  Ryan col. 10, ln. 66.  The ‘receiver’ being a person, see Ryan col. 5, ln. 53)


Ryan does not disclose: 
generating, by a first device, a plurality of ephemeral asymmetric key pairs; 
assigning, by the first device, a unique identifier to each of the plurality of ephemeral asymmetric key pairs; 
and their unique identifiers
… and an application identifier associated with the first device

Hanna discloses: 
generating, by a first device (“Node A 250 and Node B 252 can interchange ephemeral messages as discussed above in conjunction with the flow diagram of FIG. 11. Assuming Node B 252 desires to transmit an ephemeral message to Node A 250, operation would proceed as discussed with respect to FIG. 11 noting that the first and third nodes comprise the same node.” Hanna ¶ 59, Node A being the first device), a plurality (“a first party may announce a current ephemeral key pair list at step 40.” Hanna ¶ 30, see also ¶¶ 52 and 60) of ephemeral asymmetric key pairs; (“the tamper resistant cryptographic processor 206 generates an ephemeral key pair comprising an ephemeral encryption key and an ephemeral decryption key as depicted in step 220. The ephemeral key pair preferably comprises a public/private key pair.” Hanna ¶ 51)

and their unique identifiers;  (“an ephemeral key identifier that was obtained with the ephemeral public key.” Hanna ¶ 54. See also Hanna ¶¶ 30 and 52)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Ryan with Hanna by generating the keys and their respective reference values (Ryan col. 5, ln. 40) as done in Hannah (¶¶ 30 and 54) for providing to the security platform (Ryan col. 9, ln. 10).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Ryan with Hanna in order to provision the ephemeral keys to the security platform, as discussed in Ryan col. 9, ln. 10, and also to distribute and securely maintain ephemeral encryption/decryption keys at the recipient device, Hanna ¶¶ 12 and 30.

Ryan in view of Hanna does not disclose: 
… and an application identifier associated with the first device

Tang discloses: 
… and an application identifier associated with the first device (“the key establishment protocol takes an application identifier appid as input. This reflects our consideration that the protocol can be invoked by multiple applications from the same 

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Ryan in view of Hanna with Tang by incorporating the application identifier in addition to the keying material (of Ryan col. 9, ln. 54) in the key derivation function.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Ryan in view of Hanna with Tang in order to allow multiple sessions to be invoked between different applications and to avoid unknown key share attacks (Tang § 3.1), thereby increasing the security of the derived key and the resultant encrypted data.



As to claims 3, 12, and 21, Ryan in view of Hanna and Tang discloses the method/system/CRM of claims 1, 9, and 18, and further discloses:
wherein the first encrypted communication … a time-to-live value. (“the TTL may be set for the secure chat room, but senders may have the option to change the TTL for individual communications.” Ryan col. 11, ln. 35)

Ryan in view of Hanna does not explicitly disclose:
Includes 



A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified Ryan in view of Hanna by including the TTL value of the individual communication in the communication itself.  It would have been obvious to include the TTL value in the communication itself because the TTL value must be communicated to the entities receiving the communication and because combining the TTL value with the communication would simplify the system relative to separating the data in different communications and also would prevent any issues with the receivers of the communication being unaware of the TTL.

As to claims 4, 13, and 22, Ryan in view of Hanna and Tang discloses the method/system/CRM of claims 3, 12, and 21 and further discloses:
comprising: determining, by the first device (“The TTL values can be used to enforce (e.g., on behalf of a message sender) time constraints on message access (e.g., by a receiver).” Ryan col. 6, ln. 22), an expiry time of the first encrypted based in part on the time-to-live. (“For example, if the secure chat room has a TTL of 24 hours, standard communications may be deleted from the block chain 24 hours after the transaction has been created.” Ryan col. 8, ln. 10)


determining, by the first device (“The TTL values can be used to enforce (e.g., on behalf of a message sender) time constraints on message access (e.g., by a receiver).” Ryan col. 6, ln. 22), whether a current time is greater than the expiry time. (“For example, if the secure chat room has a TTL of 24 hours, standard communications may be deleted from the block chain 24 hours after the transaction has been created.” Ryan col. 8, ln. 10)

As to claims 11 and 20, Ryan in view of Hanna and Tang discloses the system/CRM of claims 9 and 18 and further discloses:
wherein the processor (“The TTL values can be used to enforce (e.g., on behalf of a message sender) time constraints on message access (e.g., by a receiver).” Ryan col. 6, ln. 22) is configured to determine whether a time-to-live value associated with the first encrypted communication has expired. (“For example, if the secure chat room has a TTL of 24 hours, standard communications may be deleted from the block chain 24 hours after the transaction has been created.” Ryan col. 8, ln. 10)


Claims 6-8, 15-17, and 24-26 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ryan et al., US 9,590,956 (published 2017-03), in view of Hanna, US 2002/0136410 (filed 2001-03), Tang “A Reflection on the Security of Two-Party Key Establishment Protocols” (published 2010), and Windl et al. “The NTP FAQ” (published 2006-11).
As to claims 6, 15, and 24, Ryan in view of Hanna and Tang discloses the method/system/CRM of claims 5, 14, and 23 but does not disclose:

wherein determining the current time further comprises: 
requesting, by the first device, a master clock time from a first server; 
receiving, at the first device, the master clock time from the first server; and 
comparing, at the first device, the received master clock time to a local device time. 

Windl discloses:
wherein determining the current time further comprises: 
requesting, by the first device, a master clock time from a first server; (“Synchronizing a client to a network server consists of several packet exchanges where each exchange is a pair of request and reply.” Windl § 5.1.2.1 “How is Time Synchronized?”)
receiving, at the first device, the master clock time from the first server; and (“When a server receives such a packet, it will in turn store its own time (receive timestamp) into the packet, and the packet will be returned after putting a transmit timestamp into the packet.” Windl § 5.1.2.1 “How is Time Synchronized?”)
comparing, at the first device, the received master clock time to a local device time. (“When receiving the reply, the receiver will once more log its own receipt time to 
Those time differences can be used to estimate the time offset between both machines, as well as the dispersion (maximum offset error). The shorter and more symmetric the round-trip time, the more accurate the estimate of the current time.” Windl § 5.1.2.1 “How is Time Synchronized?”)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Ryan in view of Hanna and Tang with Windl by incorporating the NTP protocol and correcting the machines time based on the results of the NTP algorithm.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to correct time using NTP in order to prevent anomalous program performance due to an incorrect clock, Windl § 4.1.3.

As to claims 7, 16, and 25 Ryan in view of Hanna, Tang, and Windl discloses the method/system/CRM of claims 6, 15, and 24 and further discloses:
revoking, by the first device (“The TTL values can be used to enforce (e.g., on behalf of a message sender) time constraints on message access (e.g., by a receiver).” Ryan col. 6, ln. 22), access to the first communication when the current time is greater than the expiry time. (“For example, if the secure chat room has a TTL of 24 hours, standard communications may be deleted from the block chain 24 hours after the transaction has been created.” Ryan col. 8, ln. 10).

As to claims 8, 17, and 26, Ryan in view of Hanna, Tang, and Windl discloses the method/system/CRM of claims 7, 16, and 25 and further discloses:
wherein revoking access to the first communication includes at least one of deleting the first communication from the first device (“For example, if the secure chat room has a TTL of 24 hours, standard communications may be deleted from the block chain 24 hours after the transaction has been created.” Ryan col. 8, ln. 10)  and revoking one or more keys required to access the first communication.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Park et al., US 10848971, discloses a profile download for a mobile phone to allow m2m communication between terminals. 
Patil et al., US 2016/0218866, discloses a group key announcement system whereby a group ID and key are used to transfer encrypted messages.
Ham, US 2013/0117579, discloses generating an application key using a device key and an application ID.
Kim, US 2014/0258734, discloses generating an application key using  an encrypted security key and an application ID.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165.  The examiner can normally be reached on M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  






/MICHAEL W CHAO/Examiner, Art Unit 2492