Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is in response to the amendment filed 2/24/2021.  Claims 1-24 are pending.  Of such, claims 1 (a method), 9 (a system) and 17 (a non-transitory CRM) are independent.

Response to Arguments
Applicant’s arguments, see page 7, filed 2/24/2021, with respect to the rejection(s) of claim(s) 1-24 under Ryan et al., US 9,590,956 have been fully considered and are persuasive.  Ryan does not disclose deriving a key based on an application ID. Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Ryan in view of Teng, “A Reflection on the Security of Two-Party Key Establishment Protocols.”

 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ryan et al., US 9,590,956 (published 2017-03), in view of Tang “A Reflection on the security of Two-Party Key Establishment Protocols.”
	As to claims 1, 9 and 17, Ryan discloses the method/system/CRM comprising:
transmitting, from a first device in a first secure communication network and to a secure communication platform, a first identifier for a second user that belongs to the second secure communication network (note claim 3, the first/second secure communication networks may be the same in claim 1); (“Obtaining the intended receiver's public information may include transmitting a request to the security platform, or another secure directory, for the intended receiver's public information.” Ryan col.8, ln. 64)
receiving, at the first device, a user profile for the second user in response to transmitting the first identifier to the secure communication platform, wherein the user profile comprises a first ephemeral public, a first key identifier, and an application identifier (“In response to receiving the request, the security platform or secure directory responds with the intended receiver's public information. In this regard, the public information may include at least one of the receiver's app ID, user-level signing public key, signed app-level signing public key, a signed ephemeral ECDH public component, an identifier of the ephemeral ECDH public component, and the receiver's device key.” Ryan cols. 8-9, bridging paragraph) associated with an application executing on a second device of the second user; (“both the sender and receiver need to have a copy of the app running on their respective devices. In this 
generating, by the first device, a first encryption key; (“the sender's app generates a random, 256-bit message key in block 320.” Ryan col. 9, ln. 35)
deriving, by the first device, a key-encrypting key using at least the first ephemeral public key …; (“In block 335, the sender's app derives a key-encrypting key using the receiver's ephemeral ECDH public component and the ephemeral ECDH private component generated by the sender's app.” Ryan col. 9, ln. 54)
encrypting, by the first device, a first communication to the second user using the first encryption key; (“Once the message is composed and the message key generated, the sender's app will encrypt the message in block 325.” Ryan col. 9, ln. 45)
encrypting, by the first device, the first encryption key using the key-encrypting key; and (“In block 340, the message key is encrypted using the key-encrypting key.” Ryan col. 9, ln. 60)
transmitting, by the first device, the first encrypted communication, the key identifier, the encrypted first encryption key, and (“The datagram includes a payload and a header. The payload comprises the encrypted message, while the header includes destination entries for each of receiver's apps. That is, the sender's app addresses the message in a one-to-many manner. For instance, the sender addresses the message to the receiver, but the sender's app composes a datagram that is addressed to each of the receiver's apps. Accordingly, each destination entry includes the twice-encrypted message key specific to that app; the ephemeral ECDH key identifier unique to the receiver's app; and the sender's signed ephemeral public component.” Ryan col. 10, ln. 18)
routing data to the second device on the second secure communication network (note claim 3, the first/second secure communication networks may be the same in claim 1), wherein the routing data comprises a first security group identifier associated with the first device (“the receiver's app may determine if a group identifier is included in the message.” Ryan col. 14, ln. 49. The first device being a member of the group as a sender.) and a first network identifier associated with the first secure communication network. (“the receiver's app may compare the sender of the message to the participant list stored on the receiver's device. If the sender does not appear on the sender's list, then the process proceeds to block 945, where the receiver's app transmits a request for additional information to the sender.” Ryan col. 15, ln. 7. The message includes an identifier of the sender. No particular manner of association is required, thus the first identifier is associated with the first network by virtue of the first device belonging to a first network.)

Ryan does not disclose: 
 … and the application identifier

Tang discloses: 
… and the application identifier (“the key establishment protocol takes an application identifier appid as input. This reflects our consideration that the protocol can be invoked by multiple applications from the same user. We require that, for a user, its 

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Ryan with Tang by incorporating the application identifier in addition to the keying material (of Ryan col. 9, ln. 54).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Ryan with Tang in order to allow multiple sessions to be invoked between different applications and to avoid unknown key share attacks (Tang § 3.1), thereby increasing the security of the derived key and the resultant encrypted data.

With respect to claims 2, 10, and 18 Ryan in view of Tang discloses the method/system/CRM of claims 1, 9, and 17 and further discloses: 
wherein the first device belongs to a first secure communication network. (the networks are “secure” as they transmit encrypted packets).

With respect to claims 3, 11, and 19 Ryan in view of Tang discloses the method/system/CRM of claims 1, 9, and 17 and further discloses: 
wherein the first secure communication network and the second secure communication network are different networks. (“Communications between users of client devices 210, 220, 230 may be exchanged via network 112. Network 112 may include various configurations and use various protocols including the Internet, World Wide Web, intranets, virtual private networks, local Ethernet networks, private networks using communication protocols proprietary to one or more companies, cellular and wireless networks (e.g., WiFi), instant messaging, HTTP and SMTP, and various combinations of the foregoing.” Ryan col. 6, ln. 48. A multitude of networks.)

With respect to claims 4, 12, and 20 Ryan in view of Tang discloses the method/system/CRM of claims 1, 9, and 17 and further discloses: 
wherein the first encryption key is calculated by inputting a first set of pseudorandom bytes into a key derivation function. (“the message key is a symmetric key generated by applying multiple rounds of a hash function to a set of pseudorandom bytes derived from the sender's device” Ryan col. 9, ln. 39)

With respect to claims 5, 13, and 21 Ryan in view of Tang discloses the method/system/CRM of claims 1, 9, and 17 and further discloses: 
wherein the processor is further configured to generate a second ephemeral key pair. (“In block 330, the sender's app generates a pair of ephemeral ECDH components.” Ryan col. 9, ln. 52)

With respect to claims 6, 14, and 22 Ryan in view of Tang discloses the method/system/CRM of claims 5, 13, and 21 and further discloses: 
wherein the key-encrypting key is derived according to a key agreement protocol. (“In block 335, the sender's app derives a key-encrypting key using the receiver's ephemeral ECDH public component and the ephemeral ECDH private component 

With respect to claims 7, 15, and 23 Ryan in view of Tang discloses the method/system/CRM of claims 6, 14, and 22 and further discloses: 
wherein the key agreement protocol uses the first ephemeral public key and the second ephemeral private key generated by the first device. (“In block 335, the sender's app derives a key-encrypting key using the receiver's ephemeral ECDH public component and the ephemeral ECDH private component generated by the sender's app.” Ryan col. 9, ln. 54. EDCH is an acronym for Elliptic Curve Diffie-Hellman, a key agreement protocol.)

With respect to claims 8, 16, and 24 Ryan in view of Tang discloses the method/system/CRM of claims 7, 15, and 23 and further discloses: 
comprising: transmitting, by the first device, the second ephemeral public key to the first user with the first encrypted communication, the key identifier, and the encrypted first encryption key. (“The datagram includes a payload and a header. The payload comprises the encrypted message, while the header includes destination entries for each of receiver's apps. That is, the sender's app addresses the message in a one-to-many manner. For instance, the sender addresses the message to the receiver, but the sender's app composes a datagram that is addressed to each of the receiver's apps. Accordingly, each destination entry includes the twice-encrypted message key specific to that app; the ephemeral ECDH key identifier unique to the receiver's app; and the sender's signed ephemeral public component.” Ryan col. 10, ln. 18)


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Park et al., US 10848971, discloses a profile download for a mobile phone to allow m2m communication between terminals. 
Patil et al., US 2016/0218866, discloses a group key announcement system whereby a group ID and key are used to transfer encrypted messages.
Ham, US 2013/0117579, discloses generating an application key using a device key and an application ID.
Kim, US 2014/0258734, discloses generating an application key using an encrypted security key and an application ID.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165.  The examiner can normally be reached on M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 






/MICHAEL W CHAO/Examiner, Art Unit 2492