DETAILED ACTION
1.    	This action is responsive to communication filed on 09 December 2020, with acknowledgement of an original application filed on 31 July 2018.

2.    	Claims 1-20 are currently pending. Claims 1, 8, and 15 are in independent forms. Claims 1-2, 8-9, and 15-16 has been amended. 

Response to Arguments
3.    	Applicant's arguments filed on 09 December 2020 have been fully considered however they are moot due to new grounds of rejection below initiated by applicant's amendment.

Claim Rejections - 35 USC § 103
4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

5.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Cantu et al. US Patent Application Publication No. 2001/0020228 in view of Bishop, JR et al. US Patent Application Publication No. 2004/0148356 (hereinafter Bishop).
Regarding claim 1, Cantu discloses a method comprising: 
 “receiving an encrypted message directed to the entity from a customer client” (see Cantu par. 0054, A user maintains a private key and distributes public keys to others. The user can then encrypt messages with the private key and send to others having the public key); and 

However, in analogues art, Tomkow discloses receiving a digitally-signed membership list identifying a set of agent clients registered as agents of an entity that uses a messaging system, the list received from an administrator of the entity and digitally-signed by the administrator of the entity (see Tomkow par. 0015, an electronic message system that creates and records a digital signature of each electronic message sent through the system. An originator may send a copy of the electronic message to the system or generate the electronic message within the system itself. The system then forwards and delivers the electronic message to all recipients (or to the designated message handlers associated with the recipients), including "to" addressees and "cc" addressees).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Tomkow into the system of Cantu in order to receive electronic message; generating a digital signature corresponding to the content of the received message; providing the message and the digital signature to a designated addressee (see Tomkow par. 0021).
Cantu in view of Tomkow does not explicitly discloses distributing the encrypted message to the agent clients in the set registered as agents of the entity, wherein the agent clients are adapted to decrypt the encrypted message using security information received from the customer client.
However, in analogues art, Bishop discloses distributing the encrypted message to the agent clients in the set registered as agents of the entity, wherein the agent clients are adapted to decrypt the encrypted message using security information received from the customer client (see Bishop par. 0039-0040, sending the electronic message from a sending agent to a message server, wherein the electronic message is addressed to one or more recipient agents, confirming by the message server that the sending agent and the one or more recipient agents are registered with the message server, wherein the electronic message is not sent to any of the one or more recipient agents if the sending agent is not registered, and sending the electronic message from the message server to the one or more recipient agents that are registered with the message server, wherein the first server-encrypted message is encrypted using an sender message server key, ascertaining a recipient agent from the message header that has been decrypted using the sender message server key).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Bishop into the system of Cantu and Tomkow to provide a recipient agents that are registered with the message server, and sending the message from the message server to the one or more recipient agents that are registered with the message server (see Bishop par. 0039).

Regarding claim 2, Cantu in view of Tomkow in further view of Bishop discloses the method of claim 1, 
Cantu further discloses wherein the digitally-signed membership list includes identifiers of the agent clients in the set and further comprising: creating a customer group for the customer client, the customer group including an identifier of the customer client and the digitally-signed membership list (see Cantu par. 0041, An enrollment (E) is a declaration of membership in a subset of the set of members of an organization. An enrollment may comprise a token linking a particular user to an organization and group within the organization. For instance, the enrollment (E) could bind a user id to an organization id and specific user community id within the organization); and providing the digitally-signed membership list included in the customer group to the customer client (see Cantu par. 0031, the common authority 2 may be a bank where the user (U) 4 is a customer and the server 6 may be some service providing aspect offered by the bank, such as brokerage services or on-line banking. The common authority 2 would provide the user (U) 4 a certificate which the user (U) 4 presents to authenticate the user identity in communications); wherein the customer client is adapted to validate the digitally-signed membership list using the digital signature and, responsive to successful validation of the digitally-signed membership list, use the identifiers of the agent clients in the set to send the security information to the agent clients in the set (see Cantu par. 0034, the user (U) 12 has entered into a membership agreement with the consuming organization (O) 10 to receive certain resource sets (which, when the subsequent agreements are in effect, include resource R in S); the service organization (P) 14 has entered into an agreement with the server (S) 16 to provide R to any user who can cause a suitable ticket to be presented; and the service organization (P) 14 and consuming organization (O) 10 have entered into an agreement associating certain enrollments with certain tickets. These three conditions have the cumulative effect of providing that the service organization's (P) 14 servers (S) 10 provide certain resources to users 12 associated with the consuming organization (O) 10 in the appropriate membership classes (also known as enrollments or enrollment classes)).

Regarding claim 3, Cantu in view of Tomkow in further view of Bishop discloses the method of claim 1, 
Cantu further discloses receiving a plurality of encrypted messages directed to the entity from a plurality of customer clients (see Cantu par. 0015, Encryption keys are exchanged among a first entity, second entity, third entity, and a fourth entity. Each entity has one relationship with one other entity and the encryption keys are exchanged pursuant to the relationships. Electronic messages are encrypted with the encryption keys concerning digital enrollments to provide to the first entity); creating a respective customer group for each of the plurality of customer clients, each respective customer group including an identifier of a respective customer client and identifiers of the agent clients in the set (see Cantu par. 0048, The consuming organization (O) 26 or its agent A.sub.o 24 would provide (at block 52) the service organization (P) 30 or its agent A.sub.p 28 with information on its enrollments E. Upon receiving the enrollments (E) (at block 54), the service organization (P) 30 would generate (at block 56) a mapping of enrollments (E) to tickets (t) that provide access to resources (R) 22 based on the agreement with the consuming organization (O) 26); and providing the identifiers of the agent clients in the respective customer groups to the respective customer clients (see Cantu pars. 0048-0049, The service organization (P) 30 or its agent 28 would then send (at block 58) the mappings of enrollments (E) to tickets (t) to the clearance center (C) 32. The clearance center (C) 32 then updates (at block 60) its enrollment (E) to ticket (t) mappings, user (U) 34 enters into an agreement (at block 62) with the consuming organization (O) 26 for enrollments (E) that will provide the user (U) 34 access to certain resources (R) 22. In response, the consuming organization (O) 26 or its agent A.sub.o 24 sends (at block 64) the user (U) 34 the user enrollments (E)).

Regarding claim 4, Cantu in view of Tomkow in further view of Bishop discloses the method of claim 1, 
Bishop further discloses receiving a second encrypted message directed to the customer client, the second encrypted message received from an agent client in the set of agent clients (see Bishop par. 0040, wherein the first server-encrypted message comprises a message header and encrypted message content that has been encrypted using a content key, and wherein the first server-encrypted message is encrypted using an sender message server key, ascertaining a recipient agent from the message header that has been decrypted using the sender message server key, wherein the encrypted message content is not decrypted at the message server, and sending a second server-encrypted message to the recipient agent); and distributing the second encrypted message to the customer client and to other agent clients in the set (see Bishop par. 0040, sending a second server-encrypted message to the recipient agent where the second server-encrypted message is decrypted using a recipient message server key and the encrypted message content is decrypted using the content key).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Bishop into the system of Cantu and Tomkow to provide a recipient agents that are registered with the message server, and sending the message from the message server to the one or more recipient agents that are registered with the message server (see Bishop par. 0039).

Regarding claim 5, Cantu in view of Tomkow in further view of Bishop discloses the method of claim 4, 
Bishop further discloses wherein the customer client is adapted to receive the second encrypted message, decrypt the second encrypted message using security information received by the customer client from the agent client to produce a decrypted message, and display the decrypted message on the customer client as being from the entity for which the agent client is registered (see Bishop par. 0040, wherein the first server-encrypted message comprises a message header and encrypted message content that has been encrypted using a content key, and wherein the first server-encrypted message is encrypted using an sender message server key, ascertaining a recipient agent from the message header that has been decrypted using the sender message server key, wherein the encrypted message content is not decrypted at the message server, and sending a second server-encrypted message to the recipient agent, sending a second server-encrypted message to the recipient agent where the second server-encrypted message is decrypted using a recipient message server key and the encrypted message content is decrypted using the content key). 
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Bishop into the system of Cantu and Tomkow to provide a recipient agents that are registered with the message server, and sending the message from the message server to the one or more recipient agents that are registered with the message server (see Bishop par. 0039).
 Regarding claim 6, Cantu in view of Tomkow in further view of Bishop discloses the method of
claim 1, 
Cantu further discloses determining an identifier of an admin client associated with the administrator of the entity (see Cantu pars. 0040-0041, A.sub.p 28 is the agent or administrator for the producer organization P 28. A clearance center (C) 32 maintains a map of enrollments (E) to tickets (T) for each server (S) 20 the clearance center (C) 32 supports. An enrollment (E) is a declaration of membership in a subset of the set of members of an organization); receiving from an agent client a validation code validating the agent client as an agent of the entity (see Cantu par. 0043, the consuming organization (O) 26 would determine the validity of the user enrollment mapping from the modifier before presenting the user the enrollments. The server (S) 20 would determine the validity of the resource to ticket mapping based on any modifiers when determining whether a ticket authorizes access to a resource, and the clearance center may determine the validity of the enrollment to ticket mapping based on any modifiers before transmitting tickets in response to receiving an enrollment); creating an agent identifier for the agent client, the agent identifier derived from the identifier of the admin client (see Cantu par. 0048, Upon receiving the enrollments (E) (at block 54), the service organization (P) 30 would generate (at block 56) a mapping of enrollments (E) to tickets (t) that provide access to resources (R) 22 based on the agreement with the consuming organization (O) 26. The service organization (P) 30 or its agent 28 would then send (at block 58) the mappings of enrollments (E) to tickets (t) to the clearance center (C) 32); and providing the agent identifier to the admin client, wherein the agent identifier is included in the digitally-signed membership list received from the administrator of the entity (see Cantu par. 0085, Relationship 400 represents the preexisting dealings between the end user (U) 34 and the consuming organization (O) 26, or its administrator (A.sub.O) 24. The above model assumes that the end user (U) 34 engages in ongoing transactions with the consuming organization (O) 26 or its administrator 24 where such relationship is trusted in that the consuming organization (O) 26 and end user (U) 34 have previously verified the other's identity during transactions pursuant to the relationship 400, or the end user (U) 34 shows sufficient credentials (such as a birth certificate) to the agent 23 of the organization 26 as part of a multi-purpose transaction to establish relationships).

Regarding claim 7, Cantu in view of Tomkow in further view of Bishop discloses the method of claim 6, 
Cantu further discloses receiving a description of a barcode displayed by an agent client, the description received from the admin client (see Cantu par. 0101, the tickets and enrollments are represented as digital data, and may be embodied in a magnetic storage medium, a string of numbers or characters, marks on paper, such as a bar code or electronic media); providing a validation code to the admin client responsive to receipt of the description of the barcode (see Cantu par. 0043, the consuming organization (O) 26 would determine the validity of the user enrollment mapping from the modifier before presenting the user the enrollments. The server (S) 20 would determine the validity of the resource to ticket mapping based on any modifiers when determining whether a ticket authorizes access to a resource, and the clearance center may determine the validity of the enrollment to ticket mapping based on any modifiers before transmitting tickets in response to receiving an enrollment);  and validating the agent client as an agent of the entity responsive to receipt of the validation code from the agent client (see Cantu par. 0041, A.sub.p 28 is the agent or administrator for the producer organization P 28. A clearance center (C) 32 maintains a map of enrollments (E) to tickets (T) for each server (S) 20 the clearance center (C) 32 supports. An enrollment (E) is a declaration of membership in a subset of the set of members of an organization. the enrollment (E) could bind a user id to an organization id and specific user community id within the organization. An enrollment (E) is useful only when held by a user (U) 34 and the right of the user (U) 34 to use the enrollment is verified); wherein the agent identifier is created responsive to validating the agent client (see Cantu par. 0048, The consuming organization (O) 26 or its agent A.sub.o 24 would provide (at block 52) the service organization (P) 30 or its agent A.sub.p 28 with information on its enrollments E. Upon receiving the enrollments (E) (at block 54), the service organization (P) 30 would generate (at block 56) a mapping of enrollments (E) to tickets (t) that provide access to resources (R) 22 based on the agreement with the consuming organization (O) 26).

Regarding claim 8, Cantu discloses a system comprising: 
“a computer processor for executing computer program instructions” (see Cantu Fig. 3, server (S) 20, par. 0040, The server (S) 20 may comprise any computer system known in the art for serving information or processing requests for access to data or programs managed by the server); and 
a non-transitory computer-readable medium storing computer program instructions executable by the processor to perform operations comprising: 
 “receiving an encrypted message directed to the entity from a customer client” (see Cantu par. 0054, A user maintains a private key and distributes public keys to others. The user can then encrypt messages with the private key and send to others having the public key); and 
Cantu does not explicitly discloses receiving a digitally-signed membership list identifying a set of agent clients registered as agents of an entity registered as agents of the entity, the list received from an administrator of the entity and digitally-signed by the administrator of the entity.
However, in analogues art, Tomkow discloses receiving a digitally-signed membership list identifying a set of agent clients registered as agents of an entity that uses a messaging system, the list received from an administrator of the entity and digitally-signed by the administrator of the entity (see Tomkow par. 0015, an electronic message system that creates and records a digital signature of each electronic message sent through the system. An originator may send a copy of the electronic message to the system or generate the electronic message within the system itself. The system then forwards and delivers the electronic message to all recipients (or to the designated message handlers associated with the recipients), including "to" addressees and "cc" addressees).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Tomkow into the system of Cantu in order to receive electronic message; generating a digital signature corresponding to the content of the received message; providing the message and the digital signature to a designated addressee (see Tomkow par. 0021).
Cantu in view of Tomkow does not explicitly discloses distributing the encrypted message to the agent clients in the set registered as agents of the entity, wherein the agent clients are adapted to decrypt the encrypted message using security information received from the customer client.
However, in analogues art, Bishop discloses distributing the encrypted message to the agent clients in the set registered as agents of the entity, wherein the agent clients are adapted to decrypt the encrypted message using security information received from the customer client” (see Bishop par. 0039-0040, sending the electronic message from a sending agent to a message server, wherein the electronic message is addressed to one or more recipient agents, confirming by the message server that the sending agent and the one or more recipient agents are registered with the message server, wherein the electronic message is not sent to any of the one or more recipient agents if the sending agent is not registered, and sending the electronic message from the message server to the one or more recipient agents that are registered with the message server, wherein the first server-encrypted message is encrypted using an sender message server key, ascertaining a recipient agent from the message header that has been decrypted using the sender message server key).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Bishop into the system of Cantu and Tomkow to provide a recipient agents that are registered with the message server, and sending the message from the message server to the one or more recipient agents that are registered with the message server (see Bishop par. 0039).

Regarding claim 9, Cantu in view of Tomkow in further view of Bishop discloses the system of claim 8, 
Cantu further discloses wherein the digitally-signed membership list includes identifiers of the agent clients in the set and the operations further comprise: creating a customer group for the customer client, the customer group including an identifier of the customer client and the digitally-signed membership list (see Cantu par. 0041, An enrollment (E) is a declaration of membership in a subset of the set of members of an organization. An enrollment may comprise a token linking a particular user to an organization and group within the organization. For instance, the enrollment (E) could bind a user id to an organization id and specific user community id within the organization); and providing the digitally-signed membership list included in the customer group to the customer client (see Cantu par. 0031, the common authority 2 may be a bank where the user (U) 4 is a customer and the server 6 may be some service providing aspect offered by the bank, such as brokerage services or on-line banking. The common authority 2 would provide the user (U) 4 a certificate which the user (U) 4 presents to authenticate the user identity in communications); wherein the customer client is adapted to validate the digitally-signed membership list using the digital signature and, responsive to successful validation of the digitally-signed membership list, use the identifiers of the agent clients in the set to send the security information to the agent clients in the set (see Cantu par. 0034, the user (U) 12 has entered into a membership agreement with the consuming organization (O) 10 to receive certain resource sets (which, when the subsequent agreements are in effect, include resource R in S); the service organization (P) 14 has entered into an agreement with the server (S) 16 to provide R to any user who can cause a suitable ticket to be presented; and the service organization (P) 14 and consuming organization (O) 10 have entered into an agreement associating certain enrollments with certain tickets. These three conditions have the cumulative effect of providing that the service organization's (P) 14 servers (S) 10 provide certain resources to users 12 associated with the consuming organization (O) 10 in the appropriate membership classes (also known as enrollments or enrollment classes)).

Regarding claim 10, Cantu in view of Tomkow in further view of Bishop discloses the system of claim 8, 
Cantu further discloses receiving a plurality of encrypted messages directed to the entity from a plurality of customer clients (see Cantu par. 0015, Encryption keys are exchanged among a first entity, second entity, third entity, and a fourth entity. Each entity has one relationship with one other entity and the encryption keys are exchanged pursuant to the relationships. Electronic messages are encrypted with the encryption keys concerning digital enrollments to provide to the first entity); creating a respective customer group for each of the plurality of customer clients, each respective customer group including an identifier of a respective customer client and identifiers of the agent clients in the set (see Cantu par. 0048, The consuming organization (O) 26 or its agent A.sub.o 24 would provide (at block 52) the service organization (P) 30 or its agent A.sub.p 28 with information on its enrollments E. Upon receiving the enrollments (E) (at block 54), the service organization (P) 30 would generate (at block 56) a mapping of enrollments (E) to tickets (t) that provide access to resources (R) 22 based on the agreement with the consuming organization (O) 26); and providing the identifiers of the agent clients in the respective customer groups to the respective customer clients (see Cantu pars. 0048-0049, The service organization (P) 30 or its agent 28 would then send (at block 58) the mappings of enrollments (E) to tickets (t) to the clearance center (C) 32. The clearance center (C) 32 then updates (at block 60) its enrollment (E) to ticket (t) mappings, user (U) 34 enters into an agreement (at block 62) with the consuming organization (O) 26 for enrollments (E) that will provide the user (U) 34 access to certain resources (R) 22. In response, the consuming organization (O) 26 or its agent A.sub.o 24 sends (at block 64) the user (U) 34 the user enrollments (E)).
 
Regarding claim 11, Cantu in view of Tomkow in further view of Bishop discloses the system of claim 8, 
Bishop further discloses receiving a second encrypted message directed to the customer client, the second encrypted message received from an agent client in the set of agent clients (see Bishop par. 0040, wherein the first server-encrypted message comprises a message header and encrypted message content that has been encrypted using a content key, and wherein the first server-encrypted message is encrypted using an sender message server key, ascertaining a recipient agent from the message header that has been decrypted using the sender message server key, wherein the encrypted message content is not decrypted at the message server, and sending a second server-encrypted message to the recipient agent); and distributing the second encrypted message to the customer client and to other agent clients in the set (see Bishop par. 0040, sending a second server-encrypted message to the recipient agent where the second server-encrypted message is decrypted using a recipient message server key and the encrypted message content is decrypted using the content key).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Bishop into the system of Cantu and Tomkow to provide a recipient agents that are registered with the message server, and sending the message from the message server to the one or more recipient agents that are registered with the message server (see Bishop par. 0039).
 
Regarding claim 12, Cantu in view of Tomkow in further view of Bishop discloses the system of claim 11, 
Bishop further discloses wherein the customer client is adapted to receive the second encrypted message, decrypt the second encrypted message using security information received by the customer client from the agent client to produce a decrypted message, and display the decrypted message on the customer client as being from the entity for which the agent client is registered (see Bishop par. 0040, wherein the first server-encrypted message comprises a message header and encrypted message content that has been encrypted using a content key, and wherein the first server-encrypted message is encrypted using an sender message server key, ascertaining a recipient agent from the message header that has been decrypted using the sender message server key, wherein the encrypted message content is not decrypted at the message server, and sending a second server-encrypted message to the recipient agent, sending a second server-encrypted message to the recipient agent where the second server-encrypted message is decrypted using a recipient message server key and the encrypted message content is decrypted using the content key). 
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Bishop into the system of Cantu and Tomkow to provide a recipient agents that are registered with the message server, and sending the message from the message server to the one or more recipient agents that are registered with the message server (see Bishop par. 0039).
 
Regarding claim 13, Cantu in view of Tomkow in further view of Bishop discloses the system of claim 8, 
Cantu further discloses determining an identifier of an admin client associated with the administrator of the entity (see Cantu pars. 0040-0041, A.sub.p 28 is the agent or administrator for the producer organization P 28. A clearance center (C) 32 maintains a map of enrollments (E) to tickets (T) for each server (S) 20 the clearance center (C) 32 supports. An enrollment (E) is a declaration of membership in a subset of the set of members of an organization); receiving from an agent client a validation code validating the agent client as an agent of the entity (see Cantu par. 0043, the consuming organization (O) 26 would determine the validity of the user enrollment mapping from the modifier before presenting the user the enrollments. The server (S) 20 would determine the validity of the resource to ticket mapping based on any modifiers when determining whether a ticket authorizes access to a resource, and the clearance center may determine the validity of the enrollment to ticket mapping based on any modifiers before transmitting tickets in response to receiving an enrollment);  creating an agent identifier for the agent client, the agent identifier derived from the identifier of the admin client (see Cantu par. 0048, Upon receiving the enrollments (E) (at block 54), the service organization (P) 30 would generate (at block 56) a mapping of enrollments (E) to tickets (t) that provide access to resources (R) 22 based on the agreement with the consuming organization (O) 26. The service organization (P) 30 or its agent 28 would then send (at block 58) the mappings of enrollments (E) to tickets (t) to the clearance center (C) 32); and providing the agent identifier to the admin client, wherein the agent identifier is included in the digitally-signed membership list received from the administrator of the entity (see Cantu par. 0085, Relationship 400 represents the preexisting dealings between the end user (U) 34 and the consuming organization (O) 26, or its administrator (A.sub.O) 24. The above model assumes that the end user (U) 34 engages in ongoing transactions with the consuming organization (O) 26 or its administrator 24 where such relationship is trusted in that the consuming organization (O) 26 and end user (U) 34 have previously verified the other's identity during transactions pursuant to the relationship 400, or the end user (U) 34 shows sufficient credentials (such as a birth certificate) to the agent 23 of the organization 26 as part of a multi-purpose transaction to establish relationships).

Regarding claim 14, Cantu in view of Tomkow in further view of Bishop discloses the system of claim 13, 
Cantu further discloses receiving a description of a barcode displayed by an agent client, the description received from the admin client (see Cantu par. 0101, the tickets and enrollments are represented as digital data, and may be embodied in a magnetic storage medium, a string of numbers or characters, marks on paper, such as a bar code or electronic media); providing a validation code to the admin client responsive to receipt of the description of the barcode (see Cantu par. 0043, the consuming organization (O) 26 would determine the validity of the user enrollment mapping from the modifier before presenting the user the enrollments. The server (S) 20 would determine the validity of the resource to ticket mapping based on any modifiers when determining whether a ticket authorizes access to a resource, and the clearance center may determine the validity of the enrollment to ticket mapping based on any modifiers before transmitting tickets in response to receiving an enrollment);   and validating the agent client as an agent of the entity responsive to receipt of the validation code from the agent client (see Cantu par. 0041, A.sub.p 28 is the agent or administrator for the producer organization P 28. A clearance center (C) 32 maintains a map of enrollments (E) to tickets (T) for each server (S) 20 the clearance center (C) 32 supports. An enrollment (E) is a declaration of membership in a subset of the set of members of an organization. the enrollment (E) could bind a user id to an organization id and specific user community id within the organization. An enrollment (E) is useful only when held by a user (U) 34 and the right of the user (U) 34 to use the enrollment is verified); wherein the agent identifier is created responsive to validating the agent client (see Cantu par. 0048, The consuming organization (O) 26 or its agent A.sub.o 24 would provide (at block 52) the service organization (P) 30 or its agent A.sub.p 28 with information on its enrollments E. Upon receiving the enrollments (E) (at block 54), the service organization (P) 30 would generate (at block 56) a mapping of enrollments (E) to tickets (t) that provide access to resources (R) 22 based on the agreement with the consuming organization (O) 26).
 Regarding claim 15, Cantu discloses a non-transitory computer-readable storage medium
storing computer program instructions executable by a processor to perform operations comprising: 
 “receiving an encrypted message directed to the entity from a customer client” (see Cantu par. 0054, A user maintains a private key and distributes public keys to others. The user can then encrypt messages with the private key and send to others having the public key); and 
Cantu does not explicitly discloses receiving a digitally-signed membership list identifying a set of agent clients registered as agents of an entity that uses a messaging system, the list received from an administrator of the entity and digitally-signed by the administrator of the entity.
However, in analogues art, Tomkow discloses receiving a digitally-signed membership list identifying a set of agent clients registered as agents of an entity that uses a messaging system, the list received from an administrator of the entity and digitally-signed by the administrator of the entity (see Tomkow par. 0015, an electronic message system that creates and records a digital signature of each electronic message sent through the system. An originator may send a copy of the electronic message to the system or generate the electronic message within the system itself. The system then forwards and delivers the electronic message to all recipients (or to the designated message handlers associated with the recipients), including "to" addressees and "cc" addressees).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Tomkow into the system of Cantu in order to receive electronic message; generating a digital signature corresponding to the content of the received message; providing the message and the digital signature to a designated addressee (see Tomkow par. 0021).
 Cantu in view of Tomkow does not explicitly discloses distributing the encrypted message to the agent clients in the set registered as agents of the entity, wherein the agent clients are adapted to decrypt the encrypted message using security information received from the customer client.
However, in analogues art, Bishop discloses distributing the encrypted message to the agent clients in the set registered as agents of the entity, wherein the agent clients are adapted to decrypt the encrypted message using security information received from the customer client” (see Bishop par. 0039-0040, sending the electronic message from a sending agent to a message server, wherein the electronic message is addressed to one or more recipient agents, confirming by the message server that the sending agent and the one or more recipient agents are registered with the message server, wherein the electronic message is not sent to any of the one or more recipient agents if the sending agent is not registered, and sending the electronic message from the message server to the one or more recipient agents that are registered with the message server, wherein the first server-encrypted message is encrypted using an sender message server key, ascertaining a recipient agent from the message header that has been decrypted using the sender message server key).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Bishop into the system of Cantu and Tomkow to provide a recipient agents that are registered with the message server, and sending the message from the message server to the one or more recipient agents that are registered with the message server (see Bishop par. 0039).

Regarding claim 16, Cantu in view of Tomkow in further view of Bishop discloses the non-transitory computer-readable storage medium of claim 15, 
Cantu further discloses wherein the digitally-signed membership list includes identifiers of the agent clients in the set and the operations further comprise: creating a customer group for the customer client, the customer group including an identifier of the customer client and the digitally-signed membership list (see Cantu par. 0041, An enrollment (E) is a declaration of membership in a subset of the set of members of an organization. An enrollment may comprise a token linking a particular user to an organization and group within the organization. For instance, the enrollment (E) could bind a user id to an organization id and specific user community id within the organization); and providing the digitally-signed membership list included in the customer group to the customer client (see Cantu par. 0031, the common authority 2 may be a bank where the user (U) 4 is a customer and the server 6 may be some service providing aspect offered by the bank, such as brokerage services or on-line banking. The common authority 2 would provide the user (U) 4 a certificate which the user (U) 4 presents to authenticate the user identity in communications); wherein the customer client is adapted to validate the digitally-signed membership list using the digital signature and, responsive to successful validation of the digitally-signed membership list, use the identifiers of the agent clients in the set to send the security information to the agent clients in the set (see Cantu par. 0034, the user (U) 12 has entered into a membership agreement with the consuming organization (O) 10 to receive certain resource sets (which, when the subsequent agreements are in effect, include resource R in S); the service organization (P) 14 has entered into an agreement with the server (S) 16 to provide R to any user who can cause a suitable ticket to be presented; and the service organization (P) 14 and consuming organization (O) 10 have entered into an agreement associating certain enrollments with certain tickets. These three conditions have the cumulative effect of providing that the service organization's (P) 14 servers (S) 10 provide certain resources to users 12 associated with the consuming organization (O) 10 in the appropriate membership classes (also known as enrollments or enrollment classes)).

Regarding claim 17, Cantu in view of Tomkow in further view of Bishop discloses the non-transitory computer-readable storage medium of claim 15, 
Cantu further discloses receiving a plurality of encrypted messages directed to the entity from a plurality of customer clients (see Cantu par. 0015, Encryption keys are exchanged among a first entity, second entity, third entity, and a fourth entity. Each entity has one relationship with one other entity and the encryption keys are exchanged pursuant to the relationships. Electronic messages are encrypted with the encryption keys concerning digital enrollments to provide to the first entity); creating a respective customer group for each of the plurality of customer clients, each respective customer group including an identifier of a respective customer client and identifiers of the agent clients in the set (see Cantu par. 0048, The consuming organization (O) 26 or its agent A.sub.o 24 would provide (at block 52) the service organization (P) 30 or its agent A.sub.p 28 with information on its enrollments E. Upon receiving the enrollments (E) (at block 54), the service organization (P) 30 would generate (at block 56) a mapping of enrollments (E) to tickets (t) that provide access to resources (R) 22 based on the agreement with the consuming organization (O) 26); and providing the identifiers of the agent clients in the respective customer groups to the respective customer clients (see Cantu pars. 0048-0049, The service organization (P) 30 or its agent 28 would then send (at block 58) the mappings of enrollments (E) to tickets (t) to the clearance center (C) 32. The clearance center (C) 32 then updates (at block 60) its enrollment (E) to ticket (t) mappings, user (U) 34 enters into an agreement (at block 62) with the consuming organization (O) 26 for enrollments (E) that will provide the user (U) 34 access to certain resources (R) 22. In response, the consuming organization (O) 26 or its agent A.sub.o 24 sends (at block 64) the user (U) 34 the user enrollments (E)).

Regarding claim 18, Cantu in view of Tomkow in further view of Bishop discloses the non-transitory computer-readable storage medium of claim 15, 
Bishop further discloses receiving a second encrypted message directed to the customer client, the second encrypted message received from an agent client in the set of agent clients (see Bishop par. 0040, wherein the first server-encrypted message comprises a message header and encrypted message content that has been encrypted using a content key, and wherein the first server-encrypted message is encrypted using an sender message server key, ascertaining a recipient agent from the message header that has been decrypted using the sender message server key, wherein the encrypted message content is not decrypted at the message server, and sending a second server-encrypted message to the recipient agent); and distributing the second encrypted message to the customer client and to other agent clients in the set (see Bishop par. 0040, sending a second server-encrypted message to the recipient agent where the second server-encrypted message is decrypted using a recipient message server key and the encrypted message content is decrypted using the content key).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to incorporate the teachings of Bishop into the system of Cantu and Tomkow to provide a recipient agents that are registered with the message server, and sending the message from the message server to the one or more recipient agents that are registered with the message server (see Bishop par. 0039).

Regarding claim 19, Cantu in view of Tomkow in further view of Bishop discloses the non-transitory computer-readable storage medium of claim 15, 
Cantu further discloses determining an identifier of an admin client associated with the administrator of the entity (see Cantu pars. 0040-0041, A.sub.p 28 is the agent or administrator for the producer organization P 28. A clearance center (C) 32 maintains a map of enrollments (E) to tickets (T) for each server (S) 20 the clearance center (C) 32 supports. An enrollment (E) is a declaration of membership in a subset of the set of members of an organization); receiving from an agent client a validation code validating the agent client as an agent of the entity (see Cantu par. 0043, the consuming organization (O) 26 would determine the validity of the user enrollment mapping from the modifier before presenting the user the enrollments. The server (S) 20 would determine the validity of the resource to ticket mapping based on any modifiers when determining whether a ticket authorizes access to a resource, and the clearance center may determine the validity of the enrollment to ticket mapping based on any modifiers before transmitting tickets in response to receiving an enrollment);   creating an agent identifier for the agent client, the agent identifier derived from the identifier of the admin client (see Cantu par. 0048, Upon receiving the enrollments (E) (at block 54), the service organization (P) 30 would generate (at block 56) a mapping of enrollments (E) to tickets (t) that provide access to resources (R) 22 based on the agreement with the consuming organization (O) 26. The service organization (P) 30 or its agent 28 would then send (at block 58) the mappings of enrollments (E) to tickets (t) to the clearance center (C) 32); and providing the agent identifier to the admin client, wherein the agent identifier is included in the digitally-signed membership list received from the administrator of the entity (see Cantu par. 0085, Relationship 400 represents the preexisting dealings between the end user (U) 34 and the consuming organization (O) 26, or its administrator (A.sub.O) 24. The above model assumes that the end user (U) 34 engages in ongoing transactions with the consuming organization (O) 26 or its administrator 24 where such relationship is trusted in that the consuming organization (O) 26 and end user (U) 34 have previously verified the other's identity during transactions pursuant to the relationship 400, or the end user (U) 34 shows sufficient credentials (such as a birth certificate) to the agent 23 of the organization 26 as part of a multi-purpose transaction to establish relationships).
 
Regarding claim 20, Cantu in view of Tomkow in further view of Bishop discloses the non-transitory computer-readable storage medium of claim 19, 
Cantu further discloses receiving a description of a barcode displayed by an agent client, the description received from the admin client (see Cantu par. 0101, the tickets and enrollments are represented as digital data, and may be embodied in a magnetic storage medium, a string of numbers or characters, marks on paper, such as a bar code or electronic media); providing a validation code to the admin client responsive to receipt of the description of the barcode (see Cantu par. 0043, the consuming organization (O) 26 would determine the validity of the user enrollment mapping from the modifier before presenting the user the enrollments. The server (S) 20 would determine the validity of the resource to ticket mapping based on any modifiers when determining whether a ticket authorizes access to a resource, and the clearance center may determine the validity of the enrollment to ticket mapping based on any modifiers before transmitting tickets in response to receiving an enrollment);    and validating the agent client as an agent of the entity responsive to receipt of the validation code from the agent client (see Cantu par. 0041, A.sub.p 28 is the agent or administrator for the producer organization P 28. A clearance center (C) 32 maintains a map of enrollments (E) to tickets (T) for each server (S) 20 the clearance center (C) 32 supports. An enrollment (E) is a declaration of membership in a subset of the set of members of an organization, the enrollment (E) could bind a user id to an organization id and specific user community id within the organization. An enrollment (E) is useful only when held by a user (U) 34 and the right of the user (U) 34 to use the enrollment is verified); wherein the agent identifier is created responsive to validating the agent client (see Cantu par. 0048, The consuming organization (O) 26 or its agent A.sub.o 24 would provide (at block 52) the service organization (P) 30 or its agent A.sub.p 28 with information on its enrollments E. Upon receiving the enrollments (E) (at block 54), the service organization (P) 30 would generate (at block 56) a mapping of enrollments (E) to tickets (t) that provide access to resources (R) 22 based on the agreement with the consuming organization (O) 26).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMUEL AMBAYE whose telephone number is (571)270-7635.  The examiner can normally be reached on M-F 9:00 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571) 272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAMUEL AMBAYE/Examiner, Art Unit 2433                           

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433