DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
This action is the responsive to the communication filed on 04/072020.


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1, 4 and 7 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 6 and 9 of U.S. Patent No. 9,948,623. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1, 6 and 9 of U.S. Patent No. 9,948,623 in view of Cam-Winget et al US 7,400733. 
	As per claim 1, Patent did not explicitly disclose determining, based on a request received from a first computing device and by a second computing device, to establish a 
  	However, Cam discloses determining, based on a request received from a first computing device and by a second computing device, to establish a secure communication between the first computing device and the second computing device (fig.3, numeral 310, col 3, lines 34-36, establishing an encrypted channel between stations wherein the one station desire to indicate a need to communicate  and a station can indicate that communication over an encrypted channel is desired and col 5, lines 10-15, then  the stations can determine whether disengaging is appropriate to ensure maximum security of their communication); 

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of sending, by a first computing device and to a second computing device, a first request to establish a secure communication between the first computing device and the second computing device of patent, based on the teaching of establishing an encrypted channel between stations wherein the one station desire to indicate a need to communicate  and a station can indicate that communication over an encrypted channel is desired of Cam, because doing so would provide encrypted channel between devices.

Instant application 16/750974
Patent# 9,948,623
1. (New) A method comprising: determining, based on a request received from a first computing device and by a second computing device, to establish a secure communication between the first computing device and the second computing device; 

sending, to the first computing device and for forwarding to a trusted computing device, a first message indicating that the second computing device has requested to establish the secure communication; receiving, from the first computing device, a second message indicating a first key and a type of key usage of the first key, wherein the first key and the type of key usage correspond to a pairing between the first computing device and the second computing device; and establishing, based on the first key and based on the type of key usage of the first key, the secure communication between the first computing device and the second computing device.  











4. (New) The method of claim 1, wherein the first message further indicates, for each of a plurality of previously installed keys, a different type of key usage.  


7. (New) The method of claim 1, wherein the second message further indicates, for each of a plurality of keys, a different type of key usage.  






1. A method comprising: 
sending, by a first computing device and to a second computing device, a first request to establish a secure communication between the first computing device and the second computing device; receiving, by the first computing device and from the second computing device, a response to the first request; 
sending, by the first computing device and to a trusted computing device, and based on the response to the first request, a second request to establish the secure communication between the first computing device and the second computing device; 
receiving, by the first computing device and from the trusted computing device: an indication of a plurality of keys; and an indication of a type of key usage for each of the plurality of keys, wherein each of the plurality of keys has a different type of key usage; processing, by the first computing device, a first key of the plurality of keys and a type of key usage for the first key to establish the secure communication between the first computing device and the second computing device; and 
sending, by the first computing device and to the trusted computing device, verification of an establishment of the secure communication based on the first key and the type of key usage of the first key. 
    6. The method of claim 1, further comprising: receiving an instruction from the trusted computing device to change the type of key usage of the first key. 

    
    9. The method of claim 1, wherein the type of key usage comprises one or more of a type of key usage for communication encryption, communication authentication, root encryption, root authentication, server encryption, or server authentication between devices. 


   



Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-33 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

 	As per claims 1/12/23, this claim recite the limitation “ sending, to the first computing device and for forwarding to a trusted computing device, a first message indicating that the second computing device has requested to establish the secure communication;
 	It can be seen the sending to the first computing device a first message indicating that …. But it can also be seen as sending the first computing device or for forwarding to a trusted computing device. Thus, this claim is not clear. Therefore, this claim is indefinite. Examiner is considering the first computing device is forwarding to a trusted computing device. 
 	As per claim 2-11, 13-22 and 24-33, claims are rejected based on the same rational set for the clams 1, 12 and 23 respectively. 



Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-7, 9-18,20-29 and 31-33 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Cam-winger et al US 7,400,733 (hereafter Cam) in view of Suarez et al US 2006/0291664.


 	As per claim 1, Cam discloses a method comprising: 
 	determining, based on a request received from a first computing device and by a second computing device, to establish a secure communication between the first computing device and the second computing device (fig.3, numeral 310, col 3, lines 34-36, establishing an encrypted channel between stations wherein the one station desire to indicate a need to communicate  and a station can indicate that communication over an encrypted channel is desired and col 5, lines 10-15, then  the stations can determine whether disengaging is appropriate to ensure maximum security of their communication); 
sending, to the first computing device, a first message indicating that the second computing device has requested to establish the secure communication (col 3, lines 22-24, Transceiver 211 provides. i.e. message, transceivers 221 and 231 with a wireless connection for establishing an encrypted channel between stations col 4, lines 55-65,  a first transceiver sends a request to initiate derivation of a new encryption key to a second transceiver in step 400. The request to initiate a new encryption key derivation can include first key material that is used (along with second key material received from the second transceiver); 
receiving, from the first computing device, a second message indicating a first key , wherein the first key and the type of key usage correspond to a pairing between the first computing device and the second computing device (col 2, lines 48-52 sending from a first transceiver to a second transceiver a request to initiate derivation of a new encryption key); and 
establishing, based on the first key and based on the type of key usage of the first key, the secure communication between the first computing device and the second computing device (col 5, lines 37-30 /46-48, In response to the request from the first transceiver in step 400, the second transceiver replies with second key material and the second transceiver can also send to the first transceiver a status message that indicates the feasibility (as determined by the second transceiver) of being able to commence, i.e. establishing,  using the new encryption key at the second transceiver ).  
 Cam does not disclose a type of key usage of the first key; and a first computing device for forwarding to a trusted computing device.
 Suarez discloses a type of key usage of the first key (par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones) and a first computing device for forwarding to a trusted computing device (fig.2, 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones  0029 The key control system 30 preferably comprises a key management server ("KMS") and  keys have been usages for symmetric and asymmetric type encryption ).

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of obtaining  various types key from the key management server  of Suarez combining with the synchronized key exchange of Cam, because doing so would provide the key rotation for encrypted channel. The key rotation provides a new key dynamically for the channel thus, it would have been a very difficult for intruder to determine the new key that has established the encrypted channel between stations ( col 3, lines 34-36).


 	As per claim 2, Cam in view of Suarez discloses the method of claim 1, wherein the first message further indicates: a previously installed key; and a previously installed type of key usage of the previously installed key (Suarez, 0024 The keys 22 must be accessible to the respective applications 16 and are present in a key store 31. A key store 31, as used herein, is a secure file where data keys 22 are stored. When an application requires a new key 22, it merely retrieves it from its designated key store 31 by sending the keys by the Key Control system 30).  

 	As per claim 3, Cam in view of Suarez discloses the method of claim 1, wherein: the first message further indicates a plurality of previously installed keys (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones ); and the plurality of previously installed keys are for establishing the secure communication between the first computing device and the second computing device ( Cam, fig.3, numeral 310, col 3, lines 34-36, establishing an encrypted channel between stations wherein the one station desire to indicate a need to communicate  and a station can indicate that communication over an encrypted channel is desired and col 5, lines 10-15, then  the stations can determine whether disengaging is appropriate to ensure maximum security of their communication ).   

 	As per claim 4, Cam in view of Suarez discloses the method of claim 1, wherein the first message further indicates, for each of a plurality of previously installed keys, a different type of key usage (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones ).  

 	As per claim 5, Cam in view of Suarez discloses the method of claim 1, wherein the sending the first message comprises encrypting the first message to be undecipherable to the first computing device and decrypted by the trusted computing device (Suarez, par 0050 key descriptor and the partial key label is that the application 16 that is encrypting the data uses the key descriptor to access the data key 22. The encrypting application 16 then retrieves the partial key label for the data key 22 used in the encryption).  

 	As per claim 6, Cam in view of Suarez discloses the method of claim 1, wherein: the second message further indicates a plurality of keys; and the plurality of keys are for establishing the secure communication between the first computing device and the second computing device (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones ).  

 	As per claim 7, Cam in view of Suarez discloses the method of claim 1, wherein the second message further indicates, for each of a plurality of keys, a different type of key usage (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  ).  


 	As per claim 9, Cam in view of Suarez discloses the method of claim 1, wherein sending the first message comprises encrypting the first message using a communication encryption key for secure communication between the second computing device and the trusted computing device(Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones and fig.2, 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones  0029 The key control system 30 preferably comprises a key management server ("KMS") and  keys have been usages for symmetric and asymmetric type encryption ).  
 	As per claim 10, Cam in view of Suarez discloses the method of claim 1, further comprising sending, to the trusted computing device via the first computing device, confirmation of successful processing of the first key and type of key usage of the first key (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones and fig.2, 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones  0029 The key control system 30 preferably comprises a key management server ("KMS") and  keys have been usages for symmetric and asymmetric type encryption ).  

 	As per claim 11, Cam in view of Suarez discloses the method of claim 1, wherein receiving the second message comprises decrypting the second message according to a communication decryption key for secure communication between the second computing device and the trusted computing device ( Suarez  0027 The system 20 allows applications 16 on any combination of distributed servers 13, mainframes 14, or other computing machines 12 to obtain keys 22 for both encrypting sensitive data and decrypting received encrypted data from key stores 31 where the keys 22 are stored ).  


 	As per claim 12, Cam discloses a second computing device comprising:
 	 one or more processors ( col 3, lines, 10-15, device 220 and device 230); and 
 	memory storing instructions that, when executed by the one or more processors, cause the second computing device to (fig.2, device 220 with memory  ): 
 	determine, based on a request received from a first computing device and by a second computing device, to establish a secure communication between the first computing device and the second computing device (fig.3, numeral 310, col 3, lines 34-36, establishing an encrypted channel between stations wherein the one station desire to indicate a need to communicate  and a station can indicate that communication over an encrypted channel is desired and col 5, lines 10-15, then  the stations can determine whether disengaging is appropriate to ensure maximum security of their communication); 
send, to the first computing device, a first message indicating that the second computing device has requested to establish the secure communication (col 3, lines 22-24, Transceiver 211 provides. i.e. message, transceivers 221 and 231 with a wireless connection for establishing an encrypted channel between stations col 4, lines 55-65,  a first transceiver sends a request to initiate derivation of a new encryption key to a second transceiver in step 400. The request to initiate a new encryption key derivation can include first key material that is used (along with second key material received from the second transceiver); 
receive, from the first computing device, a second message indicating a first key , wherein the first key and the type of key usage correspond to a pairing between the first computing device and the second computing device (col 2, lines 48-52 sending from a first transceiver to a second transceiver a request to initiate derivation of a new encryption key); and 
establish, based on the first key and based on the type of key usage of the first key, the secure communication between the first computing device and the second computing device (col 5, lines 37-30 /46-48, In response to the request from the first transceiver in step 400, the second transceiver replies with second key material and the second transceiver can also send to the first transceiver a status message that indicates the feasibility (as determined by the second transceiver) of being able to commence, i.e. establishing,  using the new encryption key at the second transceiver).  
 Cam does not disclose a type of key usage of the first key; and a first computing device for forwarding to a trusted computing device.
 Suarez discloses a type of key usage of the first key (par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones) and a first computing device for forwarding to a trusted computing device (fig.2, 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones  0029 The key control system 30 preferably comprises a key management server ("KMS") and  keys have been usages for symmetric and asymmetric type encryption ).

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of obtaining  various types key from the key management server  of Suarez combining with the synchronized key exchange of Cam, because doing so would provide the key rotation for encrypted channel. The key rotation provides a new key dynamically for the channel thus, it would have been a very difficult for intruder to determine the new key that has established the encrypted channel between stations ( col 3, lines 34-36).


 	As per claim 13, Cam in view of Suarez discloses The second computing device of claim 12, wherein the first message further indicates: a previously installed key; and a previously installed type of key usage of the previously installed key ( Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12 Suarez, 0024 The keys 22 must be accessible to the respective applications 16 and are present in a key store 31. A key store 31, as used herein, is a secure file where data keys 22 are stored. When an application requires a new key 22, it merely retrieves it from its designated key store 31 by sending the keys by the Key Control system 30 ).  

 	As per clam 14, Cam in view of Suarez discloses The second computing device of claim 12, wherein: the first message further indicates a plurality of previously installed keys (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12   ); and   the plurality of previously installed keys are for establishing the secure communication between the first computing device and the second computing device ( Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  and  Cam, fig.3, numeral 310, col 3, lines 34-36, establishing an encrypted channel between stations wherein the one station desire to indicate a need to communicate  and a station can indicate that communication over an encrypted channel is desired and col 5, lines 10-15, then  the stations can determine whether disengaging is appropriate to ensure maximum security of their communication).  
 	As per clam 15, Cam in view of Suarez discloses The second computing device of claim 12, wherein the first message further indicates, for each of a plurality of previously installed keys, a different type of key usage (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12   and Cam, fig.3, numeral 310, col 3, lines 34-36, establishing an encrypted channel between stations wherein the one station desire to indicate a need to communicate  and a station can indicate that communication over an encrypted channel is desired and col 5, lines 10-15, then  the stations can determine whether disengaging is appropriate to ensure maximum security of their communication).  
 	As per claim 16, Cam in view of Suarez discloses The second computing device of claim 12, wherein the instructions, when executed by the one or more processors, cause the second computing device to encrypt the first message to be undecipherable to the first computing device and decrypted by the trusted computing device (Suarez, par 0050 key descriptor and the partial key label is that the application 16 that is encrypting the data uses the key descriptor to access the data key 22. The encrypting application 16 then retrieves the partial key label for the data key 22 used in the encryption ).  
 	As per claim 17, Cam in view of Suarez discloses The second computing device of claim 12, wherein: the second message further indicates a plurality of keys; and the plurality of keys are for establishing the secure communication between the first computing device and the second computing device (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones ).  
 	As per claim 18, Cam in view of Suarez discloses The second computing device of claim 12, wherein the second message further indicates, for each of a plurality of keys, a different type of key usage (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12   ).  

	As per claim 20, Cam in view of Suarez discloses the second computing device of claim 12, wherein the instructions, when executed by the one or more processors, cause the second computing device to encrypt the first message using a communication encryption key for secure communication between the second computing device and the trusted computing device (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones and fig.2, 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones  0029 The key control system 30 preferably comprises a key management server ("KMS") and  keys have been usages for symmetric and asymmetric type encryption  ).  

 	As per claim 21, Cam in view of Suarez discloses the second computing device of claim 12, wherein the instructions, when executed by the one or more processors, cause the second computing device to send, to the trusted computing device via the first computing device, confirmation of successful processing of the first key and type of key usage of the first key (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones and fig.2, 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones  0029 The key control system 30 preferably comprises a key management server ("KMS") and  keys have been usages for symmetric and asymmetric type encryption ).  

 	As per claim 22, Cam in view of Suarez discloses The second computing device of claim 12, wherein the instructions, when executed by the one or more processors, cause the second computing device to decrypt the second message according to a communication decryption key for secure communication between the second computing device and the trusted computing device (Suarez  0027 The system 20 allows applications 16 on any combination of distributed servers 13, mainframes 14, or other computing machines 12 to obtain keys 22 for both encrypting sensitive data and decrypting received encrypted data from key stores 31 where the keys 22 are stored ).  

 	As per claim 23, Cam discloses A system comprising: 
 	a second computing device ( fig 2, computer 220 ); and a trusted computing device ( fig.2, numeral 211 ); wherein the second computing device comprises: one or more second processors ( fig.2, computer 220); and second memory storing second instructions that, when executed by the one or more second processors, cause the second computing device to ( fig.2, computer 220  with CPU with RAM): 
determine, based on a request received from a first computing device, whether to establish a secure communication between the first computing device and the second computing device (fig.3, numeral 310, col 3, lines 34-36, establishing an encrypted channel between stations wherein the one station desire to indicate a need to communicate  and a station can indicate that communication over an encrypted channel is desired and col 5, lines 10-15, then  the stations can determine whether disengaging is appropriate to ensure maximum security of their communication); 
send, to the first computing device and for forwarding to the trusted computing device, a first message indicating that the second computing device has requested to establish the secure communication (col 3, lines 22-24, Transceiver 211 provides. i.e. message, transceivers 221 and 231 with a wireless connection for establishing an encrypted channel between stations col 4, lines 55-65,  a first transceiver sends a request to initiate derivation of a new encryption key to a second transceiver in step 400. The request to initiate a new encryption key derivation can include first key material that is used (along with second key material received from the second transceiver ); 
receive, from the first computing device, a second message indicating a first key and a type of key usage of the first key, wherein the first key and the type of key usage correspond to a pairing between the first computing device and the second computing device (col 2, lines 48-52 sending from a first transceiver to a second transceiver a request to initiate derivation of a new encryption key ); and   
 establish, based on the first key and based on the type of key usage of the first key, the secure communication between the first computing device and the second computing device ( col 5, lines 37-30 /46-48, In response to the request from the first transceiver in step 400, the second transceiver replies with second key material and the second transceiver can also send to the first transceiver a status message that indicates the feasibility (as determined by the second transceiver) of being able to commence, i.e. establishing,  using the new encryption key at the second transceiver); and 
wherein the trusted computing device comprises: one or more first processors; and first memory storing first instructions that (fig.2, computer 232 ), when executed by the one or more first processors, cause the trusted computing device to (fig.2, computer 232 with CPC and Memory ): 
receive, from the first computing device, the first message indicating that the second computing device has requested to establish the secure communication between the first computing device and the second computing device (col 2, lines 48-52 sending from a first transceiver to a second transceiver a request to initiate derivation of a new encryption key ); 
authorize, for the second computing device, the first key and the type of key usage of the first key, wherein the first key and the type of key usage correspond to the pairing between the first computing device and the second computing device (col 5, lines 37-30 /46-48, In response to the request from the first transceiver in step 400, the second transceiver replies with second key material and the second transceiver can also send to the first transceiver a status message that indicates the feasibility (as determined by the second transceiver) of being able, i.e. allow to commence, i.e. establishing,  using the new encryption key at the second transceiver ); and 
send, to the first computing device and for forwarding to the second computing device, the first key and the type of key usage of the first key (col 3, lines 22-24, Transceiver 211 provides. i.e. message, transceivers 221 and 231 with a wireless connection for establishing an encrypted channel between stations col 4, lines 55-65,  a first transceiver sends a request to initiate derivation of a new encryption key to a second transceiver in step 400. The request to initiate a new encryption key derivation can include first key material that is used (along with second key material received from the second transceiver).  


 	As per claim 24, Cam in view of Suarez discloses The system of claim 23, wherein the first message further indicates: a previously installed key; and a previously installed type of key usage of the previously installed key (Suarez, 0024 The keys 22 must be accessible to the respective applications 16 and are present in a key store 31. A key store 31, as used herein, is a secure file where data keys 22 are stored. When an application requires a new key 22, it merely retrieves it from its designated key store 31 by sending the keys by the Key Control system 30 ).  



 	As per claim 25, Cam in view of Suarez discloses The system of claim 23, wherein: the first message further indicates a plurality of previously installed keys (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones ); and the plurality of previously installed keys are for establishing the secure communication between the first computing device and the second computing device (Cam, fig.3, numeral 310, col 3, lines 34-36, establishing an encrypted channel between stations wherein the one station desire to indicate a need to communicate  and a station can indicate that communication over an encrypted channel is desired and col 5, lines 10-15, then  the stations can determine whether disengaging is appropriate to ensure maximum security of their communication).  



 	As per claim 26, Cam in view of Suarez discloses The system of claim 23, wherein the first message further indicates, for each of a plurality of previously installed keys, a different type of key usage (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones ).  


 	As per claim 27. Cam in view of Suarez discloses The system of claim 23, wherein the second instructions, when executed by the one or more second processors, cause the second computing device to encrypt the first message to be undecipherable to the first computing device and decrypted by the trusted computing device ( Suarez, par 0050 key descriptor and the partial key label is that the application 16 that is encrypting the data uses the key descriptor to access the data key 22. The encrypting application 16 then retrieves the partial key label for the data key 22 used in the encryption).  


 	As per claim 28. Cam in view of Suarez discloses The system of claim 23, wherein: the second message further indicates a plurality of keys (Suarez, par 0024 typically using keys 22 of various types.  ); and the plurality of keys are for establishing the secure communication between the first computing device and the second computing device ( Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16 of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones).  


 	As per claim 29. Cam in view of Suarez discloses the system of claim 23, wherein the second message further indicates, for each of a plurality of keys, a different type of key usage (Suarez, par 0024 typically using keys 22 of various types).  


	As per claim 31. Cam in view of Suarez discloses The system of claim 23, wherein the second instructions, when executed by the one or more second processors, cause the second computing device to encrypt the first message using a communication encryption key for secure communication between the second computing device and the trusted computing device (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16  of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones and fig.2, 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones  0029 The key control system 30 preferably comprises a key management server ("KMS") and  keys have been usages for symmetric and asymmetric type encryption ).  

 	As per claim 32. Cam in view of Suarez discloses The system of claim 23, wherein the second instructions, when executed by the one or more second processors, cause the second computing device to send, to the trusted computing device via the first computing device, confirmation of successful processing of the first key and type of key usage of the first key (Suarez, par 0024 typically using keys 22 of various types. The keys 22 must be accessible to the respective applications 16 of the computing machines 12  and 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones and fig.2, 0026 automates the distribution and rotation of all keys 22, including both symmetric and asymmetric ones  0029 The key control system 30 preferably comprises a key management server ("KMS") and  keys have been usages for symmetric and asymmetric type encryption ).  


 	As per claim 33, Cam in view of Suarez discloses The system of claim 23, wherein the second instructions, when executed by the one or more second processors, cause the second computing device to decrypt the first key and type of key usage according to a communication decryption key for secure communication between the second computing device and the trusted computing device (Suarez  0027 The system 20 allows applications 16 on any combination of distributed servers 13, mainframes 14, or other computing machines 12 to obtain keys 22 for both encrypting sensitive data and decrypting received encrypted data from key stores 31 where the keys 22 are stored ).   

Allowable Subject Matter
Claims 8,19 and 30 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Ondet et al US 2005/0086479 discloses a trusted server distributed the key between devices to establishing the communication between them.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314.  The examiner can normally be reached on EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ABU S SHOLEMAN/Primary Examiner, Art Unit 2495