DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is a response to an application filed 01/10/2019 wherein claims 1 – 16 are pending and ready for examination.

Claim Rejections - 35 USC § 112
Claim 3 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claim 3 recites: The method as recited in claim 2, wherein messages for both the ciphertext and messages the first value for the key stream nonce alternate randomly over the plurality of links.  The examiner does not understand the nature of the second message in that … wherein messages for both the ciphertext and messages the first value for the key stream nonce alternate randomly over the plurality of links.  The examiner believes the highlighted part of the claim should read “ciphertext and the first value for the key stream” which are two messages.  The Examiner cannot discern “messages the first value.  Another wording could read:  The method as recited in claim 2, wherein messages for both the ciphertext and first value for the key stream nonce alternate randomly over the plurality of links.  The Examiner will read the latter as the intent of the claim. Claim 4, like claim 3, depends from claim 2 which cites the two distinct messages. Applicant is invited to provide an alternative construction.  Appropriate Action is recommended.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-2, 4-7 and 9-16 are rejected under 35 U.S.C. 103 as being unpatentable over Tuvell; Walter et al, US 6986046 B1, January 10, 2006 hereafter referred to as Tuvell, in view of Nix; John A. US 20090285175 A1, November 19, 2009, hereafter referred to as Nix.
	
           As to claim 1, Tuvell teaches a method – Tuvell [column 11, lines 13-15] The procedure with which a secure group is formed is illustrated schematically in FIG. 9 with the steps illustrated in FIG. 10.  Here, the claimed ‘method’ is taught by Tuvell as ‘the steps’ because the steps are a series of processes 1002 – 1010 depicted in Figure 10), implemented on a processor for sending ciphertext over a network – Tuvell [column 11, lines 13-15]  …a secure group is formed …the group 900 consists of a chair 902 and N-1 other members, three of which are shown as members 906, 908 and 910. Formation of the group 900 is controlled by a chair 902, who is a member endowed with the authority to invite and add a new member. Here, the claimed ‘processor’ is taught by Tuvell as ‘chair 902’ because it controls the membership and can send/receive messages as illustrated in Figure 9, whereas the claimed ‘ciphertext’ is taught by Tuvell at least at location [column 12, lines 8] the method comprising:
             establishing a plurality of different links between a first node and a different second node – Tuvell [column 7, lines 23-25] FIG. 3 is a schematic diagram of an illustrative telespace or group 300 with five members: M.sub.0, M.sub.1, M.sub.2, M.sub.3, M.sub.4 (302 310). Within each telespace 300, one or more tribes or sub-groups may exist. In FIG. 3, a tribe 312 of three members, M.sub.2, M.sub.3, M.sub.4 (306, 308 and 310) is illustrated.  Here, the claimed ‘establishing’ is taught by Tuvell as ‘FIG. 3’ because connecting arrows and nodes establishes a virtual telespace. The claimed ‘first node’ is taught by Tuvell as ‘M.sub.0’ because 0 precedes 1 and claimed ‘different second node’ is taught by Tuvell as ‘M.sub.1, M.sub.2, M.sub.3, M.sub.4’ because each of these nodes represent to M.sub.0 a different second node whereas the claimed ‘plurality of different links’ is illustrated by Tuvell as connecting links  between M.sub.0 and M.sub.1, M.sub.2, M.sub.3, M.sub.4), wherein the different links are different physical layer links or different virtual private network (VPN) links or some combination - Tuvell [column 11, lines 25 -32]  …the chair 902 sends an invitation message to the potential invitee 904. This message is schematically illustrated by the arrow 912 in FIG. 9. The contents of this message are illustrated in FIG. 11. The message consists of a header 1100 followed by the invitee name 1102 which can be a URL or other identifying information. Here, the claimed ‘physical layer links’ is taught by Tuvell as ‘URL’ as one of ordinary skill in the art recognizes a URL as part of the physical layer in a message header of Figure 11.  Tuvell further teaches that the telespace is a virtual space [column 7, lines 10-18]);
           encrypting plaintext using a first value for an encryption parameter to produce ciphertext – Tuvell [column 7, lines 33-37] Information in telespaces 300 and tribes 312 is protected by one or more keys: an encryption key designated as K and a message authentication/integrity code (MAC) key, designated as L. The K and L keys are conventional keys for a symmetric cipher and have telespace scope);
sending a first plurality of messages that indicate the ciphertext using at least one link of the plurality of different links – Tuvell [column 11, lines 25-28]  The joining procedure begins in step 1000 and proceeds to step 1002. In step 1002, the chair 902 sends an invitation message to the potential invitee 904. This message is schematically illustrated by the arrow 912 in FIG. 9.  Here, the claimed ‘first plurality of messages’ is taught by Tuvell as ‘arrow 912’ because it is an invite message being sent to the invitee whereas the claimed ‘plurality of messages’ is illustrated via Figure 9 as ‘arrows 922, 916,918, and 920’ issued from Chair 902, the claimed ‘indicate the ciphertext’ is taught by Tuvell as ‘invitation message’ which would contain field 1106 Crypto data which informs recipient of the encryption protocol, as further taught by Tuvell at location [column 11, lines 65-67].  TUVELL DOES NOT TEACH
               sending a different second plurality of messages that indicate the first value for the encryption parameter using at least one different link of the plurality of different links without introducing a random bit error, HOWEVER IN AN ANALAGOUS ART NIX TEACHES a different second plurality of messages that indicate the first value for the encryption parameter using at least one different link of the plurality of different links without introducing a random bit error – Nix [0208]…Preferably, CN 108 can process both media streams in order to obtain a superior representation of the media transmitted by MD 101. For example, if CN 108 determines that a particular packet in MS 1 likely has bit errors, but that the equivalent packet in MS 3 is received without errors, then CN 108 may utilize the packet in MS 3 for media playback.  Here, the claimed ‘second plurality of messages’ is taught by Nix as ‘MS1 and MS 3’ because media stream 3 consists of a series of packets which are data messages, whereas the claimed ‘one different link’ is taught by Nix as MS 3 because it is selected without errors.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the logic in Tuvell’s Dynamics Manager 206 or 212 whereby consideration of the message bit error rate would be useful to negate changes introduced by transmission having nothing to do with changes made by the collaboration users.  Tuvell does not consider transmission errors while Nix provides this feature.  Tuvell would be motivated to consider Nix to eliminate link selections prone to 

              As to claim 2, the combination of Tuvell and Nix teaches the method as recited in claim 1, wherein:
the encryption parameter is a keystream nonce - Tuvell [column 12, lines 8-13] The cryptographic data 1106 is followed by a the one-time key information 1108 encrypted with the invitee's public key according to some previously agreed upon public-key encryption algorithm.  The one time key is a key for a symmetric cipher that is used only once for encrypting the invitation information) for XOR encryption with the same keystream nonce for XOR decryption - Tuvell [column 7, lines 49-52] Stream ciphers are used in block mode by combining an initialization vector with the key, such as by an exclusive-OR operation, and then reinitializing the keystream for every message.  Here, the claimed ‘keystream nonce’ is taught by Tuvell as ‘one-time key information’ whereas the claimed ‘keystream’ is taught by Tuvell as ‘message’ because the message, as depicted in Figures 11-13 are generated by stream ciphers); and messages for both the ciphertext and messages the first value for the keystream nonce alternate over the plurality of links, but a message for the ciphertext and a message for the corresponding keystream nonce are not sent over the same link  - Tuvell [column 6, lines 47-57] In general, the communication managers 208 and 214 are arranged so that all deltas generated by the dynamics managers 206 and 212 are received by all users participating in the collaboration. Each delta includes an internal sequence number so that the dynamics manager of each collaborator can determine when all deltas have been received. Since the deltas from different collaborators may be transmitted over a number of different paths to each collaborator, the deltas may not arrive in the same order in which they were generated. However, all deltas will be received by each collaborator and the internal sequence number can be used to apply the deltas in the correct order).

             As to claim 4, the combination of Tuvell and Nix teaches the method as recited in claim 2, wherein each message for the ciphertext and each message for the keystream nonce includes a sequence number – Tuvell [column 8, lines 53-56] The message header 400 may also include a message flag type or tag ID, which is an identifier that is different for each different type of message. Other information that can be included in the message header can be a structured sequence number and the messages are not sent in the same sequence order – Tuvell [column 6, lines 51-55] Since the deltas from different collaborators may be transmitted over a number of different paths to each collaborator, the deltas may not arrive in the same order in which they were generated).

             As to claim 5, the combination of Tuvell and Nix teaches the method as recited in claim 1, wherein each message of the first plurality of messages and each message of the second plurality of messages also includes data that indicates a session identifier that indicates a message belongs to the plaintext and not to a different plaintext – Tuvell [column 6, lines 51-55] Group keys, designated as K.sub.G/L.sub.G, are encryption/MAC keys (respectively) which are shared by all members of the group 300. These keys are used to protect the confidentiality/integrity (respectively) of information contained in deltas from attack by third (non-group) parties. Similarly, tribe keys designated as K.sub.T/L.sub.T are encryption/MAC keys that are shared by all members of tribe 312. These keys are used to protect the confidentiality/integrity (respectively) of deltas from attack by non-tribe group members and third parties.  Here, the claimed ‘first/second plurality of messages’ is taught by Tuvell as ‘deltas’ because deltas are data blocks in the form of messages that include identifiers whereas the claimed ‘session identifier’ is taught by Tuvell as ‘K.sub.G/L.sub.G’ identifying keys 

              As to claim 6, the combination of Tuvell and Nix teaches the method as recited in claim 1, wherein each message of the first plurality of messages and each message of the second plurality of messages also includes data that indicates a group identifier that indicates a link over which the message is sent belongs to the plurality of different links – Tuvell [column 7, lines 62-66] Group keys, designated as K.sub.G/L.sub.G, are encryption/MAC keys (respectively) which are shared by all members of the group 300. These keys are used to protect the confidentiality/integrity (respectively) of information contained in deltas from attack by third (non-group) parties. Here, the claimed ‘first/second plurality of messages’ is taught by Tuvell as ‘deltas’ whereas the claimed ‘group identifier’ is taught by Tuvell as ‘K.sub.G/L.sub.G’ because these keys identify a particular group within the telespace).

              As to claim 7, the combination of Tuvell and Nix teaches the method as recited in claim 1, wherein an encryption algorithm that uses the value of the encryption parameter is different for different messages or for different plaintext – Tuvell [column 11, lines 35-40] A signed nonce is signed data which includes a hash of the timestamp generated by the chair, the name/URL of the chair 902, the certificate of the invitee 904 (if available), the name/URL of the telespace; and an invite "OpCode", which is a tag used to distinguish the different contexts in which signed nonces can occur).

             As to claim 9, the combination of Tuvell and Nix teaches the method as recited in claim 1, wherein the messages for the ciphertext are sent during a first time interval – Tuvell [column 11, lines 35-40]… the contents of this message are illustrated in FIG. 11. The message consists of a header 1100 followed by the invitee name 1102 which can be a URL or other identifying information. The invitee name is followed by a signed invitation “nonce” 1104. A signed nonce is signed data which includes a hash of the timestamp generated by the chair.  Here, the claimed ‘first interval of time’ is taught by Tuvell as ‘timestamp’ as the Chair invites a new member and timestamps the invitation) and the messages for the value of the encryption parameter are sent during a different second time interval - Tuvell [column 13, lines 14-22] The contents of the acceptance message are illustrated in FIG. 12. The message consists of a header 1200 followed by the signed invitation “nonce" 1202 that was sent from the chair to the invitee in the invitation message. The signed acceptance nonce includes a timestamp generated by the invitee, the name/URL of the invitee 904.  Here, the claimed ‘messages’ is taught by Tuvell as Figure 12, whereas the claimed ‘value of the encryption parameter’ is illustrated by Tuvell as ‘Crypto Data 1206’ of the second time interval of Figure 12). 

           As to claim 10, the method as recited in claim 9, wherein the first time interval and the second time interval do not overlap in time - Tuvell [column 13, lines 14-22] The contents of the acceptance message are illustrated in FIG. 12. The message consists of a header 1200 followed by the signed invitation “nonce" 1202 that was sent from the chair to the invitee in the invitation message. The signed acceptance nonce includes a timestamp generated by the invitee, the name/URL of the invitee 904.  Here, the claimed ‘second time interval’ is taught by Tuvell as ‘timestamp’ because the invitee has to generate an acceptance which is a different point in time than the invitation). .

            As to claim 11, claim 11 is method directed to receiving ciphertext sent by the method of claim 1.  Therefore claim 11 is rejected for the reasons as set forth in claim 1. The method of claim 11 is illustrated in Figure 16 and is further distinguished from claim 1 by and
decrypting the ciphertext based on the first value for the encryption parameter to produce plaintext - Tuvell [column 13, lines 57-58] … in step 1604, the chair 902 uses the one-time key to decrypt the encrypted acceptance information. Here, the claimed ‘ciphertext’ is taught by Tuvell as ‘acceptance information’ because after decryption the acceptance information would be rendered in plaintext).

           As to claim 12, the combination of Tuvell and Nix teaches the method as recited in claim 11, wherein: each message for the ciphertext and each message for the keystream nonce includes a sequence number – Tuvell [column 8, lines 53-56] … Other information that can be included in the message header can be a structured sequence number and the messages are not received in the same sequence order – Tuvell [column 6, lines 51-55] Since the deltas from different collaborators may be transmitted over a number of different paths to each collaborator, the deltas may not arrive in the same order in which they were generated); and decrypting the ciphertext further comprises decrypting the ciphertext in sequence number order – Tuvell  [column 6, lines 51-55] …all deltas will be received by each collaborator and the internal sequence number can be used to apply the deltas in the correct order. Therefore, the local data copy maintained by each collaborator, when updated by all deltas will match the local data copies maintained by the other members of the collaboration.  - Tuvell (84) … in step 1604, the chair 902 uses the one-time key to decrypt the encrypted acceptance information. Here, the claimed ‘ciphertext’ is taught by Tuvell as ‘acceptance information’ because after decryption the acceptance information would be rendered in plaintext)).

             As to claim 13, the combination of Tuvell and Nix teaches the method as recited in claim 11, wherein
each message of the first plurality of messages and each message of the second plurality of messages also includes data that indicates a session identifier that indicates a message belongs to the plaintext and not to a different plaintext – Tuvell [column 6, lines 51-55] …Since the deltas from different collaborators may be transmitted over a number of different paths to each collaborator, the deltas may not arrive in the same order in which they were generated. However, all deltas will be received by each collaborator and the internal sequence number can be used to apply the deltas in the correct order.  Here, the claimed ‘first/second plurality of messages’ is taught by Tuvell as ‘deltas’ because deltas are data blocks in the form of messages that include identifiers whereas the claimed ‘session identifier’ is taught by Tuvell as ‘internal sequence number’); and decrypting the ciphertext further comprises decrypting the ciphertext only for messages that indicate the session identifier – Tuvell [column 6, lines 51-55] …Since the deltas from different collaborators may be transmitted over a number of different paths to each collaborator, the deltas may not arrive in the same order in which they were generated. However, all deltas will be received by each collaborator and the internal sequence number can be used to apply the deltas in the correct order.  Here, the claimed ‘first/second plurality of messages’ is taught by Tuvell as ‘deltas’ because deltas are data blocks in the form of messages that include identifiers whereas the claimed ‘session identifier’ is taught by Tuvell as ‘internal sequence number’).

           As to claim 14, the combination of Tuvell and Nix teaches the method as recited in claim 11, wherein each message of the first plurality of messages and each message of the second plurality of messages also includes data that indicates a group identifier that indicates a link over which the message is sent belongs to the plurality of different links – Tuvell [column 7, lines 62-66] Group keys, designated as K.sub.G/L.sub.G, are encryption/MAC keys (respectively) which are shared by all members of the group 300. These keys are used to protect the confidentiality/integrity (respectively) of information contained in deltas from attack by third (non-group) parties. Here, the claimed ‘first/second plurality of messages’ is taught by Tuvell as ‘deltas’ whereas the claimed ‘group identifier’ is taught by and decrypting the ciphertext further comprises decrypting the ciphertext using all messages that indicate the group identifier – Tuvell [column 6, lines 51-55] …Since the deltas from different collaborators may be transmitted over a number of different paths to each collaborator, the deltas may not arrive in the same order in which they were generated. However, all deltas will be received by each collaborator and the internal sequence number can be used to apply the deltas in the correct order.  Here, the claimed ‘all messages’ is taught by Tuvell as ‘deltas’ because deltas are data blocks in the form of messages that include identifiers whereas the claimed ‘session identifier’ is taught by Tuvell as ‘internal sequence number’ whereas - Tuvell [column 13, lines 57-58] … in step 1604, the chair 902 uses the one-time key to decrypt the encrypted acceptance information. Here, the claimed ‘ciphertext’ is taught by Tuvell as ‘acceptance information’ because after decryption the acceptance information would be rendered in plaintext).

         As to claim 15, claim 15 is a non-transitory computer-readable medium that is directed to the method of claim 1.  Therefore claim 15 is rejected for the reasons as set forth in claim 1. 

        As to claim 16, claim 16 is a system that is directed to the method of claim 1.  Therefore claim 15 is rejected for the reasons as set forth in claim 1. Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Tuvell and Nix, in view of Barry; Richard A. et al, US 20180167307 A1, June 14, 2018, hereafter referred to as Barry.

           As to claim 8, the combination of Tuvell and Nix teaches the method as recited in claim 1.  THE COMBINATION OF TUVELL AND NIX DO NOT TEACH wherein the plurality of different links includes at least one unidirectional link, HOWEVER IN AN ANALAGOUS wherein the plurality of different links includes at least one unidirectional link – Barry [0073] FIG. 6A is a block diagram of a network topology… the eight (8) nodes 600a-600h are connected by various links. The links shown are bi-directional and may be considered as having two uni-directional links…It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention for Tuvell to incorporate Barry feature that provides a uni-directional links.  Tuvell does not teach a unidirectional link.  Such a link, when established, reduces by half the opportunity for an attack and further reduces the overhead involved in providing secure transactions to a minimum in order to increase throughput and speed of operation as taught by Tuvell at location [column 3, lines 15-28]).

Allowable Subject Matter
Claim 3 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 5:30 a.m. to 2:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
 /WILLIAM B JONES/Examiner, Art Unit 24914/15/2021

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491