Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on July 09, 2020.
Claims 1-16 are submitted for examination.
Claims 1-16 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  


Priority

This application filed on July 09, 2020 claims priority of a provisional application 62/945,970 filed on December 10, 2019 and a provisional application 62/872,378 filed on July 10, 2019.
Information Disclosure Statement
The following Information Disclosure Statements in the instant application submitted in compliance with the provisions of 37 CFR 1.97, and thus, have been fully considered:
IDS filed on 15 September 2020.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 9-16 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. 
Independent Claim 9 recites, “An encrypted tunnel system comprising: two servers communicating over a public network ………”. However, the body of the claim lacks definite structure indicative of a physical product. Therefore, the claim as a whole appears to be nothing more than computer software, and software per se does not fall within a statutory category. Examiner submits that a server recited in the claim can be a virtual server. The servers are interpreted as the server shown in figure 1 as system server S1 and system server S2. The specification is silent regarding the type of server or server consisting any hardware like memory and/or hardware processor. The specification doesn’t mention any hardware processor or memory. Examiner suggest including network attached storage (NAS) devices from paragraph 29 into the claim or amending the specification to provide hardware details (hardware processor, memory, etc.) of the servers and including  into the Claim will help in addressing the 35 U.S.C 101 issue.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 1 and 9 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Benoit et al. (US PGPUB. # US 2017/0238172, hereinafter “Benoit”).

Regarding Claim 1, Benoit teaches,
A cryptography method, comprising: 
encrypting each original packet with a packet key within each session; (¶66, “a first symmetric encryption module that implements a first symmetric encryption algorithm using the first session key”, Fig. 3(304, 306, 308), ¶91, “each outbound voice packet comprising an outbound-voice-packet header and an unencrypted outbound-voice-packet payload “,  “The first symmetric encryption algorithm generates respective once-encrypted outbound-voice-packet payloads based on the first symmetric session key”, i.e. outbound-voice-packet payloads (original packet) is encrypted with a first symmetric session key (packet key))  and
wrapping each encrypted original packet in the session with a separately-established session key to produce a send packet. (¶66, “a second symmetric encryption module that implements a second symmetric encryption algorithm using the second session key to generate a double-encrypted data stream, where the second symmetric encryption algorithm operates on an encrypted output of the first symmetric encryption module”, Fig. 3(304, 306, 308), ¶91, “At step 304, first and second symmetric session keys are generated for the secure voice session based on the obtained symmetric seed key”, “At step 308, twice-encrypted outbound voice packets are generated using first and second symmetric encryption algorithms”, “The second symmetric encryption algorithm generates respective twice-encrypted outbound-voice-packet payloads based on the second symmetric session key and the respective once-encrypted outbound-voice-packet payloads”, i.e. encrypted packet is wrapped with second symmetric session key (session key)).

Regarding Claim 9, it is an encrypted tunnel system claim of above method Claim 1 and therefore Claim 9 is rejected with same rationale as applied against Claim 1 above. In addition Benoit teaches two server devices (Fig. 1(102, 118, ¶81-¶82).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2-3 and 10-11 are rejected under 35 U.S.C. 103 as being unpatentable over Benoit et al. (US PGPUB. # US 2017/0238172, hereinafter “Benoit”), and further in view of Meng et al. (US PGPUB. # US 2014/0245411, hereinafter “Meng”).

Referring to Claims 2 and 10:
Regarding Claim 2, rejection of Claim 1 is included and Benoit does not teach explicitly,
The method of claim I, wherein the encrypted original packet is combined with a packet salt prior to encryption with the session key.
However, Meng teaches,
The method of claim I, wherein the encrypted original packet is combined with a packet salt prior to encryption with the session key. (Fig. 7, ¶74, “a Salt (e.g., an initialization vector 711 comprised of a random string) is added to the AES encrypted data”, i.e. salt is added to the encrypted data (packet)).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Meng with the invention of Benoit.
Benoit teaches, encrypting an encrypted package with a session key. Meng teaches, adding a salt to the encrypted data. Therefore, it would have been obvious to have adding a salt to the encrypted data of Meng with encrypting an encrypted package with a session key of Benoit to add randomness into the encrypted data to avoid an KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 10, rejection of Claim 9 is included and Claim 10 is rejected with the same rationale as applied against Claim 2 above.

Referring to Claims 3 and 11:
Regarding Claim 3, rejection of Claim 2 is included and for the same motivation Benoit does not teach explicitly,
The method of claim 2, wherein the packet salt is not encrypted with the packet key.
However, Meng teaches,
The method of claim 2, wherein the packet salt is not encrypted with the packet key. (Fig. 7, ¶74, “a Salt (e.g., an initialization vector 711 comprised of a random string) is added to the AES encrypted data”, i.e. salt is added to the encrypted data (packet) indicates that salt is not encrypted with the encryption key (packet key))

Regarding Claim 11, rejection of Claim 10 is included and Claim 11 is rejected with the same rationale as applied against Claim 3 above.


Claims 4-5 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Benoit et al. (US PGPUB. # US 2017/0238172, hereinafter “Benoit”), and Peeters et al.  (US PGPUB. # US 2016/0352706, hereinafter “Peeters”).

Referring to Claims 4 and 12:
Regarding Claim 4 rejection of Claim 1, is included and Benoit does not teach explicitly, 
The method of claim 1, wherein the session key for a session is derived from an ancestor key.
However, Peeters teaches,
The method of claim 1, wherein the session key for a session is derived from an ancestor key. (Fig. 2 (210, 240, 242), ¶36, “the method 200 utilizes a current master key 210 to generate two session keys 240, 242”, Fig. 3(310, 340, 342), ¶41, “A master key 310 is used to encrypt 330, 332 agreed-upon constants 320, 322 to produce session keys 340, 342”, Fig. 4 (410,440), ¶43, “a master key 410 to encrypt 430 an agreed-upon constant 420 to produce a session key 440”, i.e. session key is generated from a master key (ancestor key)).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Peeters with the invention of Benoit.
Benoit teaches, encrypting an encrypted package with a session key. Peeters teaches, generating session key from a master key. Therefore, it would have been KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 12, rejection of Claim 9 is included and Claim 12 is rejected with the same rationale as applied against Claim 4 above.

Referring to Claims 5 and 13:
Regarding Claim 5 rejection of Claim 4, is included and for the same motivation Benoit does not teach explicitly, 
The method of claim 4, wherein the ancestor key is replaced each time a session resets.
However, Peeters teaches,
The method of claim 4, wherein the ancestor key is replaced each time a session resets. (Abstract, “generating a new master key value based on the master key; deleting the current master key value; and using the new master key value as the master key”, ¶33, “To provide forward secrecy, the session key generation instructions 167 also include master key modification instructions 168 that periodically alter the master key 163 value”, Fig. 2, ¶38-¶39, “After the new master key value 212 is generated, it replaces the old master key value 210”, Fig. 4, ¶45, i.e. Master key (ancestor key) is replaced each time a session resets).

Regarding Claim 13, rejection of Claim 12 is included and Claim 13 is rejected with the same rationale as applied against Claim 5 above.


Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Benoit et al. (US PGPUB. # US 2017/0238172, hereinafter “Benoit”), and further in view of Fabien Gremaud (US PGPUB. # US 2018/0198770, hereinafter “Gremaud”).

Referring to Claims 6 and 14:
Regarding Claim 6 rejection of Claim 1, is included and Benoit does not teach explicitly, 
The method of claim 1, wherein the packet key changes for each packet.
However, Gremaud teaches,
The method of claim 1, wherein the packet key changes for each packet. (¶59-¶61, “The data to be encrypted, separated in packets, as well as the encryption keys are transmitted to the combination module. This combination module then encrypts the data using the encryption keys”, i.e. encryption key (packet) changes for each packet).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Gremaud with the invention of Benoit.
KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 14, rejection of Claim 9 is included and Claim 14 is rejected with the same rationale as applied against Claim 6 above.


Claims 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Benoit et al. (US PGPUB. # US 2017/0238172, hereinafter “Benoit”), and further in view of Walker et al. (US PGPUB. # US 2010/0070767, hereinafter “Walker”).

Referring to Claims 7 and 15:
Regarding Claim 7 rejection of Claim 1, is included and Benoit does not teach explicitly, 
The method of claim 1, wherein an ancestor key is divided into two parts and used to create the session key and the packet key.
	However, Walker teaches,
The method of claim 1, wherein an ancestor key is divided into two parts and used to create the session key and the packet key. (Fig. 3, ¶32, “The PTK is partitioned into the KCK (first 128 bits) and KEK (second 128 bits)”, Claim 2, i.e. Examiner submits that pairwise transient key (PTK) is divided into two parts to create two keys).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Walker with the invention of Benoit.
Benoit teaches, encrypting an encrypted package with a session key. Walker teaches partitioning pairwise transient key into two parts. Therefore, it would have been obvious to have partitioning pairwise transient key into two parts of Walker with encrypting an encrypted package with a session key of Benoit to prevent a hacker accessing an encryption key. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 15, rejection of Claim 9 is included and Claim 15 is rejected with the same rationale as applied against Claim 7 above.

Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Benoit et al. (US PGPUB. # US 2017/0238172, hereinafter “Benoit”), and further in view of Walker et al. (US PGPUB. # US 2010/0070767, hereinafter “Walker”), and further in view of Peeters et al.  (US PGPUB. # US 2016/0352706, hereinafter “Peeters”)
Referring to Claims 8 and 16:
Regarding Claim 8 rejection of Claim 7, is included and combination of Benoit and Walker does not teach explicitly, 
The method of claim 7, wherein the ancestor key is derived from the previous session key.
However, Peeters teaches,
The method of claim 7, wherein the ancestor key is derived from the previous session key. (¶33, “To provide forward secrecy, the session key generation instructions 167 also include master key modification instructions 168 that periodically alter the master key 163 value. For example, the master key modification instructions 168 may generate a new master key value and subsequently delete the current master key value by, for example, overwriting the current master key value with the new master key value or other data or by freeing an area in memory storing the current master key value”, i.e. master key (ancestor key) is derived from the previous session key).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Peeters with the invention of Benoit in view of Walker.
Benoit in view of Walker teaches, encrypting an encrypted package with a session key and partitioning pairwise transient key into two parts. Peeters teaches, KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 16, rejection of Claim 15 is included and Claim 16 is rejected with the same rationale as applied against Claim 8 above.


Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Jay Alan Carlson (US PGPUB. # US 2015/0326547) discloses, protecting data using a combination of symmetric and asymmetric cryptography. A symmetric key may be generated and the data may be encrypted with the symmetric key. The symmetric key and a only a portion of the symmetrically encrypted data may then be encrypted with an asymmetric public key. The entire set of encrypted data, including the asymmetrically encrypted symmetric key, the doubly encrypted portion of data, and the remainder of the symmetrically encrypted data may then be sent to a remote device using insecure communications.
Thomas et al. (US PGPUB. # US 2015/0188887) discloses, a system that provides a virtual private network (VPN). The system includes a routing apparatus on a public network. The routing apparatus accepts a first connection with a client on the VPN and a second connection with a gateway in a private network extended by the VPN. Next, the routing apparatus receives a first set of packets from the client over the first connection, wherein the first set of packets is encrypted. The routing apparatus then routes the first set of packets to the gateway. The system also includes the gateway, which establishes the second connection with the routing apparatus. Next, the gateway decrypts the first set of packets and routes the decrypted first set of packets to a host in the private network.
Lampin et al. (US PGPUB. # US 2020/0374944) discloses, a method implemented by a transmission device capable of communicating via a first wireless with a gateway device forming a node of a telecommunication network and configured to communicate with at least one server of the network via the gateway device. The method can include establishing a secure communication session with a terminal included in a list of terminals for which the transmission device has obtained management data. The method can also include receiving via the first communication link a request to end the management of the terminal, and removing the terminal from the list following the receipt of the request.
Herzerg et al. (US PAT. # US 10,243,732) discloses, identifying a first message to send to a receiving ECU from a sending ECU; incrementing a sender-version message counter for the message type; determining to create a second session for the message type in the sending ECU; generating a second sender-version session key to 
Acar et al. (US PGPUB. # US 2018/0337772) discloses, implementing high integrity logs for distributed software services are provided. According to one set of embodiments, a key management service running on a key server can maintain a secret master key. The key management service can further generate, for each of a plurality of distributed software service instances, a service key that is unique to a current lifecycle of the software service instance, the generating being based on the master key; and transmit the service key to the software service instance, where the service key is used by the software service instance in creating a high integrity log.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316.  The examiner can normally be reached on M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498