DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The office action is in response to amendment filed on 7/21/2021.  The Applicant has amended claim 24, and 34.  The Applicant has added new claims 21-40.  This office action is Final.

Response to Amendment

Applicant's arguments filed 7/21/2021 have been fully considered but they are not persuasive. 
On page 11 of the Applicant’s arguments, the Applicant states that the non-statutory double patenting rejection should be withdrawn.  The Examiner disagrees.  Therefore, patent 10,447,664 is in essence a “species” of the generic invention to application claims 21-24, 26-27, 29-34, 36-37, and 39-40.  It has been held that a generic invention is “anticipated” by a “species” within the scope of the generic invention.  See In re Goodman, 29 USPQ2d 2010 (Fed. Cir. 1993).  Therefore, the non-statutory double patenting rejection is maintained.  The Applicant is urged to file a Terminal disclaimer.
On pages 12-13 of the Applicant’s arguments with regards to claim 21, “the Applicant states that the Examiner discloses the apparatus and the peer are the same device”.  The Examiner disagrees with the Applicant.   
(Yao: para. 0003).  The WLAN system includes STAs(Stations), the STA the Examiner asserts and has disclosed in the prior office action the STA is the peer computing system (Yao: para. 0003).  
On page 13 of the Applicant’s arguments with regards to claim 21, “one peer computing system configured to execute additional instructions to derive a domain-specific key from the master cryptographic key, and an apparatus executing instructions to receive the domain-specific key from the at least one peer computing system”.  
(B).  The Examiner disagrees with the Applicant.  Yao discloses one peer computing system, which is the STA to derive a domain-specific key from the master key, because Yao discloses the STA derives a domain key, ESS domain key that is generated based on the master key, the STA negotiates for the master key, therefore, STA helps along with the authentication server, to acquire the master key to generate the ESS domain key (Yao: para. 0064).  Thus, the Applicant’s arguments that the authentication server, derives the ESS domain key, and leaves out that the STA negotiates with the authentication server for a master key that is used to create a ESS domain key.  Therefore, the Applicant’s argument is moot.
On page 13 of the Applicant’s arguments the Applicant states that, “Yao does not teach or suggest an apparatus configured to receive the domain-specific key from the at least one peer computing system, and derive a first session key from the domain-specific key”.  
(C).  The apparatus in Yao is the WLAN system (Yao: para. 0003).  Yao discloses a WLAN system includes a STA, therefore, the STA derives the session key from the ESS domain key, it is received by the apparatus because the WLAN system consist of the STA (Yao: para. 0003, 0064).
On page 14 of the Applicant’s arguments the Applicant states that, “Yao cannot teach or suggest at least that the suggest at least that the “at least one peer computing system configured to execute additional instructions to derive a domain-specific key from the master cryptographic key,” or that the apparatus is configured to “receive the domain-specific key from the at least
one peer computing system via the communications interface[,] . . . [and] derive a first session key from the domain-specific key, and apply a first digital signature to a first message using the first session key,” as recited by independent claim 21.
(D).  The Applicant’s argument is moot, because the Applicant did not rely on Yao to disclose, “apply a first digital signature to a first message using the first session key,” as recited by independent claim 21”.  The limitations, “at least one peer computing system configured to execute additional instructions to derive a domain-specific key from the master cryptographic key,” and that the apparatus is configured to “receive the domain-specific key from the at least one peer computing system and derive a first session key from the domain-specific key”, has already been address (see above).
On page 15 of the Applicant’s arguments the Applicant states that, “Bell does not disclose receive the payload portion from the second device, and generate the first message, the first message comprising the encrypted payload portion”.
(E).  The Examiner disagrees with the Applicant.  The message payload consisting of the message and its signature will be encrypted (Bell: para. 0010).  Bell discloses the encrypted payload is sent to the server, which is then disseminated to all other clients, thus more than one client can receive the payload portion (Bell: para. 0010).  The second device that the encrypted payload is sent to is the authentication server (Bell: para. 0010).

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the 
Claims 21-24, 26-27, 29-34, and 36-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 5, 7, 12-13, and 16 of U.S. Patent No. 10,447,664. 
A side-by-side comparison of claims listed below of the pending application and the 10,447,664 patent is given in the following table to show their similarities are highlighted in BOLD and differences:
In regards to Application 16/559,900 and Patent 10,447,664 the claims of Application 16/559,900 anticipates Patent 10,447,664.  Furthermore, claim 21, 31, and 40 of Application 16/559,900 are anticipated by Claim 1 and 7 of Patent 10,447,664.  Claims 22-24 of Application 16/559,900 are anticipated by Claims 1 and 7 of Patent 10,447,664.  Claims 26-27 of Application 16/559,900 are anticipated by Claim 1 of Patent 10,447,664.  Claim 29 of Application 16/559,900 is anticipated by claim 7 of Patent 10,447,664.  Claim 30 of Application 16/559,900 is similar scope as claim 5 of Patent 10,447,664.  Claims 32-34 of Application 16/559,900 are anticipated by claims 1 and 7 of Patent 10,447,664.  Claims 36-37 of Application 16/559,900 are anticipated by claim 1 of Patent 10,447,664.  Claim 39 of Application 16/559,900 is similar scope to claim 16 of Patent 10,447,664.



Application 16/559,900  Claim 21

21. An apparatus, comprising:
a communications interface; a memory storing instructions; and
    at least one processor coupled to the memory and the communications interface, the at least one processor being configured to execute the instructions to:
     transmit a master cryptographic key to at least one peer computing system via the communications interface, the at least one peer computing system being configured to execute additional instructions to derive a domain-specific key from the master cryptographic key;
receive the domain-specific key from the at least one peer computing system via the communications interface;
derive a first session key from the domain-specific key, and apply a first digital signature to a first message using the first session key; and
     transmit, via the communications interface, the first message and the first digital signature to an intermediate device associated with a domain that includes the apparatus, the intermediate device being configured to perform operations that validate the first digital signature and route at least the first message to a first device.

22.    The apparatus of claim 21, wherein the at least one processor is further configured to:
generate the master cryptographic key; and perform operations that discard the first session key in response to the transmission of the first message and the first digital signature to the intermediate device.

.    The apparatus of claim 21, wherein: the first message comprises a payload portion; and the at least one processor is further configured to encrypt the payload portion using a public key of the first device.

24.    The apparatus of claim 23, wherein the at least one processor is further configured to: receive the payload portion from a second device via the communications interface, the first and second devices being associated with the domain; and generate the first message that includes the payload portion.

26.    The apparatus of claim 21, wherein: the additional instructions are associated with a certificate authority;
the at least one peer computing system is further configured to access the additional instructions maintained within a ledger block of a distributed ledger and execute the accessed additional instructions.

27.    The apparatus of claim 26, wherein the executed additional instructions cause the at least one peer computing system to:
generate a master certificate that includes the master cryptographic key; and perform operations that record the master certificate within an additional ledger block of the distributed ledger.

29.    The apparatus of claim 28, wherein the intermediate device is further configured to route the first message to an additional intermediate device based the validation of the first digital signature.

30.    The apparatus of claim 21, wherein the at least one processor is further configured to:
     receive, via the communications interface, a child cryptographic key from the at least one peer computing system, the child cryptographic key being derived from the master cryptographic key, and the child cryptographic key being associated with the domain; and
    derive the first session key from the at least one child cryptographic key.

31.    A computer-implemented method, comprising:
transmitting, using at least one processor, a master cryptographic key to at least one peer computing system, the at least one peer computing system being configured to execute additional instructions to derive a domain-specific key from the master cryptographic key; receiving, using the at least one processor, the domain-specific key from the at least one peer computing system;
using at least one processor, deriving a first session key from the domain-specific key, and applying a first digital signature to a first message using the first session key; and
transmitting, using the at least one processor, the first message and the first digital signature to an intermediate device associated with a domain associated with the domain-specific key, the intermediate device being configured to perform operations that validate the first digital signature and route at least the first message to a first device.

The computer-implemented method of claim 31, further comprising:
generating the master cryptographic key using at least one processor; and
performing, using the at least one processor, operations that discard the first session key in response to the transmission of the first message and the first digital signature to the intermediate device.

33.    The computer-implemented method of claim 31, wherein:
the first message comprises a payload portion; and the computer-implemented method further comprises encrypting, using the at least one processor, the payload portion using a public key of the first device.

The computer-implemented method of claim 33, further comprising:
receiving, using the at least one processor, the payload portion from a second device, the first and second devices being associated with the domain; and using the at least one processor, generating the first message that includes the payload portion.

36.    The computer-implemented method of claim 31, wherein:
the additional instructions are associated with a certificate authority;
the at least one peer computing system is further configured to access the additional instructions maintained within a ledger block of a distributed ledger and execute the accessed additional instructions.
37.    The computer-implemented method of claim 36, wherein the executed additional instructions cause the at least one peer computing system to generate a master certificate that includes the master cryptographic key, and perform operations that record the master certificate within an additional ledger block of the distributed ledger.

39.    The computer-implemented method of claim 31, further comprising:
receiving, using the at least one processor, a child cryptographic key from the at least one peer computing system, the child cryptographic key being derived from the master cryptographic key, and the child cryptographic key being associated with the domain; and
deriving, using the at least one processor, the first session key from the at least one child cryptographic key.

40. An apparatus, comprising:
a communications interface; a memory storing instructions; and
     at least one processor coupled to the memory and the communications interface, the at least one processor being configured to execute the instructions to:
receive, via the communications interface, a master cryptographic key generated by a computing system; generate a domain-specific key based on the master cryptographic key, and transmit the domain-specific key to the computing system via the communications interface; receive, from an intermediate device via the communications interface, a request to validate a digital signature applied to message data, the digital signature being generated by the computing system using a session key; and
determine that the session key is derived from the master cryptographic key, and transmit a response to the intermediate device via the communications interface, the response being indicative of the determination that the session key is derived from the master cryptographic key, the intermediate device being configured to perform operations that, based on the response, route the message data to a destination device.









       Patent 10,447,664 Claim 1

1. An apparatus, comprising: a communications interface a storage device; and a processor coupled to the storage device and the communications interface, the storage device storing software instructions for controlling the processor that when executed by the processor configure the processor to: generate a first message comprising a first payload portion; encrypt the first payload portion of the first message using a public cryptographic key associated with a destination device; generate a master cryptographic key for a domain that includes the apparatus and the destination device, and transmit, via the communications interface, the master cryptographic key to at least one peer computing system, the at least one peer computing system being configured to execute additional software instructions included within a ledger block of a distributed ledger, the executed additional software instructions causing the at least one peer computing system to generate a master certificate that includes the master cryptographic key and to perform operations that record the master certificate within an additional ledger block of the distributed ledger, the additional software instructions being associated with a certificate authority; 
     derive a first session key from a domain-specific cryptographic key, the domain-specific cryptographic key being derived from the master cryptographic key and associated with the domain; and apply a first digital signature to the first message using the first session key; and transmit, via the communications interface, the first message and the first digital signature to an intermediate device, and perform operations that discard the first session key in response to the transmission of the first message, the intermediate device being configured to transmit the first digital signature to the at least one peer computing system, and the executed additional software instructions causing at least one peer 
5. The apparatus of claim 1, wherein the processor is further configured to: receive, via the communications interface, at least one child cryptographic key from the at least one peer computing system, the child cryptographic key being derived from the master cryptographic key, and the child cryptographic key being associated with the domain; and derive the first session key from the at least one child cryptographic key.
7. The apparatus of claim of 1, wherein the intermediate device is configured to perform operations that validate the first digital signature based on the first session key, and based on the validation of the first digital signature, that route the first message and the first digital signature to at least one of (i) the destination device or (ii) an additional intermediate device.
12. The computer-implemented method of claim 10, further comprising: generating, by the at least one processor of the first device, a second message comprising a second payload portion including data intended for a third device; encrypting, by the at least one processor, the second payload portion using a public cryptographic key associated with third device; deriving, by the at least one processor, a second session key from the domain-specific key; and applying, by the at least one processor, a second digital signature to the second message using the second session key; and transmitting, by the least one processor, the second message and the second digital signature from the first device to the first intermediate device and performing, by the at least one processor, operations that discard the second session key in response to the transmission of the second message.
 The computer-implemented method of claim 12, wherein the first session key and the second session key are different.
16. The computer-implemented method of claim 10, wherein: the method further comprises receiving, by the at least one processor, at least one child cryptographic key, the child cryptographic key being derived from a master cryptographic key included within the master certificate recorded onto the ledger block of the distributed ledger, and the child cryptographic key being associated with the at least one of the plurality of domains; and the deriving comprises deriving the first session key from the at least one child cryptographic key.






Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21, 31, and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Yao (2007/0153732) in view of Singh (2013/0109308) and further in view of Cannon (2016/0125412).

As per claim 21, Yao discloses an apparatus, comprising:
a communications interface (Yao: para. 0063, WLAN, wireless area network); 
a memory storing instructions (Yao: See Fig. 5, para. 0035, WLAN has devices that stored instructions); and
(Yao: See Fig. 5, a processor is coupled to the memory and the WLAN in order to executed the instructions):
transmit a master cryptographic key to at least one peer computing system via the communications interface (Yao: para. 0064, para. transmit a master cryptographic key (i.e. master key MSK) to STA), the at least one peer computing system being configured to execute additional instructions to derive a domain-specific key from the master cryptographic key (Yao: para. 0064, the peer (i.e.) STA derives a domain-specific key (i.e. ESS domain key) from the master key);
receive the domain-specific key from the at least one peer computing system via the communications interface (Yao: See Fig. 5, para. 0063-0064, receive a domain-specific key (i.e. ESS domain key) from the STA (#540) (i.e. peer) via the communication interface (i.e. WLAN, wireless local area network);
derive a first session key from the domain-specific key (Yao: para. 0066, session key is generated based on the ESS domain key).
 	Yao does not explicitly disclose and apply a first digital signature to a first message using the first session key.
Singh discloses apply a first digital signature to a first message using the first session key (Singh: para. 0022, sign the APDU (i.e. message) using a session key).
It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include apply a first digital signature to a first message using the first session key of Singh with Yao both are analogous in the art of cryptographic communications, the motivation is that this a security measure that has a challenge/response (Singh: para. 0022).
Yao and Singh do not explicitly disclose transmit, via the communications interface, the first message and the first digital signature to an intermediate device associated with a domain that includes the apparatus, the intermediate device being configured to perform operations that validate the first digital signature and route at least the first message to a first device.
Cannon discloses transmit, via the communications interface (Cannon: communications interface (i.e. entity’s email server), the first message and the first digital signature to an intermediate device associated with a domain that includes the apparatus (Cannon: para. 0348-0350, the message (e-mail) signed (i.e. digital signature) to an intermediate device (i.e. SMTP server), the intermediate device being configured to perform operations that validate the first digital signature and route at least the first message to a first device (Cannon: para. 0350, SMTP server (i.e. intermediate device) validates the digital signature before forwarding (i.e. routing) the message).
It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include disclose transmit, via the communications interface, the first message and the first digital signature to an intermediate device associated with a domain that includes the apparatus, the intermediate device being configured to perform operations that validate the first digital signature and route at least the first message to a first device of Cannon with the combination of Yao-Singh all are analogous in the art of cryptographic communications, the motivation is that this is a security measure that improves the verification and certifies the e-mail digital signature before delivering the e-mail (Cannon: para. 0341).
As per claim 31, Yao discloses a computer-implemented method, comprising:
transmitting, using at least one processor, a master cryptographic key to at least one peer computing system (Yao: para. 0064, para. transmit a master cryptographic key (i.e. master key MSK) to STA), the at least one peer computing system being configured to execute additional instructions to derive a domain-specific key from the master cryptographic key (Yao: para. 0064, the peer (i.e.)STA derives a domain-specific key (i.e. ESS domain key) from the master key);   
receiving, using the at least one processor, the domain-specific key from the at least one peer computing system (Yao: See Fig. 5, para. 0063-0064, receive a domain-specific key (i.e. ESS domain key) from the STA (#540) (i.e. peer));
using at least one processor, deriving a first session key from the domain-specific key (Yao: para. 0066, session key is generated based on the ESS domain key).
Yao does not explicitly disclose applying a first digital signature to a first message using the first session key.
Singh does not explicitly disclose applying a first digital signature to a first message using the first session key (Singh: para. 0022, sign the APDU (i.e. message) using a session key).
It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include applying a first digital signature to a first message using the first session key of Singh with Yao both are analogous in the art of cryptographic communications, the motivation is that this a security measure that has a challenge/response mechanism that proves that both sides are able to calculate the correct session key (Singh: para. 0022).

Cannon discloses transmitting, using the at least one processor, the first message and the first digital signature to an intermediate device associated with a domain (Cannon: para. 0348-0350, the message (e-mail) signed (i.e. digital signature) to an intermediate device (i.e. SMTP server), the intermediate device being configured to perform operations that validate the first digital signature and route at least the first message to a first device (Cannon: para. 0350, SMTP server (i.e. intermediate device) validates the digital signature before forwarding (i.e. routing) the message).
It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include transmitting, using the at least one processor, the first message and the first digital signature to an intermediate device associated with a domain, the intermediate device being configured to perform operations that validate the first digital signature and route at least the first message to a first device of Cannon with the combination of Yao-Singh’s domain key; all are analogous in the art of cryptographic communications, the motivation is that this is a security measure that improves the verification and certifies the e-mail digital signature before delivering the e-mail (Cannon: para. 0341).


As per claim 40, Yao discloses a communications interface; a memory storing instructions; and at least one processor coupled to the memory and the communications interface, the at least one processor being configured to execute the instructions to:
receive, via the communications interface, a master cryptographic key generated by a computing system (Yao: para. 0064, receive via the communications interface (i.e. WLAN) a master key by negotiating the key is the generation);
generate a domain-specific key based on the master cryptographic key (Yao: para. 0064, the peer (i.e.) STA derives a domain-specific key (i.e. ESS domain key) from the master key), and transmit the domain-specific key to the computing system via the communications interface (Yao: See Fig. 5, para. 0063-0064, transmit a domain-specific key (i.e. ESS domain key) from via the communication interface (i.e. WLAN, wireless local area network);
determine that the session key is derived from the master cryptographic key (Yao: para. 0066, session key is generated based on the ESS domain key), and 
transmit a response to the intermediate device via the communications interface, the response being indicative of the determination that the session key is derived from the master cryptographic key, the intermediate device being configured to perform operations that, based on the response, route the message data to a destination device (Yao: See Fig. 5, para. 0064-0066, transmit a response to a BSS (i.e. intermediate device) via the WLAN (i.e. communication interface), the response being indicative of the determination that the session key is derived from the master key, the BSS based on the response routes the message broadcast message/frame to a destination device (i.e. STA)).


Singh discloses disclose the digital signature being generated by the computing system using a session key (Singh: para. 0022, sign the APDU (i.e. message) using a session key).
It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include the digital signature being generated by the computing system using a session key of Singh with Yao both are analogous in the art of cryptographic communications, the motivation is that this a security measure that has a challenge/response mechanism that proves that both sides are able to calculate the correct session key (Singh: para. 0022).
Yao and Singh do not explicitly disclose a request to validate a digital signature applied to a message data.
 Cannon discloses a request to validate a digital signature applied to a message data (Cannon: para. 0350, SMTP server (i.e. intermediate device) validates the digital signature before forwarding (i.e. routing) the message).
It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include a request to validate a digital signature applied to a message data of Cannon with the combination of Yao-Singh all are analogous in the art of cryptographic communications, the motivation is that this is a security measure that improves the verification and certifies the e-mail digital signature before delivering the e-mail (Cannon: para. 0341).


Claims 22 and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Yao (2007/0153732) in view of Singh (2013/0109308) and in view of Cannon (2016/0125412), and further in view of Srivastava (6,987,855).
As per claim 22, Yao, Singh, and Cannon the apparatus of claim 21. Yao further discloses wherein the at least one processor is further configured to:
generate the master cryptographic key (Yao: para. 0064, if the master key MSK is negotiated it has to be generated); and
Yao and Singh do not disclose perform operations that discard the first session key in response to the transmission of the first message and the first digital signature to the intermediate device.
Cannon discloses transmission of the first message and the first digital signature to the intermediate device (Cannon: para. 0348-0350, the message (e-mail) signed (i.e. digital signature) to an intermediate device (i.e. SMTP server).   
It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include transmission of the first message and the first digital signature to the intermediate device of Cannon with the combination of Yao-Singh all are analogous in the art of cryptographic communications, the motivation is that this is a security measure that improves the verification and certifies the e-mail digital signature before delivering the e-mail (Cannon: para. 0341).
Yao, Singh, Cannon do not disclose discarding the first session key.  
Srivastava discloses discarding the first session key (Srivastava: col. 3, lines 3-4, discarding the session key).
(Srivastava: col. 4, lines 33-38).

As per claim 32, rejected under similar scope as claim 22.

Claims 23-24, and 33-34 are rejected under 35 U.S.C. 103 as being unpatentable over Yao (2007/0153732) in view of Singh (2013/0109308) and in view of Cannon (2016/0125412), and further in view of Bell (2015/0127944).

As per claim 23, Yao, Singh, and Cannon disclose the apparatus of claim 21.
Yao, Singh, and Cannon do not explicitly disclose wherein: the first message comprises a payload portion; and the at least one processor is further configured to encrypt the payload portion using a public key of the first device.
Bell discloses wherein: the first message comprises a payload portion (Bell: para. 0010, a message consist of a message payload (i.e. message and its signature)); and the at least one processor is further configured to encrypt the payload portion using a public key of the first device (Bell: para. 0010, encrypt payload with the recipient’s (i.e. first device) public key).
(Bell: para. 0006).
As per claim 24, Yao, Singh, Cannon, and Bell discloses the apparatus of claim 23.
Bell further discloses wherein the at least one processor is further configured to:
            receive the payload portion from a second device via the communications interface (Bell: para. 0005, 0010 more than one client can receive the payload portion, thus there is included a second device), the first and second devices being associated with the domain (Bell: para. 0008 the first and second devices, client are associated with the domain in the network); and
generate the first message, the first message comprising the encrypted payload portion (Bell: para. 0009-0010, message includes an encrypted payload (i.e. signature and message).
Same motivation as claim 23 above.

	As per claims 33-34, rejected under similar scope as claims 23-24.


Claims 25 and 35 are rejected under 35 U.S.C. 103 as being unpatentable over Yao (2007/0153732) in view of Singh (2013/0109308) and in view of Cannon (2016/0125412), and in view of Bell (2015/0127944), and in view of Srivastava (6,987,855).
As per claim 25, Yao, Singh, Cannon, and Bell discloses the apparatus of claim of 24.
            Bell further discloses wherein the processor is further configured to: 
receive an additional payload portion from the second device via the communications interface (Bell: para. 0004-0005, additional payload portion (i.e. message payload, includes more than one that from multiple client devices include a second device);
encrypt the additional payload portion using the public key (Bell: para. 0010, encrypt payload with the recipient’s (i.e. first device) public key), and 
generate a second message that includes the encrypted additional payload portion (Bell: para. 0008-0010, generate a second message, multiple messages includes encrypted additional payload portion for each message).
Bell does not explicitly disclose derive a second session key from the domain-specific key, the second session key being different than the first session key.
Yao discloses derive a second session key from the domain-specific key, the second session key being different than the first session key (Yao: para. 0066, session key is generated based on the ESS domain key).




(Yao: para. 0065).
Yao and Bell do not explicitly disclose apply a second digital signature to the second message; and transmit, via the communications interface, the second message and the second digital signature to the intermediate device. 
Cannon discloses apply a second digital signature to the second message; and transmit, via the communications interface, the second message and the second digital signature to the intermediate device (Cannon: para. 0348-0350, the message (e-mail) signed (i.e. digital signature) to an intermediate device (i.e. SMTP server).   
It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include apply a second digital signature to the second message; and transmit, via the communications interface, the second message and the second digital signature to the intermediate device of Cannon with the combination of Yao-Singh all are analogous in the art of cryptographic communications, the motivation is that this is a security measure that improves the verification and certifies the e-mail digital signature before delivering the e-mail (Cannon: para. 0341).



Srivastava discloses discard the second session key (Srivastava: col. 3, lines 3-4, discarding the second session key, each user has a session key, which includes a second session key).
It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include discarding the second session key of Srivastava with Yao-Singh-Cannon-Bell; all arts cryptographic communications, the motivation is that the approach provides the added security of destroying the session key at the end of a session, thereby providing greater protection against unauthorized access by eavesdroppers (Srivastava: col. 4, lines 33-38).

As per claim 35, rejected under the same scope as claim 25.

Claim Objections

Claims 26-30, and 36-39 contain allowable subject matter, and if the terminal disclaimer is filed and approved in this case, and if the allowable subject matter is rewritten in independent form including all of the limitations of the base claim and any intervening claims would reduce prosecution.  The prior art of Yao, Singh, and Cannon, and Bell do not disclose or suggest, the limitations of the claims above.  Further, claim 29 is only included because it is dependent on claim 28.  
                                                                 Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791.  The examiner can normally be reached on M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications 


10/19/2021
/J.E.J/Examiner, Art Unit 2439                                                                                                                                                                                                        

/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439