--DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the amendment filed on 10/15/2021.
Claims 1-20 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed on 10/15/2021 have been fully considered but they are not persuasive. 
Applicant argues on page 6 of the Remarks that Hughes does not teach that the first user requests a first trusted node “to deliver symmetric encryption keys to the pair of user devices”.
Examiner respectfully disagrees with the Applicant’s arguments.  Expanding from the previous rejection, Hughes does teach “receiving, at a first trusted node in a network, a request from a first one of a pair of user devices to deliver symmetric encryption keys to the pair of user devices” 
Applicant argues on page 7 of the Remarks that Hughes does not teach delivering, from the first trusted node via the trusted nodes in the network, a second one of the symmetric encryption keys to a second one of the pair of user devices.  Examiner respectfully disagrees with the Applicant’s arguments.  Expanding from the previous rejection, Hughes does teach the disputed limitation which is delivering, from the first trusted node via the trusted nodes in the network, a second one of the symmetric encryption keys to a second one of the pair of user devices (Hughes: paragraph 0171, “the first child trusted authority distributes keys by QKD under a trust relationship with a first user in the first sub-network. The second child trusted authority is associated with one or more users in a second sub-network. In particular, the second child trusted authority distributes keys by QKD under a trust relationship with a second user in the second sub-network.”).  As can be seen in the cited 
Applicant further argues on page 7 of the Remarks that Hughes does not teach receiving, at the first trusted node, from one of the trusted nodes in the network, confirmation of delivery of the second one of the symmetric encryption keys to the second one of the pair of user devices.  Examiner respectfully disagrees with the Applicant’s arguments.   Hughes does teach receiving, at the first trusted node, from one of the trusted nodes in the network, confirmation of delivery of the second one of the symmetric encryption keys to the second one of the pair of user devices (Hughes: paragraphs 0019 “The certificate authority checks the status of credentials for the second user device. If the status of credentials for the second user device satisfies one or more evaluation criteria (e.g., not revoked), the certificate authority transmits the information to the first user device”, 0055 “it can request such verification information from the trusted authority (101). In this role, the trusted authority (101) can verify the credentials of a user at various stages before distributing information regarding the user, to verify that credentials for the user have not been revoked.”, 0218 “In particular, the trusted authority can confirm (by signing the non-secret key of the second user) that the user privileges of the second user 
Applicant argues on page 8 of the Remarks that Hughes does not teach delivering, from the first trusted node in the network, a first one of the symmetric encryption keys to the first one of the pair of user devices, responsive to the confirmation of the delivery of the second one of the symmetric encryption keys to the second one of the pair of user devices.  Examiner respectfully disagrees with the Applicant’s arguments.  Hughes does teach delivering, from the first trusted node in the network, a first one of the symmetric encryption keys to the first one of the pair of user devices, responsive to the confirmation of the delivery of the second one of the symmetric encryption keys to the second one of the pair of user devices (Hughes: paragraphs 0055 and 0218-0221, “The trusted authority receives the request and checks the credentials of user 4. If the credentials are valid, the trusted authority determines the pair key P(1, 4) and key authentication value A(1, 4). The trusted authority signs the non-secret key using one of its signature keys X.sub.0(TA, 1, a). The trusted authority then sends the non-secret key (that is, P(1, 4).parallel.A(1, 4)) and signature sig [P(1, 4).parallel.A(1, 4); X.sub.0(TA, 1, a)] to user device 1.”).  Paragraph 0221 shows that a key is delivered to the user device 1 when the trusted authority confirms that user device 4 is a valid user.  Therefore, Hughes does teach the disputed limitation.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/26/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-4, 7-8, 1-11, 14-15 and 18-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Hughes et al. (US 20130083926) (hereinafter Hughes).
Regarding claim 1, Hughes discloses a method for secure out-of-band symmetric encryption key delivery, comprising: receiving, at a first trusted node in a network, a request from a first one of a pair of user devices to deliver symmetric encryption keys to the pair of user devices (Hughes: paragraphs 0019, 0041, 0129, 0214-0215 and 0221, “the trusted authority (101) can generally act as a key distribution center (by generating/distributing quantum keys to user devices)”…“To initiate the process of communicating with user device 4, user device 1 requests the non-secret key of user device 4 from the trusted authority, where the non-secret key is the concatenation of the pair key P(1, 4) and key authentication value A(1, 4).”); delivering, from the first trusted node via the trusted nodes in the network, a second one of the symmetric encryption Hughes: paragraphs 0171 and 0216, “the trusted authority sends the non-secret key of the second user, which is the pair key P(1, 2) and the key authentication value A(1, 2) for the second user”… “the first child trusted authority distributes keys by QKD under a trust relationship with a first user in the first sub-network. The second child trusted authority is associated with one or more users in a second sub-network. In particular, the second child trusted authority distributes keys by QKD under a trust relationship with a second user in the second sub-network.”); receiving, at the first trusted node, from one of the trusted nodes in the network, confirmation of delivery of the second one of the symmetric encryption keys to the second one of the pair of user devices (Hughes: paragraphs 0019, 0055, 0171, 0214, 0217-0218 and 0221, “The certificate authority checks the status of credentials for the second user device. If the status of credentials for the second user device satisfies one or more evaluation criteria (e.g., not revoked), the certificate authority transmits the information to the first user device”…“it can request such verification information from the trusted authority (101). In this role, the trusted authority (101) can verify the credentials of a user at various stages before distributing information regarding the user, to verify that credentials for the user have not been revoked.”…“In particular, the trusted authority can confirm (by signing the non-secret key of the second user) that the user privileges of the second user have not been revoked. Through the trusted authority, the first user can confirm that the second user is still a valid user”); and delivering, from the first trusted node in the network, a first one of the symmetric encryption keys to the first one of the pair of Hughes: paragraphs 0055 and 0217-0221, “As explained in section IV, using the pair key P(1, 2) from the non-secret key and its previously received key derivation key L(1, 2) (from QKD), the first user can determine the encryption key K(2, 1) as K(2, 1)=L(1, 2).sym.P(1, 2).”… “The trusted authority receives the request and checks the credentials of user 4. If the credentials are valid, the trusted authority determines the pair key P(1, 4) and key authentication value A(1, 4). The trusted authority signs the non-secret key using one of its signature keys X.sub.0(TA, 1, a). The trusted authority then sends the non-secret key (that is, P(1, 4).parallel.A(1, 4)) and signature sig [P(1, 4).parallel.A(1, 4); X.sub.0(TA, 1, a)] to user device 1.”).
Regarding claim 10, claim 10 discloses a media claim that is substantially equivalent to the method of claim 1.  Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 10 and rejected for the same reasons.
Regarding claim 15, claim 15 discloses an apparatus claim that is substantially equivalent to the method of claim 1.  Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 15 and rejected for the same reasons.
Regarding claim 2, Hughes further discloses wherein the first and second ones of the symmetric encryption keys are guaranteed by the trusted nodes to be delivered to only the first and second ones of the pair of user devices (Hughes: paragraphs, 0017, 0157-0165 and 0244, “the message and the digital signature are transmitted to a first user device by a system that implements a certificate authority, where the message is a non-secret key of a second user device. The certificate authority is typically the trusted authority, but alternatively the system that implements the certificate authority can be a different system in secure communication (more generally, has a trust relationship) with the system that implements the trusted authority”… “At various stages, the trusted authority can block a transaction from completing, or at least warn a user that another user is not validated. For example, by refusing to provide a non-secret key (including a pair key), the trusted authority can prevent a user from determining an encryption key for another user. Or, by refusing to provide verification information, the trusted authority can signal that a user is no longer authorized”).
Regarding claim 3, Hughes further discloses wherein the delivering the second one of the symmetric encryption keys comprises delivering the second one of the symmetric encryption keys through the network between nodes that are pre-configured to trust each other as trusted nodes (Hughes: paragraphs 0080, 0173 and 0177, “long-term keys can be distributed out-of-band, by courier, or by having each user bring his or her device into physical proximity of the trusted authority for direct delivery of the long-term key.”… “A computing system implements the role of a trusted authority, and the computing system can be located at a single physical location or distributed among multiple physical locations. The above-described QKD protocols can be implemented in a configuration in which the functions of a trusted authority are distributed across multiple physical nodes. Distribution of trusted authority functions across multiple physical nodes can help protect against failure or compromise of any given one of the nodes”
Regarding claims 4 and 11, Hughes further discloses wherein the trusted nodes in the network comprise nodes in a peer-to- peer or mesh network each in a one-to-one, one-to-many, or many-to-many configuration (Hughes: see figure 1 
    PNG
    media_image1.png
    736
    628
    media_image1.png
    Greyscale
; and paragraph 0045, “The point-to-point QKD can happen over a single optical span or multiple spans in a fiber network whose topology supports QKD. For example, the topology includes intermediate routers between the QC card and trusted authority, but the routers preserve quantum state information. In FIG. 1, the installed fiber (104) is also used as a public channel to exchange non-quantum information between the QC card (102) and trusted authority (101), for example, authentication information, non-quantum information about measuring bases, recording basis in the QKD, and/or non-secret key information from the trusted authority (101). Alternatively, the QC card (102) and trusted authority (101) communicate non-quantum information over another type of network media (e.g., copper, RF) or free space (optical), or over a fiber network having another network topology”).
Regarding claim 7, Hughes further discloses comprising: generating and delivering quantum keys to each of two or more trusted nodes in the network ((Hughes: paragraphs 0171, 0214 and 0217-0218, “the first user verifies the trusted authority's signature on the non-secret key of the second user. The first user can thus confirm the non-secret key was actually received from the certificate authority. By extension, this provides assurance (from the trusted authority as certificate authority) that the first user has in fact derived the encryption key of the second user, and not some other party.”).
Regarding claims 8, 14 and 18, Hughes further discloses comprising: encrypting each of one or more node to node transmissions with a quantum key, during delivery of the first and second ones of the symmetric encryption keys (Huges: paragraphs, 0058 and 0121-0123, “Quantum keys can facilitate secure communication even when the quantum keys are not used for algorithmic encryption. If two user devices have the same quantum keys, a first user device can use stored quantum keys to determine patterns to spread information content between wavelengths and/or time slots of a signal, then spread the information according to the patterns in transmission. The second user device determines the patterns from the stored quantum keys and de-spreads the information content from the signal it receives. The patterns depend on the stored quantum keys, but security is provided at the physical layer in transmission, not through use of the stored quantum keys in encryption”); and generating quantum keys in two or more neighboring trusted nodes (Hughes: paragraph 0170, “a trusted authority establishes keys by QKD with each of multiple users. A trusted authority can be part of a hierarchy of trusted authorities, in which case the trusted authority establishes keys with a sub-network of one or more users. Users associated with different trusted authorities can establish shared secret keys through an intermediary trusted authority in the hierarchy”).
Regarding claim 19, Hughes further discloses wherein the trusted nodes are further to: use encryption and decryption with quantum keys, for each node to node transmission during delivery of the first and second symmetric encryption keys (Hughes: paragraph 0173, “For example, the first child trusted authority receives an encrypted session key from the parent trusted authority and decrypts the encrypted session key using one of its keys from QKD with the parent trusted authority. The first child trusted authority re-encrypts the session key using one of its keys from QKD with the first user, and distributes the re-encrypted session key to the first user device. Similarly, the second child trusted authority receives an encrypted version of the session key from the parent trusted authority, decrypts the encrypted session key using one of its keys from QKD with the parent trusted authority, re-encrypts the session key using one of its keys from QKD with the second user, and distributes the re-encrypted session key to the second user device”).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 5-6, 9, 12-13, 16-17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hughes in view of Cao et al. (Reference U: Cost-Efficient Quantum Key Distribution Over WDM Networks) (hereinafter Cao).
Regarding claims 5, 12 and 16, Hughes does not explicitly disclose the following limitation which is disclosed by Cao, comprising: performing just-in-time optimal pathfinding during delivery of the first and second ones of the symmetric encryption Cao: table 1 on page 288 
    PNG
    media_image2.png
    613
    361
    media_image2.png
    Greyscale
; and pages 290-291, “For each incoming QKD request, the QKD path is first computed and selected by the Dijkstra’s shortest path algorithm, which is beneficial to minimize the required number of QKD transceivers and TRNs as well as the required physical length of QKD links.”).  Hughes and Cao are analogous art because they are from the same field of endeavor, secure communication.  Before the effective filing date of the claimed invention, it would have been obvious to one of 
Regarding claims 6, 13 and 17, Hughes as modified further discloses performing just-in-time load-balancing during delivery of the second one of the symmetric encryption keys (Cao: pages 287 and 290, “To efficiently utilize the finite fiber bandwidth resources, wavelengths for different channels should be planned, as shown in Fig. 4(a). In order to ensure the sufficient isolation of linear crosstalk and utilize as few filters as possible, we choose the fiber O band (1260–1360 nm) for quantum-signal transmission and C band (1530–1565 nm) for classical-signal transmission [15,34]. Thus, the QCh is placed at the fiber”).  The same motivation to modify Hughes in view of Cao, as applied in claim 5 above, applies here.
Regarding claims 9 and 20, Hughes as modified further discloses comprising: performing just-in-time optimal pathfinding based on availability of quantum keys during delivery of the first and second ones of the symmetric encryption keys (Cao: see table 1 on page 288 
    PNG
    media_image2.png
    613
    361
    media_image2.png
    Greyscale
; and page 290, “All the available wavelength channels planned as QChs are numbered in the FF algorithm, where a lower-numbered wavelength channel is selected before a higher-numbered wavelength channel.”).  The same motivation to modify Hughes in view of Cao, as applied in claim 5 above, applies here.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, e.g., 
Saavedra (US 20180013556) discloses a network system is provided for improving network communication performance between a first client site and a second client site, the network system including: at least one client site network component bonding or aggregating one or more diverse network connections; and at least one network server component, configured to interoperate with the client site network component, the network server component including a server/concentrator that is implemented at an access point to a high performing network, between the client site network component and the network server component data traffic is carried to a network backbone of the high performing network; and 
Maeda (US 20090262942) discloses a method for managing shared random numbers in a secret communication network including at least one center node and a plurality of remote nodes connected to the center node, includes: sharing random number sequences between the center node and respective ones of the plurality of remote nodes.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740.  The examiner can normally be reached on Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 






/TRANG T DOAN/Primary Examiner, Art Unit 2431