DETAILED ACTION
The restriction requirement issued 11/23/2021 is withdrawn.  A new action on the merits is provided herein.
Response to Arguments
Applicant's arguments excluding claim 35 arguments are moot in view of the new grounds of rejection necessitated by applicants amended claim scope.

As to the argument found page 12 relating to claim 35 that alleges Roth does not disclose: 
wherein the token comprises current and previous token version information

To the contrary,  Fig 18 1802 reflects each security module which may correspond to a previous token as the 
security modules are not required to change each time a domain changes.

		Fig 18 1804 Domain Keys may correspond to current token information because the Domain keys 
may be subject to update or a rotation without changes the security modules of the domain.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 21, 22-34, 37 and 46  rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  For example:
(1)	claim 21 recites: 	
"generating a new version of a domain trust to replace an initial version of the domain trust"
and
"a command to update the initial version of the domain trust to the new version of the domain trust"
It is unclear if the limitation 'replace an initial version of the domain trust' is different from or the same as 'update the initial version of the domain trust to a new version of the domain trust'.    As such, the phrase: 
"a command to update the initial version of the domain trust to the new version of the domain trust"
			will be interpreted as:

"a command to do the replacement 

Claims 22-27 are also rejected under 112 because they depend from a base claim that has been rejected under 112.

wherein  devices are physical hardware.  Therefore  a trust cannot comprise devices.
Claims 29-34 are also rejected under 112 because they depend from a base claim that has been rejected under 112.

(3) Claim 37 is rejected because there is no antecedent basis for the term 'the previous version of the token'
(4) Claim 46 is rejected because there is no antecedent basis for the term 'the cryptographically verifiable digital 
signature'
 Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claim 21-34,   and 41-46 is/are rejected under 35 U.S.C. 103 as being unpatentable over Roth et al (US 9608813 hereinafter Roth)
As to claim 21 Roth discloses, a computer-implemented method, comprising: 
generating C36 57 – 61 generating a domain token in view of Fig 17 and Fig 20 2010
a new version of a domain trust,  
Fig 17 Domain Token
in view of C34 42-58 a proposed domain in view of C38 1 – 7 and C5 62 – 65
in view of C34 31 – 53 a domain token is a proposal for the domain defined in the token
to replace C34 42-58 the domain token includes a complete set of operational parameters that the security 
module operator desires to replace
an initial version of the domain trust
C34 42-58 a current domain in view of  C34 18-22 a current installed domain
in view of Fig 18 1800 Domain token 
in further view of  C36 13- C3715
wherein:
the initial version of the domain trust 
C34 42-58 a current domain 
in view of Fig 18 1800 Domain token
in further view of  C36 13- C37 15
specifies at least
            Fig 18 1802 package 1 …N
            C36 lines 18-20 a package 1802 for each security module that is to be a domain member
	a first set 
C32 39-40 modules 1702 are all members of the same cryptographic domain
in view of  Fig 17 1702 Security Module 1 ….Security Module N
in further view of  C32 36 each of the security modules 1702 
in view of  line 32 set of security modules
of devices C30 line 41-44 security module may be a suitable computer device
	a first set of quorum rules
Fig 18 1800 Domain token including Domain Sub-Token 1804 with Quorum Rules
	and a root of trust
C36 48-51 the domain sub-token 1804 may also identify one or more authorized 
operators such as a human or non-human operators such a  1704 and/or a server
in view of C34 53-55 The domain token may also include other information such as an 
identifier of the operator that requested the domain token

and the new version of the domain trust 
C34 42-58 a proposed domain
in view of C34 31 – 53 a domain token is a proposal for the domain defined in the token
specifies at least 
           Fig 18 1802 package 1 …N
           C36 lines 18-20 a package 1802 for each security module that is to be a domain member
a second set 
C32 43-44 other security modules are members of one or more cryptographic domains
in view of  C34 37 – 41 adding or subtracting security modules from the cryptographic 
domain
of devices C30 line 41-44 security module may be a suitable computer device
a second C33 56-67 change one or more quorum rules
set of quorum rules; 
Fig 18 1800 Domain token including Domain Sub-Token 1804 with Quorum Rules
and the root of trust 
C36 48-51 the domain sub-token 1804 may also identify one or more authorized 
operators such as a human or non-human operators such a  1704 and/or a server
in view of C34 53-55 The domain token may also include other information such as an 
identifier of the operator that requested the domain token


obtaining  C34 7-10 1702 may respond to the domain change request by providing 1710 a domain token
a plurality of digital signatures the plurality corresponding to  K-1 operators see C34 13-22  
C34 13-22 a request to change a domain includes an electronic signature for each operator 1710
in view of C34 line 18-22 the security module may check that the domain change request includes 
an electronic signature for each of K operators 1710
in further view of  C34 53 the domain token may include information to allow the token to be 
authenticated such as one or more electronic signatures
		in further view of  C36 1- 12  the domain ingest request includes the domain token which includes 
information to enable 1702 to authenticate it's updated operational parameters;  the authentication corresponding to C34 53 authentication using the one or more electronic signatures
		Note: Examiners interpretation of Roth is that Domain change requests of Fig 17 includes 
signatures of each operator and that the returned Domain token also includes these signatures and that these signatures are those verified in response to the Domain Ingestion Request of Fig 17according to the quorum rules included in the Domain Token
[[from]]  C34 10-13 providing a domain token in response to a request to change
the first set 
C32 39-40 modules 1702 are all members of the same cryptographic domain
in view of  Fig 17 1702 Security Module 1 ….Security Module N
in further view of  C32 36 each of the security modules 1702 
in view of  line 32 set of security modules
of devices C30 line 41-44 security module may be a suitable computer device

wherein the plurality of digital signatures the plurality corresponding to  K-1 operators see C34 13-22  
C34 13-22 a request to change a domain includes an electronic signature for each operator 1710
in view of C34 line 18-22 the security module may check that the domain change request includes 
an electronic signature for each of K operators 1710
in further view of  C34 53 the domain token may include information to allow the token to be 
authenticated such as one or more electronic signatures
		in further view of  C36 1- 12  the domain ingest request includes the domain token which includes 
information to enable 1702 to authenticate it's updated operational parameters;  the authentication corresponding to C34 53 authentication using the one or more electronic signatures
		Note: Examiners interpretation of Roth is that Domain change requests of Fig 17 includes 
signatures of each operator and that the returned Domain token also includes these signatures and that these signatures are those verified in response to the Domain Ingestion Request of Fig 17according to the quorum rules included in the Domain Token

satisfies C34 13 – 18 signature that satisfy domain quorum rules
[[a]] the first set of quorum rules 
Fig 18 1800 Domain token including Domain Sub-Token 1804 with Quorum Rules

and the first set of quorum rules 
Fig 18 1800 Domain token including Domain Sub-Token 1804 with Quorum Rules
specifies C36 57 – 59 a rule that specifies
one or more conditions C36 58 a rule
for the second set of devices C32 43-44 other security modules are members of one or more 
cryptographic domains
being authorized C36 57 – 59 required to fulfillment of a request
to generate C36 57 – 61 generating a domain token
the new version of the domain trust; 
C34 42-58 a proposed domain
in view of C34 31 – 53 a domain token is a proposal for the domain defined in the token
see Fig 17 interaction between 1710 and 1702
to a first device 
Fig 17 1702 security module N
 in view of  C32 46 one cryptographic module that is a member of the same domain as another 
security module
of the first set 
C32 39-40 modules 1702 are all members of the same cryptographic domain
in view of  Fig 17 1702 Security Module 1 ….Security Module N
in further view of  C32 36 each of the security modules 1702 
in view of  line 32 set of security modules
of devices C30 line 41-44 security module may be a suitable computer device

a command Fig 17 C Request  
to update 
C40 63 – 65 a result of ingesting the token i.e. by updating operation parameters
in view of Fig 20 2010
the initial version of the domain of trust C34 42-58 a current domain
to the new version of the domain trust C34 42-58 a proposed domain

the command Fig 17 Domain Change Request  
comprising
the plurality of digital signatures  the plurality corresponding to  K-1 operators see C34 13-22  
C34 13-22 a request to change a domain includes an electronic signature for each operator 1710
in view of C34 line 18-22 the security module may check that the domain change request includes 
an electronic signature for each of K operators 1710
in further view of  C34 53 the domain token may include information to allow the token to be 
authenticated such as one or more electronic signatures
		in further view of  C36 1- 12  the domain ingest request includes the domain token which includes 
information to enable 1702 to authenticate it's updated operational parameters;  the authentication corresponding to C34 53 authentication using the one or more electronic signatures
		Note: Examiners interpretation of Roth is that Domain change requests of Fig 17 includes 
signatures of each operator and that the returned Domain token also includes these signatures and that these signatures are those verified in response to the Domain Ingestion Request of Fig 17according to the quorum rules included in the Domain Token

and a digital signature the digital signature corresponding to the  Kth operator see C34 13-22  
C34 13-22  electronic signature for K+1 operator 1710
in view of C34 13-22 an electronic signature for each of K operators 1710 signed 
see also C7 40-42 the operator may use the session key to sign requests
in view of Fig 17 Domain Change Request
		signed by the root of trust  
C36 48-51 the domain sub-token 1804 may also identify one or more authorized 
operators such as a human or non-human operators such a  1704 and/or a server
in view of C34 53-55 The domain token may also include other information such 
as an identifier of the operator that requested the domain token
		indicating that the initial version of the domain of trust C34 42-58 a current domain
		is to be trusted by C33 35-45 security module operator having authorization
		the first set 
C32 39-40 modules 1702 are all members of the same cryptographic domain
in view of  Fig 17 1702 Security Module 1 ….Security Module N
in further view of  C32 36 each of the security modules 1702 
in view of  line 32 set of security modules
of devices C30 line 41-44 security module may be a suitable computer device
see Fig 17 interaction between 1710 and 1702
from the first device
Fig 17 1702 security module N
 in view of  C32 46 one cryptographic module that is a member of the same domain as another 
security module
a response 
C34 7-10 1702 may respond to the domain change request by providing 1710 a domain token
*Note: Examiner interprets response as including information as well as a series of actions
to the command Fig 17 Domain Change Request  
that comprises:
information usable to validate the response, 
the information comprising: 
verification 
C36 line 65 – C37 line 2 fulfillment of the request (i.e. ingestion request) may 
be denied if the request does not include a valid signature for each member of the set of operators
of the digital signature signed by the root of trust,Page 2 of 20 4843-1749-9632v.4 0097749-289US1Application No. 15/865,016Amendment dated August 25, 2021 
the digital signature corresponding to  Kth operators see C34 13-22  
C34 13-22  electronic signature for K+1 operator 1710
in view of C34 13-22 an electronic signature for each of K operators 
1710 signed 
see also C7 40-42 the operator may use the session key to sign requests
in view of Fig 17 Domain Change Request
Reply to Office Action of June 25, 2021verification 
C36 line 65 – C37 line 2 fulfillment of the request (i.e. ingestion 
request) may be denied if the request does not include a valid signature for each member of the set of operators
that the plurality of digital signatures 
the plurality corresponding to  K-1 operators see C34 13-22  
C34 13-22 a request to change a domain includes an electronic signature for each operator 1710
in view of C34 line 18-22 the security module may check that the domain change request includes 
an electronic signature for each of K operators 1710
in further view of  C34 53 the domain token may include information to allow the token to be 
authenticated such as one or more electronic signatures
		in further view of  C36 1- 12  the domain ingest request includes the domain token which includes 
information to enable 1702 to authenticate it's updated operational parameters;  the authentication corresponding to C34 53 authentication using the one or more electronic signatures
Note: Examiners interpretation of Roth is that 
Domain change requests of Fig 17 includes 
signatures of each operator and that the returned Domain token also includes these signatures and that these signatures are those verified in response to the Domain Ingestion Request of Fig 17according to the quorum rules included in the Domain Token
satisfy the first set of quorum rules, 
	C37 2-3 a domain quorum rule may specify a minimum number of operators 
(e.g. Fig 17 1710) required
	in view of  C34 10-22 1702 may be configured to determine if the domain 
quorum rules are satisfied before providing a domain token in response to a request to change a domain
and an indication that the first device has replaced the initial version of the domain trust with the new version of the domain trust; and 
	Fig 20 2012 updated domain keys and other operational parameters

a token,  Fig 18 1800
generated based at least in part on 
C34 7-10 1702 may respond to the domain change request by providing a domain token
the new version of the domain trust,
C34 42-58 a proposed domain in view of C38 1 – 7  and  C5 62 – 65

wherein the token Fig 18 1800
comprises Fig 18 1800 includes Fig 18 1804
a set of keys 
Fig 18 1804 Domain Key(s)
in view of C6 28- 33 domain key common to all security modules
and indicates 
	C36 lines 18-20 a package 1802 for each security module that is to be a domain member
the second set of devices C32 43-44 other security modules are members of one or more 
is authorized to access
C36 line 27 – 36 package 1802 includes a random key encrypted using a public key of a 
PKI pair, such that the security module may decrypt the random key with its private key and then use the decrypted random key to decrypt the one or more domain keys in sub-token 1804 of Fig 18
in view of C6 28- 33 domain key common to all security modules
the set of keys; 
Fig 18 1804 includes Domain Key(s)
in view of C6 28- 33 domain key common to all security modules

and transmitting the token 
C6 15-20 the coordinator forwards the token to each security module
 in view of  Fig 17 Domain Ingestion request sent to all modules 1702
to a second device Fig 17 1702 Security module 1 in view of  C32 47 another security module
of the second set of devices.
C32 43-44 other security modules are members of one or more cryptographic domains


Before the effective filing date, it would have been obvious to a person having ordinary skill in the art that:
(1)  whereas Roth teaches K operators in C34 13-22 , therefore it would be obvious to one of ordinary skill 
in the art that Roth also teaches K-1 operators.  Therefore, for example, if K=3  the claimed digital signature may correspond to the signature of the 3rd  operator and the claimed plurality of digital signatures may correspond to the signatures of the 1st and 2nd operators
	(2) Roth teaches that the claimed plurality of digital signatures may be obtained from the first set of 
devices because the Examiners interpretation of Roth is that Domain change requests of Fig 17 
includes signatures of each operator and that the returned Domain token also includes these signatures and that these signatures are those verified in response to the Domain Ingestion Request of Fig 17according to the quorum rules included in the Domain Token 
in view of  C34 13-22 a request to change a domain includes an electronic signature for 
each operator 1710
and in view of C34 line 18-22 the security module may check that the domain change 
request includes an electronic signature for each of K operators 1710
in further view of  C34 53 the domain token may include information to allow the token 
to be authenticated such as one or more electronic signatures
			and in further view of  C36 1- 12  the domain ingest request includes the domain token 
which includes information to enable 1702 to authenticate it's updated operational parameters;  the authentication corresponding to C34 53 authentication using the one or more electronic signatures
As to claim 22 Roth discloses
wherein the token Fig 18 1800
indicates a set of rules C34 line 34 operational parameters
to change 
C34 line 37 – 41 the token may change the set of security modules that are members of the 
cryptographic domain
access to 
C6 28- 33 domain key common to all security modules
in view of C36 line 27 – 36 package 1802 includes a random key encrypted using a public key of a 
PKI pair, such that the security module may decrypt the random key with its private key and then use the decrypted random key to decrypt the one or more domain keys in sub-token 1804 of Fig 18
the set of keys
Fig 18 1804 includes Domain Key(s)
	from the first set of devices to the second set of devices
C34 37 – 41 the token may change the set of modules that are members of the domain by adding or subtracting security modules from the cryptographic domain
in view of Fig 18 which illustrates access to the keys for modules having token 1800

As to claim 23 Roth discloses
wherein the first set of devices and second set of devices at least partially overlap C32 38 - 50

Claim 24 is rejected on the basis previously presented in the rejection of claim 21 
in view of Fig 17 1702 security modules 1-N 
and C30 line 41-44 security module may be a suitable computer device

As to claim 25 Roth discloses	
wherein the set of keys 
	Fig 18 1804 Domain Key(s)
	replaces C39 24-35 rotate domain keys
a previous set of keys  C39 24-35 the old domain key that is to be replace by the new domain key
accessible C6 28- 33 domain key common to all security modules
to the first set of devices.  C32 39-40 modules 1702 are all members of the same cryptographic domain

 
As to claim 26 Roth discloses 
validating Fig 20 2006 signature valid ?
the new version of the domain trust
Fig 20 2002 receive domain ingestion request
in view of  C34 42-58 a proposed domain
in view of  C34  31 – 53 a domain token is a proposal for the domain defined in the token
based at least in part on a public key
	Fig 20 2004 use private key to decrypt KRand
	in view of  C38 30 -34 public private pair to decrypt  i.e. was encrypted with public key of pair
corresponding Fig 17 domain ingestion request in view of  Fig 20 2006  
to the first device Fig 17 1702 Security module 1 in view of  C32 46 One cryptographic module

 

As to claim 27
Roth discloses
wherein the digital signature 
C34 13-22  electronic signature for K+1 operator 1710
i.e. in a case where there are K+1 operators each contributing a signature, the plurality of digital signatures maps to the 1st K of K+1 signatures and the digital signature maps to the (K+1)th signature.
signed by 
C7 40-42 the operator may use the session key to sign requests
in view of Fig 17 Domain Change Request
the root of trust 
C33 46- 51 Fig 17 1710 security module operator
in view of C33 46- 51 non-human operator
is generated by the root of trust 
based on one or more cryptographic keys  
C7 40-42 the operator may use the session key to sign requests 
in view of Fig 17 Domain Change Request
and based on  
C33 62-64 the domain change request may be a request that specifies a change 
to a domain  i.e. the current domain
the initial version of the domain trust; C34 42-58 a current domain
and wherein the root of trust 
C33 46- 51 Fig 17 1710 security module operator
in view of C33 46- 51 non-human operator
[[is]] a computing device 
	C33 44-45 appropriate hardware such as computer systems

trusted by 
	C7 50-52 any security module having access to the domain key (i.e. member of the 
cryptographic domain) is able to validate the request and respond accordingly
			in view of  C32 51-57
both 
the first set C32 39-40 modules 1702 are all members of the same cryptographic domain
of devices C30 line 41-44 security module may be a suitable computer device
and 
the second set C32 43-44 other security modules are members of one or more 
cryptographic domains
of devices C30 line 41-44 security module may be a suitable computer device

such that each of the first set of devices and the second set of devices 
C32 39-40 modules 1702 are all members
C32 43-44 other security modules
in view of  C7 43-44 any security module having the domain key
operate in accordance with C7 33-35 efficient and secure communications
whether information is validated using cryptographic material from the root of trust.
	C7 40-50 The operator may provide any security module having the domain key the 
request, a digital signature generated based on the request and the session key and the encrypted session key, the encrypted session key encrypted under the domain key.
The security module can then use its domain key to decrypt the session key and use the decrypted session key to validate the request.
		obtained from any version of the domain trust
Fig 17 Domain Token  of the Domain Installation Request message
		base on C34 39-40 tokens change as a function of adding and subtracting modules 
the initial version of the domain trust
C34 42-58 a current domain  see  Fig 18 1800 token in view of  C36 13- C3715
Before the effective filing date, one of ordinary skill in the art would find it obvious that Security Module Operator 1710 is representative of the computing devices used by the operator to participate in the cryptographic operations of Fig 17 as suggested by Roth in C33 40- 51 wherein  although in an embodiment operator 1710 is a human operator, the operator may interact with the components of the environment through appropriate hardware such as a computing system thereby  arriving at the claimed invention of   wherein the root of trust is a computing devices.  In other words, Roth's disclosure renders obvious an embodiment wherein the suggested appropriate hardware may be considered as the claimed root of trust  as a proxy for the human operator depicted in Fig 17 1710 because one of ordinary skill in the art would understand that it is the computing device that is performing all the network communications and cryptographic operations.

As to claim 28 Roth discloses a system, comprising: 
memory C47 19-65  computer readable media
to store instructions C47 19-65  computer readable media for containing code
executable by one or more processors C47 19-65  at least one central processing unit
to cause the system Fig 17 1710 multiple non-human operators in view of C33 line 50 computer systems
to: 
issue to a device Fig 17 1702 Security Module N
a command,  Fig 17 Domain Change Request
of a first set of devices 
Fig 17 1702 Security Modules N-1…N
C32 39-40 modules 1702 are all members of the same cryptographic domain
C30 line 41-44 security module may be a suitable computer device
associated with an initial version of a domain trust, 
C34 18-22 a current installed domain
in view of Fig 18 1800 Domain token
to create an updated version of the domain trust, 
	C33 62-64 the domain change request may be a request that specifies a change to a 
    domain
			in view of  C34 51 proposed domain
wherein 
	the initial version of the domain trust
C34 18-22 a current installed domain
in view of Fig 18 1800 Domain token
	comprises
		the first set of devices
Fig 17 1702 Security Modules N-1…N
          			C36 lines 18-20 a package 1802 for each security module that is to 
be a domain member
		a fist set of quorum rules  Fig 18 1804 Domain Quorum Rules
		and a root of trust
Fig 17 1710
in view of C36 48-51 the domain sub-token 1804 may also identify one 
or more authorized operators such as a human or non-human operators such a  1704 and/or a server
in view of C34 53-55 The domain token may also include other 
information such as an identifier of the operator that requested the domain token

	the updated version Fig 20 2010  in view of  Fig 17 1710 Domain Token
of the domain trust Fig 18 1800 Domain token
	comprises
		a second set of devices
Fig 17 1702 Security Modules 1...N
C32 43-44 other security modules are members of one or more 
cryptographic domains
in view of C34 37 – 41 adding or subtracting security modules from 
the cryptographic domain
		a second set of quorum rules
			Fig 33 64-66 the security module operator may desire to change one or 
more quorum rules
		and the root of trust
Fig 17 1710
in view of C36 48-51 the domain sub-token 1804 may also identify one 
or more authorized operators such as a human or non-human operators such a  1704 and/or a server
in view of C34 53-55 The domain token may also include other 
information such as an identifier of the operator that requested the domain token

the device Fig 17 1702 Security Module N
is identified by 
C34 10-22 1702 may be configured to determine if the domain quorum rules are 
satisfied before providing a domain token in response to a request to change a domain
one or more quorum rules C34 17 domain quorum rules
of the initial version of the domain trust C34 18-22 a current installed domain
as being authorized to generate the updated version of the domain trust; and
C34 10-22 1702 may be configured to determine if the domain quorum rules are 
satisfied before providing a domain token in response to a request to change a domain


the command Fig 17 Domain Change Request
was issued with a plurality of digital signatures 
the plurality corresponding to  K-1 operators see C34 13-22  
C34 13-22 a request to change a domain includes an electronic signature for each 
operator 1710
in view of C34 line 18-22 the security module may check that the domain change request 
includes an electronic signature for each of K operators 1710
that satisfy the one or more quorum rules 
C37 2-3 a domain quorum rule may specify a minimum number of operators 
(e.g. Fig 17 1710) required
	in view of  C34 10-22 1702 may be configured to determine if the domain 
quorum rules are satisfied before providing a domain token in response to a request to change a domain
and a cryptographically verifiable digital signature, 
C7 40-45 The operator may sign requests that are submitted to any  security module.



determined by the root of trust, Fig 17 1710
that indicates the initial version of the domain trust C34 18-22 a current installed domain
is trusted 
C7 40-47 The operator may provide any security module having the  domain key the 
request

by the root of trust;
Fig 17 1710
in view of C36 48-51 the domain sub-token 1804 may also identify one 
or more authorized operators such as a human or non-human operators such a  1704 and/or a server
in view of C34 53-55 The domain token may also include other 
information such as an identifier of the operator that requested the domain token


obtain from the device Fig 17 1702 Security Module N
a response to the command Fig 17 Domain Token response message
the response comprising a token, 
C34 59-65 operator 1710 receives a domain token from the security module 1702

wherein the token C34 59-65 operator 1710 receives a domain token
comprises a set of keys C36 26 encrypted key 1808  and Domain Key(s) of 1804 in view of Fig 18
and indicates Fig 18 1802 Package 1….Package N
that the second set of devices 
C32 43-44 other security modules are members of one or more cryptographic domains
in view of C34 37 – 41 adding or subtracting security modules from the cryptographic 
         domain
in further view of C30 line 41-44 security module may be a suitable computer device
is authorized to access the set of keys; and
	C32 32-33 each security module uses the same cryptographic keys

and transmit the token to a second device of the second set of devices.
	Fig 17 Domain Ingestion Request (Domain Token)
	Claim 28 is a system command wherein the steps performed by the system are claimed as  
implemented by one or more processors

As to claim 29 Roth discloses
wherein the token Fig 18 1800
 comprises
a first key  Fig 18 1808 of Security Package N
encrypted under a first public key  
C36 27 – 30 encrypted under a public key of a public private pair 
specific to the security module.
of a first device Fig 17 1702 Security module N in view of  C32 46 One 
cryptographic module
in the first set of devices  
C32 39-40 modules 1702 are all members of the same cryptographic domain
in view of  Fig 17 Security Module 1702 1-N

and a second key  Fig 18 1808 of Security Package 1
encrypted under a second public key
C36 27 – 30 encrypted under a public key of a public private pair 
specific to the security module.
of the second device Fig 17 1702 Security module 1 in view of  C32 47 another 
security module
to the second set of devices 
C32 43-44 other security modules are members of one or more cryptographic 
     domains

 

As to claim 30 Roth discloses
wherein the token Fig 18 1800
comprises information Fig 18 1804 
indicating a set of rules Fig 18 1804 Domain Quorum Rules
to issue 
	C36 57 – 61 a domain quorum rule may be a rule that specifies a quorum of operators 
required for fulfillment of a request, such as any request whose fulfillment includes generating a domain token
a replacement token 
Fig 17 Domain Token of Domain Ingestion Request
to replace the token 
C39 24-35 the old domain key that is to be replace by the new domain key

Claim 31 is rejected on the basis previously presented in the rejection of claim 30 in view of  C34 10 -22 security modules 1702 may each be configure to enforce one or more conditions before providing a token in response to a request to change a domain…for example,  determine whether the request includes a signature for each operator…

As to claim 32
Roth discloses
	the set of keys Fig 18 1804 Domain Key(s)
	[[comprises]] symmetric cryptographic keys C8 line 26 and C12 line 50

 

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to embody the key sets of the token shown in Fig 18 1804 Domain Key(s) as symmetric cryptographic keys as suggested by Roth in C8 line 26 and C12 line 50, further yielding predictable results by combining elements previously known in the prior art to arrive at the claimed invention of:
wherein the set of keys comprises symmetric cryptographic keys



Claim 33 is rejected on the basis previously presented in the rejection of claim 25 
in view of C32 line 27 – 38 and further in view of  C32 line 51 – 57.

As to claim 34 
Roth discloses
		wherein the second device 
Fig 17 1702 Security module 1 
in view of  C32 47 another security module
in further view of C5 50-55 any security module is operable to generate the token
		issued Fig 17 'Domain Token' message
the token Fig 18 1800

As to claim 41 Roth discloses   
the one or more conditions C36 58 a rule
comprise 
a threshold number C36 59 a quorum
of distinct responses 
C36 59 operators required 
for  Fig 17 Domain Change Request and Domain Installation Request
as embodied in   Fig 17 Domain Token message representative of Token Generation, the Token including the Quorum rules as shown in Fig 18 1804, the quorum rules reflective of the required operators that signed the corresponding Fig 17 Domain Change Request 
see  C36 58-60
	a first set 
C32 39-40 modules 1702 are all members of the same cryptographic domain
in view of  Fig 17 1702 Security Module 1 ….Security Module N
in further view of  C32 36 each of the security modules 1702 
in view of  line 32 set of security modules
of devices C30 line 41-44 security module may be a suitable computer device


and each distinct response Fig 17 Domain Token message
includes 
a new version of the domain trust  C35 29-30 1702 may generate the token
cryptographically signed  
C37 15-30 1802 may include signature 1806….using the private key of [[each]] security 
module
	by a first set 
C32 39-40 modules 1702 are all members of the same cryptographic domain
in view of  Fig 17 1702 Security Module 1 ….Security Module N
in further view of  C32 36 each of the security modules 1702 
in view of  line 32 set of security modules
of devices C30 line 41-44 security module may be a suitable computer device

As to claim 42 Roth discloses   
wherein the first set of quorum rules 
Fig 18 1800 Domain token including Domain Sub-Token 1804 with Quorum Rules
comprises: 
access rules C36 58-61 a rule that specifies a quorum required to fulfill a request
governing access C36 58-61 fulfillment includes generating a domain token
by a first set 
C32 39-40 modules 1702 are all members of the same cryptographic domain
in view of  Fig 17 1702 Security Module 1 ….Security Module N
in further view of  C32 36 each of the security modules 1702 
in view of  line 32 set of security modules
of devices C30 line 41-44 security module may be a suitable computer device
to one or more resources,  C36 15-17 a token is organized as a collection if information 

and a threshold number of operators of a plurality of operators required to modify or replace the initial version of the domain trust.
C36 58-60 quorum rules reflective of the required operators that signed the 
corresponding Fig 17 Domain Change Request 

As to claim 43 Roth discloses   wherein 
the first device 
Fig 17 1702 security module N
 in view of  C32 46 one cryptographic module that is a member of the same domain as another 
security module
and the second device 
Fig 17 1702 Security module 1 in view of  C32 47 another security module
are ones of a plurality of security modules  Fig 17 1702 Security Module 1 --- Security Module N


As to claim 44 Roth discloses   wherein: the token further comprises:
token version information C5 57-62 version numbers
usable to verify a new token version against a previous token version, 
C5 62-67 to avoid conflicting domains

additional sets of cryptographic keys 
Fig 18 {KRandom}K1 --- {KRandom}KN
and  C36 66- C37 3 a valid signature for each member of a set of operators that satisfies the 
quorum rules
for one or more prior versions of the token, 
C34 15-22 the security module may check that the domain change request includes an 
electronic signature for K operators listed in the currently installed domain.

and a unique hash  Fig 18 1806
for each previous version of the token; 
C34 15-22 the security module may check that the domain change request includes an 
electronic signature for K operators listed in the currently installed domain.

and transmitting the token 
C5 25- 38 a process for putting a group of security modules into a consistent state
from the first device Fig 17 1702 security module N
to the second device Fig 17 1702 Security module 1 in view of  C32 47 another security module
is sufficient for trusted, cryptographically secure communications   
C5 43-45 to prevent unauthorized access
in view of  C7 33-35 secure communications through the used of session keys (i.e. encrypted )
between the first device and the second device.
C7 33-35 efficient and secure communications with security modules
As to claim 45 Roth discloses   wherein 
a subsequent  C26 4-5 another request that is subsequently submitted
proposal 
C34 33 proposal  
in view of  Fig 18 1802 Security Module Package 1---N
for a subsequent version C34 55 proposed version
of the domain trust C34 35 cryptographic domain
requires at least an updated threshold number  
C34 39-40 adding and subtracting security modules from the domain
of distinct responses, 
Fig 18 1802 Security Module Package 1---N of  Fig 18 1800 of Fig 17 Domain Token message

each distinct response 
Fig 18 1802 Security Module Package 1---N of  Fig 18 1800 of Fig 17 Domain Token message
of the updated threshold number 
C34 39-40 adding and subtracting security modules from the domain
including the subsequent proposal  
C34 33 proposal  
in view of  Fig 18 1802 Security Module Package 1---N
cryptographically signed 
	C37 22-25 the electronic signature of a security module package for a security module
by a different one C36 23-25 the security module package 1802 for a security module
of the second set of devices. C32 43-44 other security modules are members of one or more 



As to claim 46 Roth discloses   wherein the response to the command further comprises

verification that the plurality of digital signatures satisfy the one or more quorum rules  Fig 20 2006 YES

and that the cryptographically verifiable digital signature is signed by the root of trust.
the digital signature corresponding to  Kth operators see C34 13-22  
C34 13-22  electronic signature for K+1 operator 1710
in view of C34 13-22 an electronic signature for each of K operators 
1710 signed 
see also C7 40-42 the operator may use the session key to sign requests
in view of Fig 17 Domain Change Request


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 35 - 50 is/are rejected under 35 U.S.C. 102(1)(1) as being anticipated by Roth.

The limitations of claim 35 are not required to be implemented only by the claimed instructions on the memory.


As to claim 35 Roth discloses a non-transitory computer-readable storage medium storing instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to: 
obtain 
C34 7-10 1702 may respond to the domain change request by providing 1710 a domain token
in view of C34 59-65 operator 1710 receives a domain token from the security module 1702
a token Fig 18 1800
issued from Fig 17 Domain Token message
a first device Fig 17 1702 Security module N in view of  C32 46 One cryptographic module
as a result of
a digital signature C7 40-42 the operator may use the session key to sign requests
generated C7 40-42 the operator may use the session key to sign requests
by a root of trust 
C33 46- 51 Fig 17 1710 security module operator
indicating that an initial version of a domain trust C34 42-58 a current domain
is trusted 
C7 40-47 The operator may provide any security module having the domain key the 
   request
in view of C34 lines 10 – 22 before the domain token is issued one or more conditions 
including signature verification may be required.
by the root of trust 
C33 46- 51 Fig 17 1710 security module operator
in view of C33 46- 51 non-human operator
and 


C34 13-22 a request to change a domain includes an electronic signature for 
   each of K operators 1710
in view of C34 line 18-22 the security module may check that the domain 
change request includes an electronic signature for each of K operators 1710 
satisfying C34 13-22 signatures and operators that satisfy domain quorum rules
a set of rules, Fig 18   1804 Quorum Rules

wherein the token Fig 18 1800
is obtained 
C34 7-10 1702 may respond to the domain change request by providing 1710 a domain 
token
responsive to a command Fig 17 Domain Change Request  
to replace 
C40 63 – 65 a result of ingesting the token i.e. by updating operation parameters
in view of Fig 20 2010
the initial version of a domain trust C34 42-58 a current domain
with a second version of the domain trust C34 42-58 a proposed domain
and 
indicates C36 lines 18-20 a package 1802 for each security module that is to be a domain member
a set of devices C32 43-44 other security modules are members of one or more
authorized to access 
C36 line 27 – 36 package 1802 includes a random key encrypted using a public 
key of a PKI pair, such that the security module may decrypt the random key with its private key and then use the decrypted random key to decrypt the one or more domain keys in sub-token 1804 of Fig 18
a set of keys, 
Fig 18 1804 includes Domain Key(s)
in view of C6 28- 33 domain key common to all security modules

further wherein    the set of rules Fig 18   1804 Quorum Rules
specify one or more conditions C34 11 one or more conditions
that indicate the first device Fig 17 1702 Security module N
is authorized to generate the token 
C34 11 one or more conditions before providing a token
 and transmit the token 
C6 15-20 the coordinator forwards the token to each security module
 in view of  Fig 17 Domain Ingestion request sent to all modules 1702
to a second device Fig 17 1702 Security module1 in view of  C32 47 another security module
of the set of devices. C32 43-44 other security modules are members of one or more cryptographic domains

wherein the token Fig 18 1800
comprises
	current Fig 18 1804 Domain Key(s) encrypted under the random key see  C36 34-36
	and previous token version information Fig 18 1802 Security Module Package 1 ---Package N


As to claim 36 Roth discloses 
	wherein the token Fig 18 1804
further comprises 
the set of keys Fig 18 1804 Domain Key(s)
corresponding to the current token version information
Fig 18 1804 Domain Key(s) encrypted under the random key see  C36 34-36
and previous sets of keys 
Fig 18 {KRandom}K1 --- {KRandom}KN
and  C36 66- C37 3 a valid signature for each member of a set of operators that satisfies the 
quorum rules
corresponding to the previous token version information Fig 18 1802 Security Module Package 1

wherein the previous set of keys 
Fig 18 {KRandom}K1 --- {KRandom}KN
and  C36 66- C37 3 a valid signature for each member of a set of operators that satisfies the 
quorum rules
can include a previous set of keys for the root of trust
and  C36 66- C37 3 a valid signature for each member of a set of operators that satisfies the 
quorum rules

As to claim 37 Roth discloses 
	wherein the previous token version information Fig 18 1802 Security Module Package 1 ---Package N
	can be verified  Fig 20 2006
using a hash of C38 35 signature of the domain token
a previous token version
C34 15-22 the security module may check that the domain change request includes an 
electronic signature for K operators listed in the currently installed domain.
and the token further can further comprise 
a unique hash for each previous version of the token
	C34 15-22 the security module may check that the domain change request includes an 
electronic signature for K operators listed in the currently installed domain.
including the previous version of the token  
C34 15-22 the security module may check that the domain change request includes an 
electronic signature for K operators listed in the currently installed domain.
for the root of trust
C33 46- 51 Fig 17 1710 security module operator
in view of C33 46- 51 non-human operator

As to claim 38 Roth discloses wherein the instructions, as a result of execution by the one or more processors, further cause the computer system to 
ensure that the token is available to each device of the set of devices.
C36 lines 18-20 a package 1802 for each security module that is to be a domain member
in view of Fig 18
also see C6 28- 33 domain key common to all security modules	
 


As to claim 39 Roth discloses 
wherein the token Fig 18 1800
chains  
Fig 17, Domain tokens provided by Security Module N to root of trust 1710, sent to 1704 and then forwarded (see C6 15-20) to Security Module 1
to a root of trust  
C33 46- 51 Fig 17 1710 security module operator
in view of C33 46- 51 non-human operator
that is trusted 
	C7 33-47 The operator may use the session key to encrypt and sign requests that are submitted to 
   any security module
by the second device 
Fig 17 1702 Security module 1 in view of  C32 47 another security module
in view of    C7 33-47    any security module
in further view of  Fig 17 1702 Security Module 1

As to claim 40 Roth discloses 
	wherein the plurality of digital signatures
C34 line 13-18 request to change a domain includes an electronic signature
C34 line 18-22 the security module may check that the domain change request includes 
an electronic signature for K operators 1710
	satisfies a set of conditions
C34 line 13-17 signatures that satisfy quorum rules 
in view of Fig 20 2006
for changing the set of devices
	C34 37 – 41 adding or subtracting security modules from the cryptographic domain
in view of Fig 20 2010 wherein 'other parameters' correspond to Fig 18 1802 'packages' which 
determines domain membership

 

 
Conclusion




Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD A MCCOY whose telephone number is (313)446-6520.  The examiner can normally be reached on M - F 10 - 6.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571 272 2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/RICHARD A MCCOY/Examiner, Art Unit 2431