DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to the communication filed on December 29, 2021 in response to the first office action on merit.

Remarks
Pending claims for reconsideration are claims 1-14. Applicant has
Amended claims 1, and 6. 

Response to Arguments
Applicant’s arguments filed on December 29, 2021 have been fully considered but they are not persuasive.
In the remarks, applicant argues in substance:
In response to argument (Page 7, Para: 1) - Examiner respectfully disagrees with applicant’s argument that “…first entity does not broadcast a message including an
encrypted session key…” regarding the independent claims 1, and 8.  Kumar discloses a first node decrypts a transmitted i.e., “broadcast” message a session key from a second entity if the location based private key i.e., a “policy key”. Note, the only node that can decrypt the message who posses the location based private key (Kumar, Para 0038).  


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-6, 8, and 10-14 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al. (U.S. Patent Application Publication No.: US 2017/0070485 A1 / or “Kumar” hereinafter) in view of Fan et al. (U.S. Patent Application Publication No.: US 2007/0234102 A1 / or “Fan” hereinafter [provided by applicant]).
	
Regarding claim 1, Kumar discloses “A method performed by a device for [identifying a network node within a network to which data will be replicated], the method comprising” (Para 0027: a method to transmit data between two nodes is disclosed): 
“encrypting a session key according to an attribute-based encryption scheme” (Para 0027: 15-21, a first entity receiving a key i.e., a “session key” from a second entity, which is encrypted by the second entity based on location information i.e., an “attribute-based encryption scheme”); 
“broadcasting a message including the encrypted session key within the network” (Para 0027: 15-21, a first entity receiving a key i.e., a “session key” from a second entity, which is encrypted by the second entity based on location information i.e., an “attribute-based encryption scheme”; and Para 0027:19-24, the received message can be decrypted by the first entity only if the location information between the entities match); 
“receiving, in response to the broadcast message, at least one response message encrypted using the session key from at least one network node within the network” (Para 0038: 34-36, a session key is in encrypting/decrypting messages);
 “and selecting a network node from the at least one network node to which data will be replicated based on the network node being capable of decrypting a broadcast message and further capable of encrypting a message using the session key” (Para 0038, communication is established between a second entity i.e., a “network node being capable of encrypting a message” and first entity if the location based-based key utilized),
“wherein a network node receiving the message comprises a policy key capable of decrypting the broadcasted message, and is further configured to generate the received at least one message encrypted using the session key decrypted using the policy key” (Para 0038:21-27, the first node is able to decrypt the encrypted message with session key from the second using the location based private key i.e., a “policy key”). 
Kumar teaches location based encrypted data communication between two nodes (Kumar: Abstract), but does not explicitly teach identifying a network for data replication.  
However, identifying a network for data replication would have been obvious (see, Fan, Para, 0045-0046, and Claim 1, and Figure 5: discloses selecting replication nodes in a network of nodes).  
	It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of identifying a network for data replication of Fan to the Location Aware Cryptography system of Kumar to implement a system where data replication is performed based on geographic location of the eligible nodes and the ordinary person skilled in the art would have been motivated to combine to facilitate data replication and reduce cost of data replication based on different characteristics of the eligible network nodes (Fan, Para 0045).

Regarding claim 2, in view of claim 1, Kumar discloses “wherein the at least one network node comprises at least one virtual machine” (Kumar, Para 0054).

Regarding claim 3, in view of claim 1, Kumar in view of Fan disclose “wherein an attribute used for encrypting the session key comprises a [geolocation policy] specifying one or more geographic locations” (Kumar, Para 0027, a location based encryption key i.e., a “session key” is generated; and Para 0029: the encryption key is encrypted before transmission; Para 0038. Note, Fan discloses policy for determining geographic locations of eligible nodes (Fan, Para, 0045-0046, and Claim 1, and Figure 5).

Regarding claim 4, in view of claim 3, Kumar in view of Fan disclose “wherein the geolocation policy identifies at least one of the one or more geographic locations as being a location where the data is allowed to be replicated” (Kumar, Para 0027, a location based encryption key i.e., a “session key” is generated; and Para 0029: the encryption key is encrypted before transmission; Para 0038, data can be decrypted. Note, Fan discloses policy for determining geographic locations of eligible nodes (Fan, Para, 0045-0046, and Claim 1, and Figure 5).

Regarding claim 5, in view of claim 3, Kumar discloses “wherein the geolocation policy identifies at least one of the one or more geographic locations as being a location where the data is not allowed to be replicated” (Kumar, Para 0027, a location based encryption key i.e., a “session key” is generated; and Para 0029: the encryption key is encrypted before transmission; Para 0038, data cannot be decrypted. Note, Fan discloses policy for determining geographic locations of eligible nodes (Fan, Para, 0045-0046, and Claim 1, and Figure 5).

Regarding claim 6, in view of claim 1, Kumar discloses “wherein further comprising: receiving a response message from a particular network node within the network other than the selected network node, the message indicating that the encrypted session key could not be decrypted by the particular network node” (Kumar, Para 0027, a location based encryption key i.e., a “session key” is generated; and Para 0029: the encryption key is encrypted before transmission; Para 0038, data cannot be decrypted).

Regarding claim 8, Kumar discloses “A method, performed by processing apparatus at a network node, for facilitating [data replication] within a network, the method comprising” (Para 0027: a method to transmit data between two nodes is disclosed):
 “receiving a message from an originating device, wherein the message includes a session key that is encrypted according to an attribute-based encryption scheme” (Para 0027: 15-21, a first entity receiving a key i.e., a “session key” from a second entity, which is encrypted by the second entity based on location information i.e., an “attribute-based encryption scheme”; and Para 0027:19-24, the received message can be decrypted by the first entity only if the location information between the entities match);
“attempting to decrypt the message using a policy key; determining whether the attempt to decrypt the message was successful” (Para 0038:21-27, the first node is able to decrypt the encrypted message with session key from the second using the location based private key i.e., a “policy key”; and Para 0029: the encryption key is encrypted before transmission; and Para 0038, decryption is possible if geolocation matches);  
“and responsive to determining that the attempt to decrypt the message was successful:
encrypting a return message with the session key” (Para 0038, a session key is in encrypting/decrypting );
 	“and transmitting the return message to the originating device to indicate a capability of decrypting the message from the originating device” (Para 00338, communication is established between a second entity i.e., a “network node being capable of encrypting a message” and first entity if the location based-based key utilized).
Kumar teaches location based encrypted data communication between two nodes (Kumar: Abstract), but does not explicitly teach identifying a network for data replication.  
However, identifying a network for data replication would have been obvious (see, Fan, Para, 0045-0046, and Claim 1, and Figure 5: discloses selecting replication nodes in a network of nodes).  
	It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of identifying a network for data replication of Fan to the Location Aware Cryptography system of Kumar to implement a system where data replication is performed based on geographic location of the eligible nodes and the ordinary person skilled in the art would have been motivated to combine to facilitate data replication and reduce cost of data replication based on different characteristics of the eligible network nodes (Fan, Para 0045).

Regarding claim 10, in view of claim 8, Kumar in view of Fan disclose “wherein an attribute used for encrypting the session key comprises a geolocation policy specifying one or more geographic locations; and wherein the policy key is specific to a geographic location in which the processing apparatus is located” (See rejection of claim 4).

Regarding claim 11, in view of claim 10, Kumar in view of Fan disclose “further comprising: identifying a key server assigned to the geographic location in which the processing apparatus is located; authenticating with the key server; and receiving the policy key from the key server” (Fig. 4; and Para 0031-0032, a module manages key for nodes).

Regarding claim 12, in view of claim 8, Kumar in view of Fan disclose “further comprising: receiving data to be replicated from the originating device; and storing the data to be replicated for later access” (Fan, Para 0030: data stored for disaster recovery).

Regarding claim 13, Kumar in view of Fan disclose “A device comprising a communications interface, a memory, and a processor configured to perform the method according to claim 1” (see rejection of claim 1, and Kumar, Para 0022: discloses device).

Regarding claim 14, Kumar in view of Fan disclose “A non-transitory machine-readable medium encoded with instructions for execution by a processor, the non-transitory machine-readable medium comprising instructions for performing the method according to claim 1” (see rejection of claim 1, and Kumar, Para 0059: discloses machine readable storage medium).

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Kumar in view of Fan and in further view of Sergio Ammirata (U.S. Patent Application Publication No.: US 2006/0206934 A1 / or “Ammirata” hereinafter).

Regarding claim 7, in view of claim 1, Kumar teaches location based encrypted data communication between two nodes (Kumar: Abstract).
Fan discloses encryption/decryption based on geographic location policy (see, Fan discloses policy for determining geographic locations of eligible nodes (Fan, Para, 0045-0046, and Claim 1, and Figure 5).  
But, Kumar and Fan failed to specially disclose reestablishing a connection to a tunnel.
However, Ammirata discloses “wherein the steps of encrypting and broadcasting are performed in response to the expiration of at least one secure tunnel within the network” (Ammirata, Para 0017, reestablished VPN tunnel with a client).
	It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of reestablishing a connection to a tunnel of Ammirata to the system of Kumar and Fan to implement a system where VPN tunnel is established between clients with expired IP address lease and the ordinary person skilled in the art would have been motivated to combine to facilitate secure communication and eliminate improper IP address assignment conflicts (Ammirata, Para 0020).
Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Kumar in view of Fan and in further view of El Gamal et al.  (U.S. Patent Application Publication No.: US 2013/0202111 A1 / or “El Gamal” hereinafter).

Regarding claim 9, in view of claim 8, Kumar teaches location based encrypted data communication between two nodes (Kumar: Abstract).
Fan discloses encryption/decryption based on geographic location policy (see, Fan discloses policy for determining geographic locations of eligible nodes (Fan, Para, 0045-0046, and Claim 1, and Figure 5).  
But, Kumar and Fan failed to specially disclose transmitting a message to inform that a message decryption is unsuccessful.
However, El Gamal discloses “further comprising: responsive to determining that the attempt to decrypt the message was unsuccessful: transmitting, to the originating device, an indication that decryption was unsuccessful” (El Gamal, Claim 11).
	It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of transmitting a message to inform that a message decryption is unsuccessful of El Gamal to the system of Kumar and Fan to implement a system where the unsuccessful decryption message would inform the sender to take appropriate action and the ordinary person skilled in the art would have been motivated to combine to facilitate network communication.



Relevant Prior Arts
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
CN 104168108 A discloses “…the new public key encryption method with identity based encryption method (IBE, Identity-based Encryption) and attribute-based broadcast encryption method (ABE, Attribute-based Encryption). The main characteristic of identity based encryption method is public key of the decryption of encrypted data is the identity, such as an identity document number, telephone number or email address. encrypting the data in encryption, it needs to know the identity information of the opposite party can be the next encryption work…” [0008].

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is         (571) 270-3392.  The examiner can normally be reached on 8 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ABDULLAH ALMAMUN/Examiner, Art Unit 2431                                                                                                                                                                                                        
/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431