Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement filed 1/12/2021 fails to comply with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609 because Non-Patent Literature citation No. 4 is lacking a date.  It has been placed in the application file, but the information referred to therein has not been considered as to the merits.  Applicant is advised that the date of any re-submission of any item of information contained in this information disclosure statement or the submission of any missing element(s) will be the date of submission for purposes of determining compliance with the requirements based on the time of filing the statement, including all certification requirements for statements under 37 CFR 1.97(e).  See MPEP § 609.05(a).
The information disclosure statement filed 1/31/2021 fails to comply with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609 because Non-Patent Literature citation No. 2 is lacking a date.  It has been placed in the application file, but the information referred to therein has not been considered as to the merits.  Applicant is advised that the date of any re-submission of any item of information contained in this information disclosure statement or the submission of any missing element(s) will be the date of submission for purposes of determining compliance with the requirements based on the time of filing the statement, including all certification requirements for statements under 37 CFR 1.97(e).  See MPEP § 609.05(a).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6, 7, 9-12, and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Nix” (US 2021/0218560) in view of “Tormasov” (US 8572370).

Regarding Claim 1:
Nix teaches:
A method comprising: 
obtaining, by a first computing device, an asymmetric key pair comprising a public asymmetric key and a private asymmetric key (¶0021, “After power up and/or connecting with the IP network, the device can use the random number generator, the cryptographic parameters, and the key pair generation algorithm to derive a device ephemeral private key and a device ephemeral public key”); 
establishing, by the first computing device, a symmetric key (¶0021, “The output from the ECDH key exchange can comprise a shared secret or point X3. The device can derive a symmetric ciphering key using shared secret X3 and a key derivation function”) using a key establishment service (Fig. 1a depicts the device 103 utilizing a public key 102a of a key server (corresponding to private key 102b) in establishing of a symmetric key; Fig. 2a details the usage of a Key Server 102 required to establish a symmetric key in server 101 corresponding to the symmetric key generated in the device), wherein the symmetric key is established in view of the private asymmetric key of the first computing device (¶0021, “The device can conduct a first ECDH key exchange using the … device ephemeral private key…”) and a public asymmetric key of the key establishment service (¶0021, “The device can conduct a first ECDH key exchange using … the network static public key”; ¶0061, “Thus, using the notation described in the previous three sentences, the corresponding private key for network static public key Sn 102a can comprise network static private key ss 102b”; ¶0077, “As depicted in FIG. 1a, key server 102 can include a key server identity 102i, a set of cryptographic parameters 104, a network static private key sn 102b”; i.e., the network static public key is the associated public key to the network static private key of the key server 102, as further shown in Fig. 1a as elements 102a and 102b); 
transmitting, by the first computing device, sensitive data encrypted using the symmetric key to a persistent storage device (¶0094, “OS 101g could also record and operate a decryption step 221…” & Fig. 2e depicts Step 221 containing the ciphertext data 209b; ¶0174, “Server 101 can then record, operate with, and store data read from the decrypted plaintext in message 299”; i.e., store the ciphertext data and the sensitive data in a storage device of the server) accessible to a second computing device (¶0021, “The device can send … the first ciphertext … to the server in a first message…”; ¶0029, “The server can then use a decryption step with the symmetric ciphering key in order to read plaintext form the first ciphertext received in the first message from the device … The plaintext from the first message can comprise a first random number generated by the device and also optionally include device data”l i.e., access the sensitive data via a decryption step utilizing the established symmetric key shared between the device and the server); 
…
providing, by the first computing device, the public asymmetric key and the location data to the second computing device (¶0021, “The device can send the device ephemeral public key … identification information … to the server in a first message …”; i.e., transmit, from the device to the server, the device public key and identification information (containing location information for a key server) within a first message), wherein the location data corresponds to the key establishment service (¶0024, “In order to select a key server, the server could use several different methods based on the identifying information from of the device in the first message. The identifying information from the first message for the device used to select a key server could comprise … a particular URL or IP address and port number as a destination address is mapped to a particular key server”).
Nix does not disclose:
initiating, by the first computing device, a creation of an execution environment on the second computing device; and 
Tormasov teaches:
initiating, by the first computing device (Fig. 4, element 20), a creation of an execution environment on the second computing device (Fig. 4, element 103; Col. 5, lines 3-16, “The Virtual Environment 102 are generally created by users, or activated upon user request, and typically can include a system software, various user applications, and so on … Once the Virtual Environment is created, the Virtual Environment can be located in the repository 103”; Col. 5, lines 33-35, “The repository 103 can also be implemented as a centralized data storage, to which the user has access… through a known network address or over a network”); and 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Nix’s key exchange system by enhancing Nix’s network server to provide enhanced services for a client device, such as virtualized storage environments, as taught by Tormasov, in order to offload processing and storage needs of the client device.
	The motivation is to implement a virtualized storage environment on a server device that provides additional storage and processing functionality to a client device, where the implementation adds no further authentication processes after an initial key creation is performed (Tormasov, Col. 9, lines 37-45 & lines 52-57).

Regarding Claim 2:
The method of claim 1, wherein Nix in view of Tormasov further teaches the symmetric key is derived using asymmetric keys of different computing devices (Nix, Figure 2c, elements 204 and 205 detail two pairs of asymmetric keys on a client device used to derive the symmetric ciphering key; Figure 2d, element 101b details a private server key (of an asymmetric key pair) used to derive a shared secret 218a and ultimately the symmetric key as shown in element 219 using the shared secret 218a), and wherein the first computing device derives the symmetric key in view of the private asymmetric key of the first computing device (Nix, Figure 2c, element 103d, is a private ephemeral key of the device used to derive the symmetric key 206a) and the public asymmetric key of the key establishment service (Nix, Figure 2c, element 201a, is the network static public key of the key server) that is executing on a third computing device (Nix, Figure 1a, element 102; Figure 2a, element 102), and wherein the second computing device derives the symmetric key in view of the public asymmetric key of the first computing device (Nix, Figure 2d, element 219, details how in the point X0 can be defined via (Ed 103a + Sd 103c), where Ed 103a is the ephemeral public key and 103c is the static public key of the device) and the private asymmetric key of the third computing device (Nix, Figure 2d, element 216 details a network static private key, element 102b, being used to generate shared secret 216a which is then used in element 219 to derive the symmetric key).

Regarding Claim 3:
The method of claim 1, wherein Nix in view of Tormasov further teaches initiating the creation of the execution environment comprises the first computing device initiating the creation of one or more of a virtual machine, a container, or a trusted execution environment on the second computing device (Tormasov, Col. 5, lines 3-16, “The Virtual Environment 102 are generally created by users, or activated upon user request, and typically can include a system software, various user applications, and so on…”), and wherein the sensitive data comprises configuration data for the virtual machine, the container, or the trusted execution environment (Tormasov, Col. 11, Claim 1 - “(ii) on the client, selecting plaintext data to be stored on the shared storage”, “(iv) encrypting the plaintext data into cyphertext data…”, “(v) storing the cyphertext data on the shared storage”, and “(i) running a server program that utilizes the cyphertext data and the server data and communicates with the client program using the cyphertext data” & Col. 12, Claim 7 - “the client initiates a virtual environment on the server side using the cyphertext data from the shared storage”; i.e., claims 1 and 7 disclose a client device encrypting sensitive data, sending the encrypted sensitive data to a virtual execution environment at a server device, and initiating the virtual execution environment using the encrypted sensitive data. Here, the examiner interprets “cyphertext data” as being “sensitive data” comprising “configuration data” by virtue of its usage in initiating the virtual environment at the server device). 
The motivation to combine Tormasov to Nix in disclosing the limitations of claim 3 is the same motivation applied to the combination of Tormasov and Nix in the rejection of claim 1 above.

Regarding Claim 4:
The method of claim 2, wherein Nix in view of Tormasov further teaches the first computing device, the second computing device, and the third computing device each include cryptographic key data used to derive the symmetric key without persistently storing the symmetric key (Nix, Figure 1a details the Device 103, Server 101, and Key Server 102 storing respective keys that are later utilized in generating a symmetric key, but without the symmetric key being presently stored).

Regarding Claim 6:
The method of claim 2, wherein Nix in view of Tormasov further teaches the location data comprises a network address of the key establishment service executing on the third computing device (Nix, ¶0024, “In order to select a key server, the server could use several different methods based on the identifying information from of the device in the first message. The identifying information from the first message for the device used to select a key server could comprise … a particular URL or IP address and port number as a destination address is mapped to a particular key server”), and wherein the key establishment service comprises a private asymmetric key used to establish the symmetric key (Nix, Figure 1a, element 102b is a private asymmetric key of the key server used to establish a symmetric key between the device 103 and server 101).

Regarding Claim 7:
The method of claim 1, wherein Nix in view of Tormasov further teaches establishing, by the first computing device, the symmetric key using the key establishment service comprises: 
generating, by the first computing device, the asymmetric key pair comprising the public asymmetric key and the private asymmetric key (Nix, ¶0021, “After power up and/or connecting with the IP network, the device can use the random number generator, the cryptographic parameters, and the key pair generation algorithm to derive a device ephemeral private key and a device ephemeral public key”); 
receiving, by the first computing device, the public asymmetric key of the key establishment service (Nix, ¶0062, “For embodiments where public keys Sn 102a and Ss 101a are recorded in volatile memory, device 103 could obtain keys 102a and 101a from a different server than server 101 for network 105 before sending data 106, such as device 103 obtaining keys 102a and/or via a secure session from a different server before sending data 106”; i.e., receive the public asymmetric key 102a of the key server at the device); and 
deriving, by the first computing device, the symmetric key from the public asymmetric key of the key establishment service and the private asymmetric key of the first computing device (Nix, ¶0021, “The output from the ECDH key exchange can comprise a shared secret or point X3. The device can derive a symmetric ciphering key using shared secret X3 and a key derivation function”; Figure 2c further details that symmetric key 206a is derived from shared secret X3).

Regarding Claims 9-12 and 14:
System claims 9-12 and 14 correspond to respective method claims 1-4 and 7 and contain no further limitations. Thus, claims 9-12 and 14 are each rejected by applying the same rationale used to reject claims 1-4 and 7, respectively.


Claims 5 and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Nix” (US 2021/0218560) in view of “Tormasov” (US 8572370) in further view of “Jones” (US 2014/0052989).

Regarding Claim 5:
Nix in view of Tormasov teaches:
The method of claim 2, 
Nix in view of Tormasov does not disclose:
… further comprising, deleting all instances of the symmetric key and all instances of the private asymmetric key used to derive the symmetric key, wherein the public asymmetric key of the first computing device and the private asymmetric key of the third computing device remain.
Jones teaches:
… further comprising, deleting all instances of the symmetric key and all instances of the private asymmetric key used to derive the symmetric key (¶0053, “… the client devices (such as the sender 102 and the receiver 104) are configured to allow for complete erasure or “zeroization” of all the keys sent or received by any user (sender 102, receiver 104…) …”), wherein the public asymmetric key of the first computing device and the private asymmetric key of the third computing device remain (Claim 8 - “The receiving device … delete the symmetric key…”; Claim 13 - “The sending deice … delete the private key and the symmetric key…”; i.e., delete only the private key of a sender device (the client 103 of Nix) and all instances of the symmetric key on the sender device and a receiver device (the server 101 of Nix)). 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Nix in view of Tormasov’s key exchange system by enhancing Nix in view of Tormasov’s client and server to delete respective private and symmetric keys, as taught by Jones, in order to prevent the keys from being leaked to an unauthorized entity.
	The motivation is to provide a method that deletes secure keys from a sender and receiver device in case of loss or compromise of either device (Jones, ¶0053), thus enhancing the security of a key exchange system.

Regarding Claim 13:
System claim 13 corresponds to method claim 5 and contains no further limitations. Therefore claim 13 is rejected by applying the same rationale used to reject claim 5 above.

Claims 15-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Nix” (US 2021/0218560) in view of “Sovio” (US 2020/0374112) in further view of “Tormasov” (US 8572370).

Regarding Claim 15:
Nix teaches:
A non-transitory machine-readable storage medium storing instructions which, when executed, cause a processing device to perform operations comprising: 
generating, by a first computing device, … and an asymmetric key pair, the asymmetric key pair comprising a public asymmetric key and a private asymmetric key (¶0021, “After power up and/or connecting with the IP network, the device can use the random number generator, the cryptographic parameters, and the key pair generation algorithm to derive a device ephemeral private key and a device ephemeral public key”); 
establishing, by the first computing device, a second symmetric key (¶0021, “The output from the ECDH key exchange can comprise a shared secret or point X3. The device can derive a symmetric ciphering key using shared secret X3 and a key derivation function”) using a key establishment service (Fig. 1a depicts the device 103 utilizing a public key 102a of a key server (corresponding to private key 102b) in establishing of a symmetric key; Fig. 2a details the usage of a Key Server 102 required to establish a symmetric key in server 101 corresponding to the symmetric key generated in the device), wherein the second symmetric key is established in view of the private asymmetric key of the first computing device (¶0021, “The device can conduct a first ECDH key exchange using the … device ephemeral private key…”) and a public asymmetric key of the key establishment service (¶0021, “The device can conduct a first ECDH key exchange using … the network static public key”; ¶0061, “Thus, using the notation described in the previous three sentences, the corresponding private key for network static public key Sn 102a can comprise network static private key ss 102b”; ¶0077, “As depicted in FIG. 1a, key server 102 can include a key server identity 102i, a set of cryptographic parameters 104, a network static private key sn 102b”; i.e., the network static public key is the associated public key to the network static private key of the key server 102, as further shown in Fig. 1a as elements 102a and 102b); 
…
transmitting, by the first computing device, the encrypted sensitive data to a persistent storage device (¶0094, “OS 101g could also record and operate a decryption step 221…” & Fig. 2e depicts Step 221 containing the ciphertext data 209b; ¶0174, “Server 101 can then record, operate with, and store data read from the decrypted plaintext in message 299”; i.e., store the ciphertext data and the sensitive data in a storage device of the server) accessible to the second computing device (¶0021, “The device can send … the first ciphertext … to the server in a first message…”; ¶0029, “The server can then use a decryption step with the symmetric ciphering key in order to read plaintext form the first ciphertext received in the first message from the device … The plaintext from the first message can comprise a first random number generated by the device and also optionally include device data”; i.e., access the sensitive data via a decryption step utilizing the established symmetric key shared between the device and the server); and 
providing, by the first computing device, the public asymmetric key and location data to the second computing device to enable the second computing device to access the sensitive data (¶0021, “The device can send the device ephemeral public key … identification information … to the server in a first message …”; i.e., transmit, from the device to the server, the device public key and identification information (containing location information for a key server) within a first message), wherein the location data corresponds to the key establishment service (¶0024, “In order to select a key server, the server could use several different methods based on the identifying information from of the device in the first message. The identifying information from the first message for the device used to select a key server could comprise … a particular URL or IP address and port number as a destination address is mapped to a particular key server”).
Nix does not disclose:
generating, by a first computing device, a first symmetric key…
encrypting, by the first computing device, sensitive data and the first symmetric key, wherein the sensitive data is encrypted using the first symmetric key and the first symmetric key is encrypted using the second symmetric key; 
initiating, by the first computing device, a creation of an execution environment on the second computing device; and 
Sovio teaches:
generating, by a first computing device, a first symmetric key (¶0086, “the processor 102b is configured to randomly generate a third symmetric cryptographic key (or in other words, a shared key encryption key, KEK)”)…
encrypting, by the first computing device, sensitive data (¶0087) and the first symmetric key (¶0088), wherein the sensitive data is encrypted using the first symmetric key (¶0087, “… the processor 102b is configured to encrypt the data to be provisioned to the client device 110b with the randomly generated third symmetric cryptographic key KEK”) and the first symmetric key is encrypted using the second symmetric key (¶0088, “The processor 102b is configured to use the second symmetric cryptographic key PSK to encrypt the third symmetric cryptographic key KEK after its use to encrypt the data to be provisioned”); 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Nix’s key exchange system by enhancing Nix’s client device to utilize a key encryption key protect an encryption key used to encrypt sensitive data prior to transmission to another device, as taught by Sovio, in order to encrypt the data such that only the other device is able to decrypt the data.
	The motivation is to implement a data transmission process that involves a key encryption key scheme of a symmetric key and data encrypted with the symmetric key in order to establish a security protocol where only a designated device is capable of decrypting the data (Sovio, ¶0004, “… so that only the target client device is able to decrypt the data”).
Nix in view of Sovio does not disclose:
initiating, by the first computing device, a creation of an execution environment on the second computing device; and 
Tormasov teaches:
initiating, by the first computing device (Fig. 4, element 20), a creation of an execution environment on the second computing device (Fig. 4, element 103; Col. 5, lines 3-16, “The Virtual Environment 102 are generally created by users, or activated upon user request, and typically can include a system software, various user applications, and so on … Once the Virtual Environment is created, the Virtual Environment can be located in the repository 103”; Col. 5, lines 33-35, “The repository 103 can also be implemented as a centralized data storage, to which the user has access… through a known network address or over a network”); and 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Nix in view of Sovio’s key exchange system by enhancing Nix in view of Sovio’s network server to provide enhanced services for a client device, such as virtualized storage environments, as taught by Tormasov, in order to offload processing and storage needs of the client device.
	The motivation is to implement a virtualized storage environment on a server device that provides additional storage and processing functionality to a client device, where the implementation adds no further authentication processes after an initial key creation is performed (Tormasov, Col. 9, lines 37-45 & lines 52-57).

Regarding Claim 16:
The non-transitory machine-readable storage medium of claim 15, wherein Nix in view of Sovio in further view of Tormasov further teaches the first symmetric key is an encryption key (Sovio, ¶0087, “… the processor 102b is configured to encrypt the data to be provisioned to the client device 110b with the randomly generated third symmetric cryptographic key KEK”; i.e., the third symmetric key is used as an encryption key of the data) and the second symmetric key is a key encryption key (KEK) (Sovio, ¶0088, “The processor 102b is configured to use the second symmetric cryptographic key PSK to encrypt the third symmetric cryptographic key KEK after its use to encrypt the data to be provisioned”; i.e., the second symmetric key is used to encrypt the third encryption key, and is thus also “Key Encryption key”).
The motivation to combine Sovio to Nix to reject claim 16 is the same motivation used in combining Sovio to Nix in the rejection of claim 15 above.

Regarding Claim 17:
The non-transitory machine-readable storage medium of claim 15, wherein Nix in view of Sovio in further view of Tormasov further teaches initiating the creation of the execution environment comprises the first computing device initiating the creation of one or more of a virtual machine, a container, or a trusted execution environment on the second computing device (Tormasov, Col. 5, lines 3-16, “The Virtual Environment 102 are generally created by users, or activated upon user request, and typically can include a system software, various user applications, and so on…”), and wherein the sensitive data comprises configuration data for the virtual machine, the container, or the trusted execution environment (Tormasov, Col. 11, Claim 1 - “(ii) on the client, selecting plaintext data to be stored on the shared storage”, “(iv) encrypting the plaintext data into cyphertext data…”, “(v) storing the cyphertext data on the shared storage”, and “(i) running a server program that utilizes the cyphertext data and the server data and communicates with the client program using the cyphertext data” & Col. 12, Claim 7 - “the client initiates a virtual environment on the server side using the cyphertext data from the shared storage”; i.e., claims 1 and 7 disclose a client device encrypting sensitive data, sending the encrypted sensitive data to a virtual execution environment at a server device, and initiating the virtual execution environment using the encrypted sensitive data. Here, the examiner interprets “cyphertext data” as being “sensitive data” comprising “configuration data” by virtue of its usage in initiating the virtual environment at the server device).
The motivation to combine Tormasov to Nix in view of Sovio in disclosing the limitations of claim 17 is the same motivation applied to the combination of Tormasov and Nix in view of Sovio in the rejection of claim 15 above.

Regarding Claim 18:
The non-transitory machine-readable storage medium of claim 15, wherein Nix in view of Sovio in further view of Tormasov further teaches the second symmetric key is derived using asymmetric keys of different computing devices (Nix, Figure 2c, elements 204 and 205 detail two pairs of asymmetric keys on a client device used to derive the symmetric ciphering key; Figure 2d, element 101b details a private server key (of an asymmetric key pair) used to derive a shared secret 218a and ultimately the symmetric key as shown in element 219 using the shared secret 218a), and wherein the first computing device derives the second symmetric key in view of the private asymmetric key of the first computing device (Nix, Figure 2c, element 103d, is a private ephemeral key of the device used to derive the symmetric key 206a) and the public asymmetric key of the key establishment service (Nix, Figure 2c, element 201a, is the network static public key of the key server) that is executing on a third computing device  (Nix, Figure 1a, element 102; Figure 2a, element 102), and wherein the second computing device derives the second symmetric key in view of the public asymmetric key of the first computing device (Nix, Figure 2d, element 219, details how in the point X0 can be defined via (Ed 103a + Sd 103c), where Ed 103a is the ephemeral public key and 103c is the static public key of the device) and the private asymmetric key of the third computing device (Nix, Figure 2d, element 216 details a network static private key, element 102b, being used to generate shared secret 216a which is then used in element 219 to derive the symmetric key).

Regarding Claim 19:
The non-transitory machine-readable storage medium of claim 18, wherein Nix in view of Sovio in further view of Tormasov further teaches the location data comprises a network address of the key establishment service executing on the third computing device (Nix, ¶0024, “In order to select a key server, the server could use several different methods based on the identifying information from of the device in the first message. The identifying information from the first message for the device used to select a key server could comprise … a particular URL or IP address and port number as a destination address is mapped to a particular key server”), and wherein the key establishment service comprises a private asymmetric key used to establish the second symmetric key (Nix, Figure 1a, element 102b is a private asymmetric key of the key server used to establish a symmetric key between the device 103 and server 101).

Claim 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Nix” (US 2021/0218560) in view of “Sovio” (US 2020/0374112) in view of “Tormasov” (US 8572370) in further view of “Jones” (US 2014/0052989).

Regarding Claim 20:
Nix in view of Sovio in further view of Tormasov teaches:
The non-transitory machine-readable storage medium of claim 18, …
Nix in view of Sovio in further view of Tormasov does not disclose:
… further comprising, deleting all instances of the second symmetric key and all instances of the private asymmetric key used to derive the second symmetric key, wherein the public asymmetric key of the first computing device and the private asymmetric key of the third computing device remain.
Jones teaches:
… further comprising, deleting all instances of the symmetric key and all instances of the private asymmetric key used to derive the symmetric key (¶0053, “… the client devices (such as the sender 102 and the receiver 104) are configured to allow for complete erasure or “zeroization” of all the keys sent or received by any user (sender 102, receiver 104…) …”), wherein the public asymmetric key of the first computing device and the private asymmetric key of the third computing device remain (Claim 8 - “The receiving device … delete the symmetric key…”; Claim 13 - “The sending deice … delete the private key and the symmetric key…”; i.e., delete only the private key of a sender device (the client 103 of Nix) and all instances of the symmetric key on the sender device and a receiver device (the server 101 of Nix)). 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Nix in view of Sovio in further view of Tormasov’s key exchange system by enhancing Nix in view of Sovio in further view of Tormasov’s client and server to delete respective private and symmetric keys, as taught by Jones, in order to prevent the keys from being leaked to an unauthorized entity.
	The motivation is to provide a method that deletes secure keys from a sender and receiver device in case of loss or compromise of either device (Jones, ¶0053), thus enhancing the security of a key exchange system.

Allowable Subject Matter
Claim 8 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  The cited art of record does not fairly teach or suggest, either individually or in combination, the subject matter recited within claim 8 when considered in view of the subject matter recited by claim 1.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329.  The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491