ALLOWABILITY NOTICE
The following claims are pending in this office action: 1-19, and 21
The following claims are amended: 11 and 12
The following claims are new: -
The following claims are cancelled: 20
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with attorney of record David R. Stevens on 05/13/2022.
1.	(Previously Presented) A method of encrypting data exchange over a computer network, the method comprising:
composing, by a first computer, a first outgoing message in a first format, the first format including, a first portion defined to contribute to derivation of a first keying material, a second portion enabling detection and validation of the first portion, and a forwarding address;
composing, by the first computer, a second outgoing message in a second format, the second format being defined to contribute to derivation of a second keying material, wherein composing the second outgoing message includes embedding the first portion and the second portion into content of the second outgoing message while preserving the second format of the second outgoing message;
sending, by the first computer to a second computer over the computer network at a first address different from the forwarding address, the second outgoing message containing the first portion and the second portion of the first outgoing message;
receiving, by the first computer from the second computer over the computer network, at least one incoming message containing data in at least one third format, the at least one third format being defined to contribute to derivation of the first keying material and being received by the second computer from the forwarding address;
deriving the first keying material while using the first portion of the first outgoing message and the data in the at least one third format as two of a plurality of first inputs; and
sending, by the first computer to the second computer over the computer network, data encrypted using the first keying material.

2.	(Previously Presented) The method of claim 1, wherein embedding the first portion and the second portion of the first outgoing message into the content of the second outgoing message while preserving the second format comprises including the first portion and the second portion of the first outgoing message inside at least one data field of the second outgoing message.

3.	(Previously Presented) The method of claim 1, where the second format is defined in accordance with Transport Level Security (TLS) protocol, while the second outgoing message is a message according to TLS protocol selected from a group consisting of Client Hello, Client Finished, Server Hello and Server Finished.

4.	(Previously Presented) The method of claim 3, wherein the first portion and the second portion of the first outgoing message is embedded into at least one field of the second outgoing message selected from a group consisting of Client Random, Server Random, Session ID and Session Ticket.

5.	(Previously Presented) The method of claim 1, wherein the first portion includes a value derived from only one coordinate of an elliptic curve point, without including a value derived from another coordinate of the elliptic curve point.

6.	(Previously Presented) The method of claim 1, wherein the first keying material is derived only from the first portion in the first outgoing message and the data in the at least one third format, while a size of the first outgoing message does not exceed 32 bytes.

7.	(Previously Presented) The method of claim 1, wherein the second outgoing message comprises a session resumption message and embedding the first portion and the second portion of the first outgoing message comprises including the first portion and the second portion of the first outgoing message in place of the session resumption message. 

8.	(Previously Presented) The method of claim 1, further comprising:
 receiving, by the first computer, an incoming message containing data in at least one fourth format, the at least one fourth format being defined to contribute to derivation of the second keying material.

9.	(Original) The method of claim 8, where the data in the at least one third format and the data in the at least one fourth format are both received in the incoming message.

10.	(Previously Presented) The method of claim 8, further comprising, after receiving the data in the at least one fourth format: 
deriving, by the first computer, the second keying material while using the first portion of the first outgoing message and the data in the at least one fourth format as two of a plurality of second inputs; 
sending, by the first computer to the second computer over the computer network, data encrypted using the second keying material;
sending, by the first computer to the second computer over the computer network, the data encrypted using the first keying material, wherein the data encrypted using the first keying material is forwarded by the second computer to a third computer, different from the second computer.

11.	(Currently Amended) A method of encrypting data exchange over a computer network, the method comprising: 
receiving, by a first computer from a second computer over the computer network, at least one incoming message containing a first data in a first format, the first format being defined to contribute to derivation of a first keying material, and a second data in a second format, the second format including a first portion defined to contribute to derivation of a second keying material, a second portion enabling detection and validation of the first portion, and a forwarding address, wherein the second data in the second format is included as a part of the first data in the first format;
extracting, by the first computer, at least part of the second data from the first data;
transmitting, by the first computer, the at least the part of the second data to the forwarding address;
receiving, by the first computer from the forwarding address, the second keying material:
transmitting, by the first computer, the second keying material to the second computer over the computer network:
receiving, by the first computer, packets encrypted using the second keying material; and
passing, by the first computer, the packets encrypted using the second keying material to the forwarding address without decrypting the packets.

12.	 (Currently Amended) The method of claim 11, further comprising: 
composing, by the first computer, at least one outgoing message with a third data in a third format, the third format being defined to contribute to derivation of the second keying material; 
sending, by the first computer to the second computer over the computer network, the at least one outgoing message with the third data; and
receiving, by the first computer from the second computer, fourth data encrypted using the second keying material.

13.	(Previously Presented) The method of claim 11, where the first format is defined in accordance with Transport Level Security (TLS) protocol, while the at least one incoming message is selected from a group consisting of messages according to the TLS protocol including Client Hello, Client Finished, Server Hello and Server Finished.

14.	(Previously Presented) The method of claim 13, wherein the first data is included as at least part of a field selected from a group consisting of Client Random, Server Random, Session ID and Session Ticket.

15.	(Previously Presented) The method of claim 12, wherein each of the first portion and the third data include values derived from only one coordinate of an elliptic curve point, without including a value derived from another coordinate of the elliptic curve point.

16.	(Original) The method of claim 12, wherein the second keying material is derived only from the second and the third data, while the size of both the second and the third data does not exceed 32 bytes.

17.	(Previously Presented) The method of claim 11, wherein the first data comprises a session resumption data, further comprising:
extracting, by the first computer, at least part of the second data from the first data without using the first data for session resumption.

18.	(Previously Presented) The method of claim 11, further comprising:
deriving, by the first computer, the first keying material while using at least part of the first data as one of inputs used to derive the first keying material; and
sending, by the first computer to the second computer over the computer network, data encrypted using the first keying material in addition to the first data encrypted using the second keying material.

19.	(Previously Presented) The method of claim 11, further comprising:
deriving the second keying material on a third computer at the forwarding address without deriving the second keying material on the second computer.

20.	(Cancelled) 

21.	(Previously Presented) The method of claim 19, wherein transmitting, by the first computer, the at least the part of the second data to the forwarding address comprises:
sending the at least the part of the second data to the third computer without providing an address of the second computer to the third computer such that privacy of the second computer is preserved.
Reasons for Allowance
Claims 1-19, and 21 are allowed.  
The following is an examiner’s statement of reasons for allowance:  The cited prior art references, do not alone or in combination teach the recited features of the independent claims 1 and 11.  In this case, the allowance is based on the combination of the recited steps and the features of the recited steps, which distinguish the claimed invention from the prior art.  For example, the independent claims all require a message that provides a forwarding address which contributes to a precursor to the master secret of the TLS protocol:
1) a first format including a portion contributing to keying material, a second portion enabling detection and validation of the first portion, and a forwarding address (for example, see claim 1, ln. 3-5; and claim 11, ln. 6-7 of amended claims above); and 
2) providing different data corresponding to the keying material from the forwarded address (for example, see claim 1, ln. 11-17; and claim 11, ln. 13 of amended claims above)
In particular, the searched prior art does not describe receiving or transmitting a message that contains the forwarding address, where the client requests its public values from a key server by way of the secure session server, and where the client provides the address of the key server to the secure session server along with its Diffie Hellman private value (see page 11 of Applicant’s Arguments/Remarks dated 03/28/2022)

Pahl et al. (US Patent No. 8,966,267) teaches a method of establishing a securing communication session using a TLS handshake involving Elliptic Curve Diffie-Hellman Key Exchange, a key server that provides private keys, but does not clearly describe incorporating cryptographic information included in a previously existing section of a handshake protocol or incorporating a forwarding address to a third party that provides Diffie-Hellman Key Exchange values. 
Willock et al. (US Patent No. 8,542,825) teaches embedding content into a message, but does not teach embedding a forwarding address for a third party that provides Diffie-Hellman Key Exchange values.   
Mathison et al. (US Pub. 2019/0268808) teaches inserting a data enabling detection and validation of other data in a message, but does not teach including the forwarding address for a third party to provide the Diffie-Hellman Key Exchange values.  
Higuchi et al. (JP Pub. 2012-100206) discloses a relay for providing a Diffie-Hellman public value used for Diffie-Hellman Key Exchange (see abstract), but requires registration with the third party instead of providing the address of the relay in the message sent between the parties (see para. 0056 and Fig. 3 of the drawings where the registration process is steps 301-308).  
Similarly, Srivastava (US Patent No. 7,181,014) describes storing a public value using a key distribution center (forwarding computer) and communicating the values to other nodes (first/second computers).  However, it is not disclosed that the public value is shared by the distribution center (see col. 5, ln. 49-51), and instead, is shared directly from one of the participating nodes (see col. 8, ln. 57-62).  
Malina et al. (WIPO Pub. WO2009/018512) discloses a KEYSER VER DEF variable in a modified ServerKeyExchange message for a forwarding address for a key server (see para. 0069).  However, it does not disclose that requesting the public values from the key server, and furthermore, the message is not provided by the client (first computer in claim 1 and second computer in claim 11 – see para. 0069 where the server transmits the modified ServerKey Exchange message to the client).  
	Badra et al., Extending TLS to secure Multihost Application Exchanges, 2012 IEEE 23rd International Symposium on Personal, Indoor and Mobile Radio Communications – (PIMRC), September, 1, 2012, pg. 2500-2505, discloses that the common method for extending TLS protocol to securely exchange data between multiple nodes (such as in a VPN) is using a mesh network that uses RSA or using a tripartite Diffie Hellman Algorithm.  Furthermore, although a Host Identifier is included in the client hello (first computer), it is a list of the identifiers of the computers which will be involved in the session, and so does not correspond to the forwarding address of the instant application.  
These along with the other recited features of independent claims 1 and 11 and their dependent claims make the claimed inventions allowable over the prior arts of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/Z.L./Examiner, Art Unit 2493                   

/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493