Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 11-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claims do not fall within at least one of the four categories of patent eligible subject matter because: 
Claim 11 is directed a system comprising “a system for providing secure communication between client devices, comprising a secure communication platform including a processing server”. However, “the secure communication platform” and/or “the processing server” are not necessarily a hardware or a device to make claim 11 as one of the four categories of patent eligible subject matter. The applicant disclosure at least describes secure communication platform in [0052] as an embodiment that includes microservices (an architecture that arranges an application as a collection of loosely coupled services) that reside in the cloud (public, private or on premises) which can be deployed inside an OEM partner's cloud or data center infrastructure. Paragraph [0073] further describes secure communication platform as configurable in [104, 153-154] as well as manageable and deployable tool in cloud web microservices using Kubernetes/Terraform. For claim 11 to be a system claim, at least one of the limitations, needs to comprise a directly and positively recited hardware element. Claims 12-20 lack to remedy the deficiencies of claim 11 and therefore claims 12-20 are also rejected for failing to fall within at least one of the four categories of patent eligible subject matter. Therefore, claims 11-20 are rejected under 35 U.S.C. 101 because the claimed invention are directed to non-statutory subject matter.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 6-7, 11-13 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Le Sain et al. (hereinafter referred to as Le Sain, US 20190014094 A1) in view of Edwards US 20170250811 A1.

As per claim 1:
Le Saint discloses a method of providing secure communication between client devices, the method comprising:
receiving a request from a from a first client device to communicate with a second client device (0021: “The term “client computer” generally refers to a computer that requests information or a service; [0117]; Figure 6: Client computers); 
generating a one-time use ephemeral key ([0031-032] A “one-time key” or “ephemeral key” refers to a key that is intended to be used only once for protecting a single transaction or other communication session (e.g., a request message or a response message) between two entities (e.g., a client computer and a server computer); a one-time key can includes a key that is generated anew for each new transaction or communication session (also referred to as an “ephemeral key”)); and
transmitting the generated one-time use ephemeral key to the first and second client devices [0031-0034; 0068-0069);
establishing a secure communication session between the first and second client devices, wherein communications between the first and second client devices are encrypted and decrypted using the one-time use ephemeral key ([0036]: A “shared secret” may include any data value or other information known only to authorized parties in a secure communication. [0038] A “secure channel” can be a channel that uses encryption to secure the communications that are sent through the channel. For example, the first computer and a second computer can communicate over a secure channel by encrypting communications for each other using a session key; [0050; 0052]); and
destroying the one-time use ephemeral key upon termination of the secure communication session between the first and second client devices ([0033]: One-time keys are typically removed at the end of a transaction or communication session. In some embodiments, however, one-time keys may be maintained for a prolonged period of time. For example, during asynchronous communication with a server computer, a client computer may send a request message but may not receive the corresponding response message for a long period of time or may receive the corresponding response message out of sequence (e.g., after receipt of a response message corresponding to a later transmitted request message). In this case, the one-time key associated with the earlier request need to be saved and used to decrypt the corresponding response message. A client computer that is communicating with multiple server computers substantially concurrently may also need to store multiple one-time private keys associated with respective transactions or communication sessions in order to decrypt the corresponding response messages. Similarly, a server computer communicating with multiple client computers also need to store multiple one-time keys associated with the respective transactions or communication sessions).
Le Sain does not explicitly disclose determining whether the first client device is permitted to communicate with the second client device; if communication is permitted to perform the above steps discloses by Le Saint using secure communication platform.  Edwards in analogous art however, discloses determining whether the first client device is permitted to communicate with the second client device; if communication is permitted to perform the above steps discloses by Le Saint by the secure communication platform ([0140] a communication device registration process 600  or may be discovered (e.g., by the request handler 210). The request handler 210 may detect that the communication device is present within the enterprise (e.g., the networks associated with the enterprise) automatically. [0141] the communication device may be enrolled (e.g., by the request handler 210); or may transmit a server authentication request to the request handler 210 and receiving a positive authorization response; [0142] the communication device may be accepted (e.g., by the request handler 210) and/or the management request handler 205 may check existing policies 115 based on the device information to determine whether the communication device has been classified in the appropriate group, whether the key orchestration device 110 may be capable of orchestrating the communication device, a combination thereof, and/or the like. [0143] the request handler 210 may provide device authentication information to the communication device. The authentication information may include configurations (e.g., credentials, passcodes, and/or the like) to access the key orchestration device 110. the request handler 210 and/or the management request handler 205 may define orchestration rules for the communication device. the commination device has been added to an orchestration registration. Subsequently, the communication device may request for encryption keys, generate encryption keys, receive approved encryption keys, and/or the like in the manner described. Such process ensures that the communication device utilizing services provided by the key orchestration device 110 may meet the operable standards of the key orchestration device 110. [0144] The key management and distribution process 700 may be implemented with communication devices registered, discovered, and/or enrolled with the key orchestration device 110).
Edwards further discloses in ([0131] The communication device 400 may be registered with a key orchestration platform to receive key orchestration services. The communication device 400 may provide an application interface 420 based configured to receive with encryption key distribution and encryption key management messages (e.g., the “allowed” message, the “denied” message, the hint, and/or the like) from the key orchestration device 110). [0193]: ephemeral policy interface interfaced with request handler 210; [0196]).
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the method of providing secure communication between client devices disclosed by Le Sain to include determining whether the first client device is permitted to communicate with the second client device; if communication is permitted to perform the above steps discloses by Le Saint using secure communication platform. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to provide system for evaluating an encryption key based on policies for a policy operation includes aggregating existing policies for evaluating  and encryption key management and distribution executing a policy replacement operation replacing at least one existing policy with at least one ephemeral policy as suggested by Edwards  (0005-0009).

As per claim 2:
Le Saint discloses generating a new one-time use ephemeral key for each subsequent secure communication session between the first and second client devices ([0034] A “one-time key pair” can include a private key and a corresponding public key, where at least one of the two keys changes for each new transaction or communication session. The key pair can be of any suitable format, such as elliptic curve (EC) based keys or RSA based keys. In an example, both the private key and the corresponding public key may be generated anew for each new transaction. Thus, the one-time key pair comprises an ephemeral private key and an ephemeral public key. In another example, a one-time key pair may comprise a static private key that remains the same for more than one transactions but obfuscated differently each time, and an ephemeral public key. In yet another example, a one-time key pair may comprise a static public key that remains the same for more than one transactions, but obfuscated differently each time, and an ephemeral private key. In some embodiments, both of the private key and the public key of the one-time key pair are static but one or both of the keys may be blinded, obfuscated, or otherwise modified differently for each new communication session by) by the secure communication platform of Edwards ([0193]: ephemeral policy interface interfaced with request handler 210; [0196]).

As per claim 3:
Le Saint discloses wherein the one-time use ephemeral key comprises a public-private key pair ([0034]).

As per claim 6:
Edwards discloses denying, by the secure communication platform, the request by the first client device if it is determined that communication is not permitted [0141-0141]: client devices not enrolled or registered is defaulted to denial ([0131]).

As per claim 7:
Le Saint discloses removing the secure communication platform from the secure communication session so that the secure communication session is directly between the first and second client devices (0037-0038: a session key for a channel or communication channel; For example, the first computer and a second computer can communicate over a secure channel by encrypting communications for each other using a session key).

As per claims 11-13 and 16-17:
Claims 11-13 and 16-17 are directed to a system for providing secure communication between client devices, comprising a secure communication platform including a processing server configured to perform the operations of corresponding limitation of claims 1-3 and 6-7 respectively and therefore claims 11-13 and 16-17, having substantially similar claimed features corresponding to claims 1-3 and 6-7, are rejected with the same rationale given above to reject claims 1-3 and 6-7 respectively.

Allowable Subject Matter
Claims 4-5, 8-10, 14-15 and 18-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and also any outstanding rejections or objections provided above have been overcome. The pertinent prior arts of record, either taken alone or in combination neither anticipates nor renders obvious the objected claims when taken as a whole together with the intervening and the independent claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior art.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TECHANE GERGISO/Primary Examiner, Art Unit 2494