DETAILED ACTION
This Reasons for Allowance is in response to applicants’ amendment and remarks filed on 04/14/2022.  Claims 1, 5-8, 10, 14-16, and 19 have been amended.  Claims 1-20 are currently pending and have been considered as follows.
The text of those sections of Title 35 U.S. Code not included in this section can be found in the prior office action.
The prior office actions are incorporated herein by reference.  In particular, the observations with respect to claim language, and response to previously presented arguments.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/14/2022 has been placed in the application file, and the information referred therein has been considered as to the merits.
Allowable Subject Matter
Claims 1-20 are allowed.
Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
In interpreting the claims in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.
Independent Claims 1, 8, and 14 are allowed for the reasons argued by applicants in the Remarks filed 04/14/2022 which are persuasive.  In view of the amendment to the claims, the Examiner withdraws the obviousness type double patenting rejections of Claims 1, 2, 8, and 9 which are independent and distinct from the inventions claimed in U.S. Patent No. 10,541,814 B2 and U.S. Patent No. 10,778,432 B2.  Claims 2-7, 9-13, and 15-20 depend upon respective independent claims above and are allowed by virtue of their dependencies.
Although, the prior art of record Ahmed et al. (US 9712503 B1) discloses “Migration may be performed using encryption for communications between the hosts and for authenticated communication between the hosts and the migration authority.  The present technology may enable live migration involving a three-way handshake with the trusted migration authority 115. The migration authority 115 may be used to validate any transfers or migrations, as well as to generate key material used in encrypting the communications between the hosts 110, 120” [column 3 lines 28-36]; “Use of transport layer encryption may involve use of a plurality of encryption keys to encrypt or decrypt messages, memory blocks or the like. For example, each successive message sent may be encrypted with a different key and the receiving host may be enabled to decrypt the successive messages using appropriate keys” [column 5 lines 60-65]; [column 6 lines 52-61],
None of the prior art of record teaches individually or in combination the limitations listed below as recited in applicants’ independent claims:
[Claim 1] “in response to the trigger, performing, a three-way handshake with at least one second device to establish a first encryption key and a second encryption key for a communication channel... deriving a first key-encrypting key and a second key-encrypting key; encrypting the first encryption key using the first key-encrypting key and the second encryption key using the second key encrypting-key to secure the communication channel”;
[Claim 8] “in response to the trigger, perform a three-way handshake with at least one second device to establish a first encryption key and a second encryption key for a communication channel during the secure communication session... derive a first key-encrypting key and a second key-encrypting key... encrypt the first encryption key using the first key-encrypting key and the second encryption key using the second key encrypting-key to secure the communication channel”;
[Claim 14] “performing, based on the detecting the trigger, a key advancement algorithm to generate a second encryption key based on a first encryption key and a first nonce; deriving a key-encrypting key... encrypting the second encryption key using the key-encrypting key to secure the communication channel”.
The closest prior art made of record and cited consisted of the following references.
Bartholet et al. (US 20020114453 A1) disclosed secured storage and communication of data using in situ cryptographic key generation facilities whereby data to be stored in a data storage system (e.g., a Storage Area Network) can be encrypted using encryption keys that are generated by locally deployed cryptographic key generators, which generate encryption keys based upon setup configurations that include time or event memory data. The setup configurations used to generate encryption keys can also be associated with the encrypted data by a data marker and stored such that, upon decryption of the same data at a later time period, the data marker may retrieve the stored setup configuration, which is then used to configure a locally deployed cryptographic key generator for purposes of generating the appropriate decryption keys to decrypt the data, whereby the cryptographic key generator used for generating encryption keys need not be the same cryptographic key generator used for generating decryption keys.
Saarinen (US 20020172359 A1) disclosed a pseudo-random number generator (PRNG) for a cryptographic processing system in which the PRNG is reseeded at each instance of input entropy and in which a standard timestamp variable used in determining random sequence outputs is replaced with a running counter. The method employed by the PRNG demonstrates increased resistance to iterative-guessing attacks and chosen-input attacks than those of previous technologies. The PRNG is suitable for use in a mobile telephone system for accomplishing secure communications.
Ogg et al. (US 20020178354 A1) disclosed modules that encipher the information stored in the central database for all of the on-line VBI system customers and are capable of preventing access to the database by unauthorized users. Additionally, the cryptographic module is capable of preventing unauthorized and undetected modification, including the unauthorized modification, substitution, insertion, and deletion of VBI related data and cryptographically critical security parameters.
McGough (US 20030149876 A1) disclosed openly exchanging encryption keys for each communication between participants in a totally secure fashion. Along with the key exchange, the system and method can be used to secure all accompanying message content with a derived message key. The system and method derives the message key in such a manner that the original encryption key cannot positively be determined from a discovered message key. The system and method additionally provide a technique for authenticated exchange of new encryption keys such that the new key is completely dissimilar from any previous key, effectively eliminating any chained key knowledge
Mody (US 20060129812 A1) disclosed authenticating and admitting parties located at remote sites to a secure communication network, wherein a dedicated site not party to said secure communication network includes a device in communication with said network comprising: a processor in communication with a memory, operable to execute code for: transmitting an authenticating value blinded by a value associated with each of said remote sites over said network; decrypting a value received over said network using an encryption key local to said dedicated site; validating said remote site when said authenticating value is equivalent to said decrypted received value.
Rossi et al. (US 20070022475 A1) disclosed providing a transport distribution scheme for a security protocol. A first packet data connection is established to a remote node for transmitting packet data over a network with a security protocol. An authentication procedure is performed with the remote node via the first packet data connection for establishing a security protocol session with the remote node. At least one security parameter is negotiated with the remote node for transmitting packets through the first packet data connection. A second packet data connection is established to the remote node, and at least one security parameter is negotiated with the remote node for use with the second packet data connection. The first and second packet data connections are handled as packet data subconnections associated with the security protocol session.
Callas (US 20070199071 A1) disclosed a method of generating an identity-based encryption key. The method includes specifying a master key; receiving an identity-based string; executing a function that processes the master key and the identity-based string to produce a seed; and using the seed to produce an identity-based encryption key.
Reznik et al. (US 20100153727 A1) disclosed a method for secure direct link communications between multiple wireless transmit/receive units (WTRUs). The WTRUs exchange nonces that are used for generating a common nonce. A group identification information element (GIIE) is generated from at least the common nonce and is forwarded to an authentication server. The authentication server generates a group direct link master key (GDLMK) from the GIIE to match WTRUs as part of a key agreement group. Group key encryption key (GKEK) and a group key confirmation key (GKCK) are also generated based on the common nonce and are used to encrypt and sign the GDLMK so that base stations do not have access to the GDLMK. Also disclosed is a method for selecting a key management suite (KMS) to generate temporal keys. A KMS index (KMSI) may be set according to a selected KMS, transmitted to another WTRU and used to establish a direct link.
CHATURVEDI et al. (US 20110317834 A1) disclosed a method for changing an encryption key in a hybrid peer-to-peer network comprising: receiving, by a first endpoint, an instruction to change from a first encryption key to a second encryption key; sending, by the first endpoint, a first message to a second endpoint that the first endpoint is going to change to the second encryption key, wherein the first message is defined for use with a transactional state model and includes information representing the second encryption key; receiving, by the first endpoint, in response to the first message, a second message from the second endpoint indicating that the second endpoint received the first message, wherein the second message is defined for use with the transactional state model; sending, by the first endpoint, a third message to the second endpoint acknowledging receipt of the second message, wherein the third message is defined for use with the transactional state model; and changing, by the first endpoint, from the first encryption key to the second encryption key, wherein all incoming messages for the first endpoint are to be encrypted using the second encryption key.
Oxford (US 20150295713 A1) disclosed a method for authentication and key exchange that is secure from man-in-the-middle attacks.  The method enables secure communications between a local device and a remote device(s) via a protocol that uses a Central Licensing Authority that shares derived secrets with the endpoints, without sharing the secrets themselves. The derived secrets may be comprised of public information, taking the form of nonces, in order to protect the system against replay-style attacks. Each endpoint can generate its own nonce with sufficient entropy such that neither endpoint is dependent on the trustworthiness of the other.
Calciu et al. (US 20160226672 A1) disclosed a seamless connection handshake for a reliable multicast session. A node module detects a new node attempting to join a multicast networking session. A handshake module generates a control packet comprising session initiation data for the new node. A packet module creates a combined data packet comprising the control packet and the multicast data packet and sends the combined data packet to the new node. The node module joins the new node to the ongoing multicast networking session without disturbing ongoing data transmissions during the multicast networking session.
However, the prior art of record, taken by itself or in any combination, do not anticipate or make obvious the invention of the present application and in particular the claim features listed above.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicants’ disclosure.
Prakash et al., (“Data Encryption and Decryption Algorithms using Key Rotations for Data Security in Cloud System”, International Conference on Signal Propagation and Computer Technology, July 2014, pp. 624-629)
Xiao et al. (US 20100246824 A1) is cited for generating a nonce at a peer device for use in establishing wireless connections and generating new keys.
HUH et al. (US 20170208045 A1) is cited for generating encryption keys using public keys and identification information generated from nonces.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kenneth W Chang whose telephone number is (571)270-7530. The examiner can normally be reached Monday - Friday 9-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 571-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KENNETH W CHANG/Primary Examiner, Art Unit 2438                                                                                                                                                                                                        
    PNG
    media_image1.png
    35
    280
    media_image1.png
    Greyscale

07.07.2022