Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This is in response to the amendments filed on 8/10/2022. Claims 1, 9, and 15 have been amended.. Claims 1-20 are currently pending and have been considered below. 

Response to Arguments
Applicant's arguments filed 8/10/2022 have been fully considered but they are not persuasive. On pages 9 and 10 of Remarks, Applicant asserts that the amendments overcome the cited prior art of record, and specifically the citations to Nix. However after further review of the amendments, the examiner respectfully disagrees with Applicant’s assertion. Specifically, while the examiner acknowledges that an Interview was held to discuss the now-filed amendments (see Interview Summary mailed 5/27/2022), the examiner mentioned that further review would need to be done in order to make a complete determination whether said amendments were fully supported by Applicant’s Disclosure. Upon conducting said review, the examiner has determined that said amendments are not properly supported by Applicant’s Disclosure, and that there are several other deficiencies with the amendments (noted below). Thus, in view of the present issues that affect the previously understood scope of the amendments, the examiner also contends that Nix fully teaches the amendments as well, which will also be addressed further below.

Specification
The disclosure is objected to because of the following informalities: Paragraph 000123, line 5 recites “the a private asymmetric key” which needs correction in order to clarify its antecedent basis.  
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claims 1, 9, and 15 have been amended to recite the limitation “wherein the symmetric key is derived based on … a private asymmetric key of the key establishment service obtained using the location data …”, however the originally filed Disclosure does not contain for support the private asymmetric key of the key established service (or the third computing device) being “obtained” by the first and/or second computing device. Instead, paragraph 124 details the second computing device receiving “second combined key data” from the key establishment service, where the second combined key data is based on “the first combined key and a private asymmetric key of the third computing device”. Further, while paragraph 45 additionally recites, “Key obtaining module 212Z may also obtain asymmetric key data 238D, which may be the private portion of the server asymmetric key pair”, paragraph 45 goes on to specify that “Asymmetric key data 238D may be based on server private key 226B but may be provided using a technique that keeps server private key 227B hidden from the client device receiving it. The technique may keep the server private key 227B hidden … by combining the server private key 227B with other cryptographic key data”. In other words, the Disclosure lacks any description that the “server private key 227B” is being directly obtained in order to derive a symmetric key at a second computing device.
Thus, it appears that the Disclosure suggests that the server private key is kept hidden by combining additional data with the server private key so that the combined key data is obtained at the first and/or second computing device (so as to prevent the devices from receiving the server private key itself).
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 has been amended to recite “wherein the symmetric key is derived” on line 14, which suggests that this wherein clause is directed to further limiting “a symmetric key” recited within line 4, however the “a symmetric key” recitation is directed towards establishing said key on “the first computing device”, whereas “the symmetric key” of the wherein clause appears to be directed towards a symmetric key being derived on “a second computing device”. In other words, the language of the wherein clause (e.g., “… derived based on the public asymmetric key provided by the first computing device”, “a second public asymmetric key generated by the second computing device”) suggests that “the symmetric key” of line 14 is being derived on the second computing device and not the first computing device, as is recited by claim 1 at line 4. Thus said “wherein” clause makes claim 1 indefinite because it defines a single symmetric key being established and/or derived at two separate entities without proper antecedent basis being established.
Claim 2, line 7 recites “the private asymmetric key of the third computing device” (emphasis added) which is unclear. Claim 2 specifies that that the “key establishment service” is being executed on said third computing device, however claim 1 was amended to recite “a private asymmetric key of the key establishment service” (emphasis added). Thus, it either appears that there are two, separate private asymmetric keys being utilized on the “third computing device” itself, or Applicant has amended the claims in a manner which makes it unclear as to which entity (i.e., the third computing device or the key establishment service) this private asymmetric key exists on. In other to expedite examination the examiner will interpret both recitations of the private asymmetric key to refer to the same key, however appropriate correction is required to over this rejection.
Claim 6, line 3 recites “wherein the key establishment service comprises a private asymmetric key” which is unclear as it does not contain proper antecedent basis. Claim 1 has been amended to recite “a private asymmetric key of the key establishment service” which would suggest that the private key of claim 6 is the same private key as amended claim 1.
Claim 8, page 2, lines 6 and 7 recite “a private asymmetric key of the key establishment service” which is unclear as it does not contain proper antecedent basis in view of claim 1’s recitation of “a private asymmetric key of the key establishment service”.
Claim 9 is rejected in a similar manner as claim 1. That is, claim 9 is a “system” claim directed to a “processing device of a first computing device” performing the steps outlined in claim 1, which suggests that claim 9 is directed towards the same first computing device of claim 1. Thus, the recitations of the “wherein” clause, which appear to be occurring on a “second computing device” are indefinite as claim 9 is directed to the establishing of a symmetric key on a first computing device.
Claim 15 is rejected in a similar manner as claim 1. That is, claim 15 recites generating a first symmetric key “by a first computing device” but the amended “wherein” clause further suggests that the “symmetric key” is generated at a second computing device. Furthermore, claim 15’s recitation of “the symmetric key” lacks proper antecedent basis. The examiner cautions that if Applicant amends claim 15 to address the above noted issues then Applicant should be mindful of the language in claim 18 so as to not introduce any further issues.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6, 7, 9-12, and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Nix” (US 2021/0218560) in view of “Tormasov” (US 8572370).

Regarding Claim 1:
Nix teaches:
A method comprising: 
obtaining, by a first computing device, an asymmetric key pair comprising a public asymmetric key and a private asymmetric key (¶0021, “After power up and/or connecting with the IP network, the device can use the random number generator, the cryptographic parameters, and the key pair generation algorithm to derive a device ephemeral private key and a device ephemeral public key”); 
establishing, by the first computing device, a symmetric key (¶0021, “The output from the ECDH key exchange can comprise a shared secret or point X3. The device can derive a symmetric ciphering key using shared secret X3 and a key derivation function”) using a key establishment service (Fig. 1a depicts the device 103 utilizing a public key 102a of a key server (corresponding to private key 102b) in establishing of a symmetric key; Fig. 2a details the usage of a Key Server 102 required to establish a symmetric key in server 101 corresponding to the symmetric key generated in the device), wherein the symmetric key is established in view of the private asymmetric key of the first computing device (¶0021, “The device can conduct a first ECDH key exchange using the … device ephemeral private key…”) and a public asymmetric key of the key establishment service (¶0021, “The device can conduct a first ECDH key exchange using … the network static public key”; ¶0061, “Thus, using the notation described in the previous three sentences, the corresponding private key for network static public key Sn 102a can comprise network static private key ss 102b”; ¶0077, “As depicted in FIG. 1a, key server 102 can include a key server identity 102i, a set of cryptographic parameters 104, a network static private key sn 102b”; i.e., the network static public key is the associated public key to the network static private key of the key server 102, as further shown in Fig. 1a as elements 102a and 102b); 
transmitting, by the first computing device, sensitive data encrypted using the symmetric key to a persistent storage device (¶0094, “OS 101g could also record and operate a decryption step 221…” & Fig. 2e depicts Step 221 containing the ciphertext data 209b; ¶0174, “Server 101 can then record, operate with, and store data read from the decrypted plaintext in message 299”; i.e., store the ciphertext data and the sensitive data in a storage device of the server) accessible to a second computing device (¶0021, “The device can send … the first ciphertext … to the server in a first message…”; ¶0029, “The server can then use a decryption step with the symmetric ciphering key in order to read plaintext form the first ciphertext received in the first message from the device … The plaintext from the first message can comprise a first random number generated by the device and also optionally include device data”l i.e., access the sensitive data via a decryption step utilizing the established symmetric key shared between the device and the server); 
…
providing, by the first computing device, the public asymmetric key and the location data to the second computing device (¶0021, “The device can send the device ephemeral public key … identification information … to the server in a first message …”; i.e., transmit, from the device to the server, the device public key and identification information (containing location information for a key server) within a first message), wherein the location data corresponds to the key establishment service (¶0024, “In order to select a key server, the server could use several different methods based on the identifying information from of the device in the first message. The identifying information from the first message for the device used to select a key server could comprise … a particular URL or IP address and port number as a destination address is mapped to a particular key server”), and wherein the symmetric key is derived based on the public asymmetric key provided by the first computing device (Figure 2d, element 220 details the server inputting a Key Derivation Function X3 to derive the symmetric key, which contains the public asymmetric key, element Ed103a, provided by (Figure 2a, message 299) the first computing device), a second public asymmetric key generated by the second computing device (Figure 2d, element 213 details creating key data X0 using a public asymmetric key, Sd 103c, where X0 is used to generate other key datum in order to derive the symmetric key),  and a private asymmetric key of the key establishment service obtained using the location data corresponding to the key establishment service (Figure 2d further details that X3 is derived by combining datums X1 and X2, where X1 is generated at the key establishment server by usage of private key, sn, and obtained by the server in Figure 2a, message 217).
Nix does not disclose:
initiating, by the first computing device, a creation of an execution environment on the second computing device; and 
Tormasov teaches:
initiating, by the first computing device (Fig. 4, element 20), a creation of an execution environment on the second computing device (Fig. 4, element 103; Col. 5, lines 3-16, “The Virtual Environment 102 are generally created by users, or activated upon user request, and typically can include a system software, various user applications, and so on … Once the Virtual Environment is created, the Virtual Environment can be located in the repository 103”; Col. 5, lines 33-35, “The repository 103 can also be implemented as a centralized data storage, to which the user has access… through a known network address or over a network”); and 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Nix’s key exchange system by enhancing Nix’s network server to provide enhanced services for a client device, such as virtualized storage environments, as taught by Tormasov, in order to offload processing and storage needs of the client device.
	The motivation is to implement a virtualized storage environment on a server device that provides additional storage and processing functionality to a client device, where the implementation adds no further authentication processes after an initial key creation is performed (Tormasov, Col. 9, lines 37-45 & lines 52-57).

Regarding Claim 2:
The method of claim 1, wherein Nix in view of Tormasov further teaches the symmetric key is derived using asymmetric keys of different computing devices (Nix, Figure 2c, elements 204 and 205 detail two pairs of asymmetric keys on a client device used to derive the symmetric ciphering key; Figure 2d, element 101b details a private server key (of an asymmetric key pair) used to derive a shared secret 218a and ultimately the symmetric key as shown in element 219 using the shared secret 218a), and wherein the first computing device derives the symmetric key in view of the private asymmetric key of the first computing device (Nix, Figure 2c, element 103d, is a private ephemeral key of the device used to derive the symmetric key 206a) and the public asymmetric key of the key establishment service (Nix, Figure 2c, element 201a, is the network static public key of the key server) that is executing on a third computing device (Nix, Figure 1a, element 102; Figure 2a, element 102), and wherein the second computing device derives the symmetric key in view of the public asymmetric key of the first computing device (Nix, Figure 2d, element 219, details how in the point X0 can be defined via (Ed 103a + Sd 103c), where Ed 103a is the ephemeral public key and 103c is the static public key of the device) and the private asymmetric key of the third computing device (Nix, Figure 2d, element 216 details a network static private key, element 102b, being used to generate shared secret 216a which is then used in element 219 to derive the symmetric key).

Regarding Claim 3:
The method of claim 1, wherein Nix in view of Tormasov further teaches initiating the creation of the execution environment comprises the first computing device initiating the creation of one or more of a virtual machine, a container, or a trusted execution environment on the second computing device (Tormasov, Col. 5, lines 3-16, “The Virtual Environment 102 are generally created by users, or activated upon user request, and typically can include a system software, various user applications, and so on…”), and wherein the sensitive data comprises configuration data for the virtual machine, the container, or the trusted execution environment (Tormasov, Col. 11, Claim 1 - “(ii) on the client, selecting plaintext data to be stored on the shared storage”, “(iv) encrypting the plaintext data into cyphertext data…”, “(v) storing the cyphertext data on the shared storage”, and “(i) running a server program that utilizes the cyphertext data and the server data and communicates with the client program using the cyphertext data” & Col. 12, Claim 7 - “the client initiates a virtual environment on the server side using the cyphertext data from the shared storage”; i.e., claims 1 and 7 disclose a client device encrypting sensitive data, sending the encrypted sensitive data to a virtual execution environment at a server device, and initiating the virtual execution environment using the encrypted sensitive data. Here, the examiner interprets “cyphertext data” as being “sensitive data” comprising “configuration data” by virtue of its usage in initiating the virtual environment at the server device). 
The motivation to combine Tormasov to Nix in disclosing the limitations of claim 3 is the same motivation applied to the combination of Tormasov and Nix in the rejection of claim 1 above.

Regarding Claim 4:
The method of claim 2, wherein Nix in view of Tormasov further teaches the first computing device, the second computing device, and the third computing device each include cryptographic key data used to derive the symmetric key without persistently storing the symmetric key (Nix, Figure 1a details the Device 103, Server 101, and Key Server 102 storing respective keys that are later utilized in generating a symmetric key, but without the symmetric key being presently stored).

Regarding Claim 6:
The method of claim 2, wherein Nix in view of Tormasov further teaches the location data comprises a network address of the key establishment service executing on the third computing device (Nix, ¶0024, “In order to select a key server, the server could use several different methods based on the identifying information from of the device in the first message. The identifying information from the first message for the device used to select a key server could comprise … a particular URL or IP address and port number as a destination address is mapped to a particular key server”), and wherein the key establishment service comprises a private asymmetric key used to establish the symmetric key (Nix, Figure 1a, element 102b is a private asymmetric key of the key server used to establish a symmetric key between the device 103 and server 101).

Regarding Claim 7:
The method of claim 1, wherein Nix in view of Tormasov further teaches establishing, by the first computing device, the symmetric key using the key establishment service comprises: 
generating, by the first computing device, the asymmetric key pair comprising the public asymmetric key and the private asymmetric key (Nix, ¶0021, “After power up and/or connecting with the IP network, the device can use the random number generator, the cryptographic parameters, and the key pair generation algorithm to derive a device ephemeral private key and a device ephemeral public key”); 
receiving, by the first computing device, the public asymmetric key of the key establishment service (Nix, ¶0062, “For embodiments where public keys Sn 102a and Ss 101a are recorded in volatile memory, device 103 could obtain keys 102a and 101a from a different server than server 101 for network 105 before sending data 106, such as device 103 obtaining keys 102a and/or via a secure session from a different server before sending data 106”; i.e., receive the public asymmetric key 102a of the key server at the device); and 
deriving, by the first computing device, the symmetric key from the public asymmetric key of the key establishment service and the private asymmetric key of the first computing device (Nix, ¶0021, “The output from the ECDH key exchange can comprise a shared secret or point X3. The device can derive a symmetric ciphering key using shared secret X3 and a key derivation function”; Figure 2c further details that symmetric key 206a is derived from shared secret X3).

Regarding Claims 9-12 and 14:
System claims 9-12 and 14 correspond to respective method claims 1-4 and 7 and contain no further limitations. Thus, claims 9-12 and 14 are each rejected by applying the same rationale used to reject claims 1-4 and 7, respectively.

Claims 5 and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Nix” (US 2021/0218560) in view of “Tormasov” (US 8572370) in further view of “Jones” (US 2014/0052989).

Regarding Claim 5:
Nix in view of Tormasov teaches:
The method of claim 2, 
Nix in view of Tormasov does not disclose:
… further comprising, deleting all instances of the symmetric key and all instances of the private asymmetric key used to derive the symmetric key, wherein the public asymmetric key of the first computing device and the private asymmetric key of the third computing device remain.
Jones teaches:
… further comprising, deleting all instances of the symmetric key and all instances of the private asymmetric key used to derive the symmetric key (¶0053, “… the client devices (such as the sender 102 and the receiver 104) are configured to allow for complete erasure or “zeroization” of all the keys sent or received by any user (sender 102, receiver 104…) …”), wherein the public asymmetric key of the first computing device and the private asymmetric key of the third computing device remain (Claim 8 - “The receiving device … delete the symmetric key…”; Claim 13 - “The sending deice … delete the private key and the symmetric key…”; i.e., delete only the private key of a sender device (the client 103 of Nix) and all instances of the symmetric key on the sender device and a receiver device (the server 101 of Nix)). 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Nix in view of Tormasov’s key exchange system by enhancing Nix in view of Tormasov’s client and server to delete respective private and symmetric keys, as taught by Jones, in order to prevent the keys from being leaked to an unauthorized entity.
	The motivation is to provide a method that deletes secure keys from a sender and receiver device in case of loss or compromise of either device (Jones, ¶0053), thus enhancing the security of a key exchange system.

Regarding Claim 13:
System claim 13 corresponds to method claim 5 and contains no further limitations. Therefore claim 13 is rejected by applying the same rationale used to reject claim 5 above.

Claims 15-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Nix” (US 2021/0218560) in view of “Sovio” (US 2020/0374112) in further view of “Tormasov” (US 8572370).

Regarding Claim 15:
Nix teaches:
A non-transitory machine-readable storage medium storing instructions which, when executed, cause a processing device to perform operations comprising: 
generating, by a first computing device, … and an asymmetric key pair, the asymmetric key pair comprising a public asymmetric key and a private asymmetric key (¶0021, “After power up and/or connecting with the IP network, the device can use the random number generator, the cryptographic parameters, and the key pair generation algorithm to derive a device ephemeral private key and a device ephemeral public key”); 
establishing, by the first computing device, a second symmetric key (¶0021, “The output from the ECDH key exchange can comprise a shared secret or point X3. The device can derive a symmetric ciphering key using shared secret X3 and a key derivation function”) using a key establishment service (Fig. 1a depicts the device 103 utilizing a public key 102a of a key server (corresponding to private key 102b) in establishing of a symmetric key; Fig. 2a details the usage of a Key Server 102 required to establish a symmetric key in server 101 corresponding to the symmetric key generated in the device), wherein the second symmetric key is established in view of the private asymmetric key of the first computing device (¶0021, “The device can conduct a first ECDH key exchange using the … device ephemeral private key…”) and a public asymmetric key of the key establishment service (¶0021, “The device can conduct a first ECDH key exchange using … the network static public key”; ¶0061, “Thus, using the notation described in the previous three sentences, the corresponding private key for network static public key Sn 102a can comprise network static private key ss 102b”; ¶0077, “As depicted in FIG. 1a, key server 102 can include a key server identity 102i, a set of cryptographic parameters 104, a network static private key sn 102b”; i.e., the network static public key is the associated public key to the network static private key of the key server 102, as further shown in Fig. 1a as elements 102a and 102b); 
…
transmitting, by the first computing device, the encrypted sensitive data to a persistent storage device (¶0094, “OS 101g could also record and operate a decryption step 221…” & Fig. 2e depicts Step 221 containing the ciphertext data 209b; ¶0174, “Server 101 can then record, operate with, and store data read from the decrypted plaintext in message 299”; i.e., store the ciphertext data and the sensitive data in a storage device of the server) accessible to the second computing device (¶0021, “The device can send … the first ciphertext … to the server in a first message…”; ¶0029, “The server can then use a decryption step with the symmetric ciphering key in order to read plaintext form the first ciphertext received in the first message from the device … The plaintext from the first message can comprise a first random number generated by the device and also optionally include device data”; i.e., access the sensitive data via a decryption step utilizing the established symmetric key shared between the device and the server); and 
providing, by the first computing device, the public asymmetric key and location data to the second computing device to enable the second computing device to access the sensitive data (¶0021, “The device can send the device ephemeral public key … identification information … to the server in a first message …”; i.e., transmit, from the device to the server, the device public key and identification information (containing location information for a key server) within a first message), wherein the location data corresponds to the key establishment service (¶0024, “In order to select a key server, the server could use several different methods based on the identifying information from of the device in the first message. The identifying information from the first message for the device used to select a key server could comprise … a particular URL or IP address and port number as a destination address is mapped to a particular key server”), and wherein the symmetric key is derived based on the public asymmetric key provided by the first computing device (Figure 2d, element 220 details the server inputting a Key Derivation Function X3 to derive the symmetric key, which contains the public asymmetric key, element Ed103a, provided by (Figure 2a, message 299) the first computing device), a second public asymmetric key generated by the second computing device (Figure 2d, element 213 details creating key data X0 using a public asymmetric key, Sd 103c, where X0 is used to generate other key datum in order to derive the symmetric key),  and a private asymmetric key of the key establishment service obtained using the location data corresponding to the key establishment service (Figure 2d further details that X3 is derived by combining datums X1 and X2, where X1 is generated at the key establishment server by usage of private key, sn, and obtained by the server in Figure 2a, message 217).
Nix does not disclose:
generating, by a first computing device, a first symmetric key…
encrypting, by the first computing device, sensitive data and the first symmetric key, wherein the sensitive data is encrypted using the first symmetric key and the first symmetric key is encrypted using the second symmetric key; 
initiating, by the first computing device, a creation of an execution environment on the second computing device; and 
Sovio teaches:
generating, by a first computing device, a first symmetric key (¶0086, “the processor 102b is configured to randomly generate a third symmetric cryptographic key (or in other words, a shared key encryption key, KEK)”)…
encrypting, by the first computing device, sensitive data (¶0087) and the first symmetric key (¶0088), wherein the sensitive data is encrypted using the first symmetric key (¶0087, “… the processor 102b is configured to encrypt the data to be provisioned to the client device 110b with the randomly generated third symmetric cryptographic key KEK”) and the first symmetric key is encrypted using the second symmetric key (¶0088, “The processor 102b is configured to use the second symmetric cryptographic key PSK to encrypt the third symmetric cryptographic key KEK after its use to encrypt the data to be provisioned”); 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Nix’s key exchange system by enhancing Nix’s client device to utilize a key encryption key protect an encryption key used to encrypt sensitive data prior to transmission to another device, as taught by Sovio, in order to encrypt the data such that only the other device is able to decrypt the data.
	The motivation is to implement a data transmission process that involves a key encryption key scheme of a symmetric key and data encrypted with the symmetric key in order to establish a security protocol where only a designated device is capable of decrypting the data (Sovio, ¶0004, “… so that only the target client device is able to decrypt the data”).
Nix in view of Sovio does not disclose:
initiating, by the first computing device, a creation of an execution environment on the second computing device; and 
Tormasov teaches:
initiating, by the first computing device (Fig. 4, element 20), a creation of an execution environment on the second computing device (Fig. 4, element 103; Col. 5, lines 3-16, “The Virtual Environment 102 are generally created by users, or activated upon user request, and typically can include a system software, various user applications, and so on … Once the Virtual Environment is created, the Virtual Environment can be located in the repository 103”; Col. 5, lines 33-35, “The repository 103 can also be implemented as a centralized data storage, to which the user has access… through a known network address or over a network”); and 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Nix in view of Sovio’s key exchange system by enhancing Nix in view of Sovio’s network server to provide enhanced services for a client device, such as virtualized storage environments, as taught by Tormasov, in order to offload processing and storage needs of the client device.
	The motivation is to implement a virtualized storage environment on a server device that provides additional storage and processing functionality to a client device, where the implementation adds no further authentication processes after an initial key creation is performed (Tormasov, Col. 9, lines 37-45 & lines 52-57).

Regarding Claim 16:
The non-transitory machine-readable storage medium of claim 15, wherein Nix in view of Sovio in further view of Tormasov further teaches the first symmetric key is an encryption key (Sovio, ¶0087, “… the processor 102b is configured to encrypt the data to be provisioned to the client device 110b with the randomly generated third symmetric cryptographic key KEK”; i.e., the third symmetric key is used as an encryption key of the data) and the second symmetric key is a key encryption key (KEK) (Sovio, ¶0088, “The processor 102b is configured to use the second symmetric cryptographic key PSK to encrypt the third symmetric cryptographic key KEK after its use to encrypt the data to be provisioned”; i.e., the second symmetric key is used to encrypt the third encryption key, and is thus also “Key Encryption key”).
The motivation to combine Sovio to Nix to reject claim 16 is the same motivation used in combining Sovio to Nix in the rejection of claim 15 above.

Regarding Claim 17:
The non-transitory machine-readable storage medium of claim 15, wherein Nix in view of Sovio in further view of Tormasov further teaches initiating the creation of the execution environment comprises the first computing device initiating the creation of one or more of a virtual machine, a container, or a trusted execution environment on the second computing device (Tormasov, Col. 5, lines 3-16, “The Virtual Environment 102 are generally created by users, or activated upon user request, and typically can include a system software, various user applications, and so on…”), and wherein the sensitive data comprises configuration data for the virtual machine, the container, or the trusted execution environment (Tormasov, Col. 11, Claim 1 - “(ii) on the client, selecting plaintext data to be stored on the shared storage”, “(iv) encrypting the plaintext data into cyphertext data…”, “(v) storing the cyphertext data on the shared storage”, and “(i) running a server program that utilizes the cyphertext data and the server data and communicates with the client program using the cyphertext data” & Col. 12, Claim 7 - “the client initiates a virtual environment on the server side using the cyphertext data from the shared storage”; i.e., claims 1 and 7 disclose a client device encrypting sensitive data, sending the encrypted sensitive data to a virtual execution environment at a server device, and initiating the virtual execution environment using the encrypted sensitive data. Here, the examiner interprets “cyphertext data” as being “sensitive data” comprising “configuration data” by virtue of its usage in initiating the virtual environment at the server device).
The motivation to combine Tormasov to Nix in view of Sovio in disclosing the limitations of claim 17 is the same motivation applied to the combination of Tormasov and Nix in view of Sovio in the rejection of claim 15 above.

Regarding Claim 18:
The non-transitory machine-readable storage medium of claim 15, wherein Nix in view of Sovio in further view of Tormasov further teaches the second symmetric key is derived using asymmetric keys of different computing devices (Nix, Figure 2c, elements 204 and 205 detail two pairs of asymmetric keys on a client device used to derive the symmetric ciphering key; Figure 2d, element 101b details a private server key (of an asymmetric key pair) used to derive a shared secret 218a and ultimately the symmetric key as shown in element 219 using the shared secret 218a), and wherein the first computing device derives the second symmetric key in view of the private asymmetric key of the first computing device (Nix, Figure 2c, element 103d, is a private ephemeral key of the device used to derive the symmetric key 206a) and the public asymmetric key of the key establishment service (Nix, Figure 2c, element 201a, is the network static public key of the key server) that is executing on a third computing device  (Nix, Figure 1a, element 102; Figure 2a, element 102), and wherein the second computing device derives the second symmetric key in view of the public asymmetric key of the first computing device (Nix, Figure 2d, element 219, details how in the point X0 can be defined via (Ed 103a + Sd 103c), where Ed 103a is the ephemeral public key and 103c is the static public key of the device) and the private asymmetric key of the third computing device (Nix, Figure 2d, element 216 details a network static private key, element 102b, being used to generate shared secret 216a which is then used in element 219 to derive the symmetric key).

Regarding Claim 19:
The non-transitory machine-readable storage medium of claim 18, wherein Nix in view of Sovio in further view of Tormasov further teaches the location data comprises a network address of the key establishment service executing on the third computing device (Nix, ¶0024, “In order to select a key server, the server could use several different methods based on the identifying information from of the device in the first message. The identifying information from the first message for the device used to select a key server could comprise … a particular URL or IP address and port number as a destination address is mapped to a particular key server”), and wherein the key establishment service comprises a private asymmetric key used to establish the second symmetric key (Nix, Figure 1a, element 102b is a private asymmetric key of the key server used to establish a symmetric key between the device 103 and server 101).

Claim 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Nix” (US 2021/0218560) in view of “Sovio” (US 2020/0374112) in view of “Tormasov” (US 8572370) in further view of “Jones” (US 2014/0052989).

Regarding Claim 20:
Nix in view of Sovio in further view of Tormasov teaches:
The non-transitory machine-readable storage medium of claim 18, …
Nix in view of Sovio in further view of Tormasov does not disclose:
… further comprising, deleting all instances of the second symmetric key and all instances of the private asymmetric key used to derive the second symmetric key, wherein the public asymmetric key of the first computing device and the private asymmetric key of the third computing device remain.
Jones teaches:
… further comprising, deleting all instances of the symmetric key and all instances of the private asymmetric key used to derive the symmetric key (¶0053, “… the client devices (such as the sender 102 and the receiver 104) are configured to allow for complete erasure or “zeroization” of all the keys sent or received by any user (sender 102, receiver 104…) …”), wherein the public asymmetric key of the first computing device and the private asymmetric key of the third computing device remain (Claim 8 - “The receiving device … delete the symmetric key…”; Claim 13 - “The sending deice … delete the private key and the symmetric key…”; i.e., delete only the private key of a sender device (the client 103 of Nix) and all instances of the symmetric key on the sender device and a receiver device (the server 101 of Nix)). 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Nix in view of Sovio in further view of Tormasov’s key exchange system by enhancing Nix in view of Sovio in further view of Tormasov’s client and server to delete respective private and symmetric keys, as taught by Jones, in order to prevent the keys from being leaked to an unauthorized entity.
	The motivation is to provide a method that deletes secure keys from a sender and receiver device in case of loss or compromise of either device (Jones, ¶0053), thus enhancing the security of a key exchange system.

Allowable Subject Matter
Claim 8 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(a) and 35 U.S.C. 112(b), set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  The cited art of record does not fairly teach or suggest, either individually or in combination, the subject matter recited within claim 8 when considered in view of the subject matter recited by claim 1.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329.  The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491