DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1-17 and 19-20 are pending.

Allowable Subject Matter
2.	Claims 16-17 and 19-20 are allowed over art.
3.	The following is a statement of reasons for the indication of allowable subject matter:  
The current amendment has overcome the rejection under the Smith reference. 
Further searching failed to disclose prior art that reads the claimed receiving from the server system contact information including a first public key of the second computing device of the plurality of computing devices, a first digital signature generated from the public key using an account key shared by the plurality of computing devices associated with the user account, a second public key of a third computing device of the plurality of computing devices, and a second digital signature generated from the second public key using the account key. The claimed invention further verifying the first and second public key using the first and second digital signatures wherein the encrypted messages include a first message, sent to the second computing device, that is encrypted using the first public key and a second message, sent to the third computing device, that is encrypted using the second public key. Therefore, none of the references alone or in combination disclose or suggest the invention of claims 16-17 and 19-20. 
Response to Arguments
4.	Applicant’s arguments with respect to claim(s) 1-17 and 19-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
5.	Claim(s) 1-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Smith, et al. [US 20180123804] in view of Kravitz, et al. [US 20180332014].
As per claim 1:	Smith teach a non-transitory computer readable medium having program instructions stored therein that are executable by a first computing device to perform operations, comprising: 
generating an account key associated with a user account [Smith: 0074], wherein the user account is associated with a plurality of computing devices that includes the first computing device [Smith: 0237; the system may utilize a key-based identification system (i.e., cryptographic identity) based on an identity of the device. The key-based identification (i.e., cryptographic identity) may provide a degree of anonymity to the users and facilitate tracking changes or transactions. Similar to and based at least in part on cryptocurrency systems in which users are identified and authenticated using anonymous public keys, as part of asymmetric encryption/cryptographic identities, and a blockchain ledger that tracks transactions, the system may utilize a device identity as a key in the authorization issuance sequence], and wherein the account key is shared by the plurality of computing devices [Smith: 0102; A User Account Service of the cloud may encrypt the ACP Outer Layer 2 with a key, such as the User-SCM-Key key and specific to the pair defined by the target SCM and the user account associated with the device. Authorizations may be issued for the target SCM to a user account, by which all of the devices associated with that user account are authorized. See also 0105; user account, e.g. a common key shared amongst all SCMs. The “account key… shared by a plurality of computing devices” can be given the broadest reasonable interpretation (BRI) as any key such as a common or public key or User-SCM-Key key that’s associated to a user account and shared by multiple devices. More examples of account key on 0387] **to sign public keys associated with respective ones of the plurality of computing devices; [**as rejected under a secondary reference, discussion below]
signing a public key of the first computing device with the generated account key to produce a digital signature usable to verify the public key; [Smith: 0283; Digital certificates (X.509), potentially managed by a Public Key Infrastructure (PKI), may provide evidence that a particular public key is a particular author's key and therefore that a particular digital signature was created by a particular author]
sending the public key and the digital signature to a first server system configured to distribute the public key to a second computing device attempting to send an encrypted message to the first computing device [Smith: 0313; the SCM-Key public key may be securely transmitted to and stored by system components that utilize the SCM-Key public key, such as the device or the cloud. The SCM-Key public key may be used by system components to decrypt and/or verify that a message originated from a particular SCM and may be used to encrypt and/or sign messages intended for a particular SCM. The intended particular SCM suggests a different (second) device not associated with the user account as noted above, the account key can be shared amongst different devices], **wherein the second computing device is not associated with the user account; [**as rejected under a secondary reference, discussion below]
sending the account key to a storage external to the first computing device [Smith: 0387; User-SCM-Key key may uniquely identify a particular pairing between a user account and an SCM (a user account/SCM pair). The User-SCM-Key key is an asymmetric private/public key pair generated and stored by the User Account Service in the cloud], wherein the storage is usable by others of the plurality of computing devices to obtain the account key and use the account key to sign public keys of the other computing devices; and [Smith: 0107, 0282-0283; If the public key were distributed with the message, the recipient may not be aware of an authorship change. Digital certificates (X.509), potentially managed by a Public Key Infrastructure (PKI), may provide evidence that a particular public key is a particular author's key and therefore that a particular digital signature was created by a particular author]
receiving the encrypted message from the second computing device, wherein the encrypted message is encrypted by the second computing device using the public key obtained from the first server system. [Smith: 0280; Message integrity and authenticity may be simultaneously verified, by including in (or with) the encrypted message, with symmetric cryptography, a message authentication code (MAC), or with asymmetric cryptography (e.g., public-key cryptography), a digital signature. See also 0289; explains encrypted message by one device using public from a cloud or SCM (server)]
The “account key… shared by a plurality of computing devices” can be given the broadest reasonable interpretation (BRI) as any key such as a common or public key or User-SCM-Key key that’s associated to a user account shared by multiple devices. Smith discloses “generating an account key associated with a user account…wherein the account key is shared by the plurality of computing devices”, where a User Account Service of the cloud may encrypt the ACP Outer Layer  with a key, such as the User-SCM-Key key and specific to the pair defined by the target SCM and the user account associated with the device. Authorizations may be issued for the target SCM to a user account, by which all of the devices associated with that user account are authorized [Smith: 0102]. More examples of account key such as a common key shared amongst all SCMs [Smith: 0105, 0387].  Further, Smith discloses “distribute the public key to a second computing device attempting to send an encrypted message to the first computing device” by the SCM-Key public key that are securely transmitted to and stored by system components that utilize the SCM-Key public key, such as the device or the cloud. The SCM-Key public key may be used by system components to decrypt and/or verify that a message originated from a particular SCM and may be used to encrypt and/or sign messages intended for a particular SCM [Smith: 0313]. Thus, the intended particular SCM suggests a different (second) device not associated with the user account as noted above, the account key can be shared amongst different devices. However, with Smith’s account key such as a common key shared amongst all SCMs and verify that a message originated from a particular SCM that is used to encrypt and/or sign messages intended for a particular SCM suggests common shared key for different devices. However, Smith did not clearly discuss using the account key is shared by the plurality of computing devices “to sign public keys associated with respective ones of the plurality of computing devices” and “wherein the second computing device is not associated with the user account”.
Kravitz discusses a group does not identify an individual, but defines function/role, such as host entity of a customer relationship. An attribute certificate for the group indicates group characterization (e.g., department(s) and/or role(s)), and references a public key certificate that includes a signature verification public key. The corresponding signature generation private key is held by the group administrator. This key is used to assign the group public key that is used for encryption or key establishment. Kravitz further discloses to securely provide the group private key to other current members of the group may use can be made of encryption public keys or key establishment public keys of prospective group members and an ephemeral key establishment public keys that have been digitally signed using digital signature generation private keys of prospective group members that correspond to certificate-bearing or otherwise authenticated signature verification public keys [Kravitz: para 0182]. Kravitz provide the group private key to other current members of the group may use can be made of encryption public keys and using digital signature generation private keys of prospective group members to digitally sign public keys obviously suggests using the account key is shared by the plurality of computing devices “to sign public keys associated with respective ones of the plurality of computing devices” and “wherein the second computing device is not associated with the user account” as the keys although is the same but belongs to prospective group members (in terms of second device not associated with the user account), where motivation is to provide mutual authentication to each other (devices) at a higher standard of care than is typically done so as to accomplish higher security for important communication lines and/or for specific digital assets [Kravitz: para 0026].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Art2 with Ref1 to teach using the account key is shared by the plurality of computing devices “to sign public keys associated with respective ones of the plurality of computing devices” and “wherein the second computing device is not associated with the user account” for the reason to provide mutual authentication to each other (devices) at a higher standard of care so as to accomplish higher security for important communication lines and/or for specific digital assets. 
Claim 2:  Smith: 0166 [push notification], 0398; discussing the computer readable medium of claim 1, wherein the first server system is configured to send, to a second server system, a notification identifying that the public key has been associated with the user account, and wherein the operations further comprise: contacting the second server system to verify that each public key associated with the user account has originated from a computing device included in the plurality of computing devices.
Claim 3:  Smith: 0282-0283 [user account information including identity]; discussing the computer readable medium of claim 2, wherein the second server system is configured to maintain an append-only log that includes, for the user account, information indicative of a set of device identifiers for the plurality of computing devices, information indicative of the public keys corresponding to the device identifiers, and information identifying capabilities supported by the plurality of computing devices.
Claim 4:  Smith: 0693; discussing the computer readable medium of claim 3, wherein the append-only log uses a Merkle tree data structure.
Claim 5:  Smith: 0313, 0398; discussing the computer readable medium of claim 1, wherein the operations further comprise: receiving the digital signature from the second computing device, wherein the second computing device obtained the digital signature from the first server system; and verifying, the received digital signature.
Claim 6:  Smith: 0075-0076, 0362-0365; discussing the computer readable medium of claim 1, wherein the first server system is configured to verify the digital signature before permitting the public key to be distributed to the second computing device.
Claim 7:  Smith: 0422; discussing the computer readable medium of claim 1, wherein the storage is a computer cluster providing a cloud storage service to the plurality of computing devices.
Claim 8:  Smith: 0397; discussing the computer readable medium of claim 1, wherein the operations further comprise: encrypting the account key with a symmetric key known only to the plurality of computing devices.
Claim 9:  Smith: 0404 [Cloud-SCM-Key public key may be used by the SCM to decrypt and/or verify that a message originated from the cloud and may be used to encrypt and/or sign messages]; discussing the computer readable medium of claim 1, wherein the operations further comprise: decrypting a symmetric key received from the second computing device and encrypted using the public key; and decrypting the encrypted message with the decrypted symmetric key.
Claim 10:  Smith: 0404 [Cloud-SCM-Key private key may be used by the cloud to encrypt and/or sign messages for the associated SCM and may be used to decrypt and/or verify messages]; discussing the computer readable medium of claim 1, further comprising: decrypting, by the first computing device, the encrypted message with a private key corresponding to the public key.
As per claim 11:	Smith teach a non-transitory computer readable medium having program instructions stored therein that are executable by a first server system to perform operations comprising: 
maintaining contact information for one or more of a plurality of computing devices that are associated with a user account; [Smith: 0237; the system may utilize a key-based identification system (i.e., cryptographic identity) based on an identity of the device. The key-based identification (i.e., cryptographic identity) may provide a degree of anonymity to the users and facilitate tracking changes or transactions. Similar to and based at least in part on cryptocurrency systems in which users are identified and authenticated using anonymous public keys, as part of asymmetric encryption/cryptographic identities, and a blockchain ledger that tracks transactions, the system may utilize a device identity as a key in the authorization issuance sequence. See also 0211, 0239, 0250]
receiving a first computing device of the plurality of computing devices, a request to associate additional contact information with the user account [Smith: 0242; registration request], wherein the request includes a public key and **a digital signature generated from the public key using an account key shared by the plurality of computing devices [**as rejected under a secondary reference, discussion below] associated with the user account including the first computing device; [Smith: 0107, 0282-0283; If the public key were distributed with the message, the recipient may not be aware of an authorship change. Digital certificates (X.509), potentially managed by a Public Key Infrastructure (PKI), may provide evidence that a particular public key is a particular author's key and therefore that a particular digital signature was created by a particular author]
storing the public key the contact information in response to verifying the public key using the digital signature; [Smith: 0387; User-SCM-Key key may uniquely identify a particular pairing between a user account and an SCM (a user account/SCM pair). The User-SCM-Key key is an asymmetric private/public key pair generated and stored by the User Account Service in the cloud. See also 0234]
receiving, from **a second computing device that is not associated with the user account [**as rejected under a secondary reference, discussion below], a request for contact information of the user account; and [Smith: 0255; user account in request]
in response to the request for contact information, providing the public key to the second computing device, wherein the public key is usable to encrypt a message sent from the second computing device to the first computing device. [Smith: 0280; Message integrity and authenticity may be simultaneously verified, by including in (or with) the encrypted message, with symmetric cryptography, a message authentication code (MAC), or with asymmetric cryptography (e.g., public-key cryptography), a digital signature. See also 0289; explains encrypted message by one device using public from a cloud or SCM (server)]
The “account key… shared by a plurality of computing devices” can be given the broadest reasonable interpretation (BRI) as any key such as a common or public key or User-SCM-Key key that’s associated to a user account shared by multiple devices. Smith discloses “generating an account key associated with a user account…wherein the account key is shared by the plurality of computing devices”, where a User Account Service of the cloud may encrypt the ACP Outer Layer  with a key, such as the User-SCM-Key key and specific to the pair defined by the target SCM and the user account associated with the device. Authorizations may be issued for the target SCM to a user account, by which all of the devices associated with that user account are authorized [Smith: 0102]. More examples of account key such as a common key shared amongst all SCMs [Smith: 0105, 0387].  Further, Smith discloses “distribute the public key to a second computing device attempting to send an encrypted message to the first computing device” by the SCM-Key public key that are securely transmitted to and stored by system components that utilize the SCM-Key public key, such as the device or the cloud. The SCM-Key public key may be used by system components to decrypt and/or verify that a message originated from a particular SCM and may be used to encrypt and/or sign messages intended for a particular SCM [Smith: 0313]. Thus, the intended particular SCM suggests a different (second) device not associated with the user account as noted above, the account key can be shared amongst different devices. However, with Smith’s account key such as a common key shared amongst all SCMs and verify that a message originated from a particular SCM that is used to encrypt and/or sign messages intended for a particular SCM suggests common shared key for different devices. However, Smith did not clearly discuss the account key is shared by the plurality of computing devices “a digital signature generated from the public key using an account key shared by the plurality of computing devices” and “wherein the second computing device is not associated with the user account”. 
Kravitz discusses a group does not identify an individual, but defines function/role, such as host entity of a customer relationship. An attribute certificate for the group indicates group characterization (e.g., department(s) and/or role(s)), and references a public key certificate that includes a signature verification public key. The corresponding signature generation private key is held by the group administrator. This key is used to assign the group public key that is used for encryption or key establishment. Kravitz further discloses to securely provide the group private key to other current members of the group may use can be made of encryption public keys or key establishment public keys of prospective group members and an ephemeral key establishment public keys that have been digitally signed using digital signature generation private keys of prospective group members that correspond to certificate-bearing or otherwise authenticated signature verification public keys [Kravitz: para 0182]. Kravitz provide the group private key to other current members of the group may use can be made of encryption public keys and using digital signature generation private keys of prospective group members to digitally sign public keys obviously suggests “to sign public keys associated with respective ones of the plurality of computing devices” and “wherein the second computing device is not associated with the user account” as the keys although is the same but belongs to prospective group members (in terms of second device not associated with the user account), where motivation is to provide mutual authentication to each other (devices) at a higher standard of care than is typically done so as to accomplish higher security for important communication lines and/or for specific digital assets [Kravitz: para 0026].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Art2 with Ref1 to teach “to sign public keys associated with respective ones of the plurality of computing devices” and “wherein the second computing device is not associated with the user account” for the reason to provide mutual authentication to each other (devices) at a higher standard of care so as to accomplish higher security for important communication lines and/or for specific digital assets.
Claim 12:  Smith: 0387 [teaches the limitations of claim 11 as state and in further view of Kravitz: 0182, teaching “public keys of other computing devices” under the same motivation as stated in claim 11]; discussing the computer readable medium of claim 11, wherein the maintaining the contact information includes storing public keys of other computing devices of the plurality of computing devices, and wherein the operations further comprise: in response the request for contact information, providing the public keys of the other computing devices, wherein the public keys are usable to encrypt the message sent to the other computing devices. [Smith: 0237; the system may utilize a key-based identification system (i.e., cryptographic identity) based on an identity of the device. The key-based identification (i.e., cryptographic identity) may provide a degree of anonymity to the users and facilitate tracking changes or transactions. Similar to and based at least in part on cryptocurrency systems in which users are identified and authenticated using anonymous public keys, as part of asymmetric encryption/cryptographic identities, and a blockchain ledger that tracks transactions, the system may utilize a device identity as a key in the authorization issuance sequence. See also 0211, 0239, 0250]
Claim 13:  Smith: 0255, 0283; discussing the computer readable medium of claim 11, wherein the operations further comprise: in response to the request for the contact information, providing the digital signature with the public key to enable the second computing device to verify the public key.
Claim 14:  Smith: 0263-0264; discussing the computer readable medium of claim 11, wherein the operations further comprise: receiving a registration request to register a third computing device with the user account; determining that a particular public key included in the registration request is not received with an associated digital signature generated using the account key: and in response to the determining: declining to register the third computing device with the user account; and notifying the first computing device of the declining to register the third computing device.
Claim 15:  Smith: 0166; discussing the computer readable medium of claim 11, wherein the operations further comprise: sending, to a second server system maintaining a notification log, a notification identifying that the first computing device has been associated with the user account.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LEYNNA TRUVAN whose telephone number is (571)272-3851. The examiner can normally be reached Monday-Friday 8:00AM-5:00PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

LEYNNA TRUVAN
Examiner
Art Unit 2435



/L.TT/Examiner, Art Unit 2435 

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435