DETAILED ACTION
I.  ACKNOWLEDGEMENTS
This Office Action addresses U.S. Application No. 17/005154 (“154 Application” or “instant application”).  Based upon a review of the instant application, the actual filing date of the instant application is August 27, 2020. Because the instant application was on or after September 16, 2012, the statutory provisions of the America Invents Act (“AIA ”) will govern this proceeding.  
     	The instant application is a continuing reissue application of US Patent 10,110,575 (“575 Patent”). The ‘575 Patent was filed as application 14/609361 on January 29, 2015 and is entitled “SYSTEM AND METHOD FOR SECURE DATA EXCHANGE.”
Based upon Applicant’s statements as set forth in the instant application and after the
Examiner’s independent review of the ‘575 Patent itself and its prosecution history, the Examiner finds that he cannot locate any ongoing proceeding before the Office or current ongoing litigation involving the ‘575 Patent.  Also based upon the Examiner’s independent review of the ‘575 Patent itself and the prosecution history, the Examiner cannot locate any previous reexaminations, supplemental examinations. 
	This action is being issued following Applicant’s response 11/17/2022 included 1) claim amendments and 2) arguments.  

II. STATUS OF CLAIMS
The ‘575 Patent issued with claims 1-20 (“Patented Claims”).  The Amendment of 8/27/2020, amends claims 1-13, 15, 18, and 19.  The amendment of 3/29/2022 amends claims 1, 12, and 18.  The amendment of 7/21/2022 amends claims 1-5, 7-12, and 18.  The amendment of 11/17/2022 amends claims 1, 12, and 18.  As of the date of this Office Action, the status of the claims is:
a. Claims 1-20 (“Pending Claims”).
b. Claims 1-20 are examined (“Examined Claims”)

III. AMENDMENT OF 11/17/2022
The amendment to the claims filed on 11/17/2022 has been considered and entered.  

IV. CONTINUING DATA AND PRIORITY
The ‘575 patent has no continuing data.  As such, the effective filing date of the claims is January 29, 2015.  Because the effective filing date of the instant application is after March 16, 2013, the AIA  First Inventor to File (‘AIA -FITF”) provisions apply to this application.  
In accordance with MPEP §609.02 A. 2 and MPEP §2001.06(b) (last paragraph), the Examiner has reviewed and considered the prior art cited in the prior applications.  Also, in accordance with MPEP §2001.06(b) (last paragraph), all documents cited or considered ‘of record in the prior applications are now considered cited or ‘of record’ in this application.  Additionally, Applicant(s) are reminded that a listing of the information cited or ‘of record’ in the prior applications need not be resubmitted in this application unless Applicant(s) desire the information to be printed on a patent issuing from this application.  See MPEP §609.02 A. 2.  Finally, Applicant(s) are reminded that the prosecution histories of the prior applications are relevant in this application.

V. REISSUE DECLARATION
The reissue declaration filed 8/27/2020 is approved.  


VI. ART REJECTIONS 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Nakashima USPGPUB 20120179504 in view of Blackberry Limited Canadian Patent 2826126 and Kreft WO 2012/123394.

 	 Regarding claim 1, Nakashima discloses a workflow system that is computerized and therefore runs under the control of a program stored in memory that is executed by processors.  The software, when executed causes the system to operate as follows:  In the system of Nakashima, there is a group 100 is formed that includes a plurality of nodes (see figure 1) – each of Staff A, B, C, D, E and department Y are nodes.  When a group is to be formed, a process support tool of one of the users becomes the parent (paragraph [0046]).  A member file 51 and link file 52 are generated in the process support tool of the parent that include the public key and role of each node in the group (see paragraphs [0047]-[0049]) and figure 5-6), and stored at each node in process support tool 10 (see figure 3) in database 50 (see paragraph [0042]).  The member and link file are used to create an affiliation permission information file, as shown in figure 7, which is signed with the digital signature of the parent node (paragraph [0058]).  The affiliation permission file is stored in the process support tool of each node, and includes the public key and role assignment of each node.  The other nodes that are not the parent node receive the affiliation permission information from the parent process support tool.  The process support tool functions as a server in this system.  As such, the node receives the public key and role of the other nodes, or discovery data from a server.  Hence Nakashima teaches the receiving step.   
More specifically, in Nakashima in figures 5-7, 10 and par. [0011], [0032]-[0036], [0055]-[0058] and [0083]-[0100], the workflow system creates and sends a manifest (member file or link file) as a plaintext file (see figures 5 and 6) to a work group of m nodes comprising role assignments and digital certificates, i.e. public keys, for each person where the manifest is signed by a parent as a third party.  This means that a first and second node each receive the discovery data.  Note that Nakashima discloses the workflow system providing discovery data for a general server-type workflow system, when a process (workflow) is to be formed between users who are not accommodated in the same system (par. [0007]).  Note that the workflow assignment data is originated from the parent initially.  Thus, the assignment workflow as shown in Fig. 7 comprises public keys for each node (user).  Also note that the message is sent with a digital signature meaning the message is sent encrypted.  Furthermore, in paragraph [0058], Nakashima teaches that the discovery data is verified using a digital signature and a public key of the parent node.  The public key is sent from the parent, but is ultimately provided by an external key manager, i.e. promoter web server 1.  
 	 Nakashima discloses the use of encryption for data in transmitted and received messages communicated with other computers, i.e. nodes, along with the aforementioned digital signature (par. [0041]).  Hence, Nakashima teaches sending a first message, i.e. the emails discussed in paragraph [0041].  However, Nakashima is silent on how the public keys from each user are used.  Blackberry teaches in paragraphs [0082]-[0083] a method for secure communications, where a user wishing to send an encrypted message uses a one time, i.e. unidirectional, session key to encrypt the body of the message, and then encrypts the session key with the public key of the recipient.  The recipient then uses its own private key to decrypt the session key, and uses the session key to decrypt the message.  Therefore, it would have been obvious to modify Nakashima to use the encryption technique taught by Blackberry, as it is merely the use of a known encryption technique for the purposes of Nakashima.  As such, the combination teaches the generating a first message step.  
	The first message is transmitted to a second user.  The Examiner notes that in the system and method of Nakashima, the users repeatedly communicate with each other.  As such, if a second user, after receipt of a message from the first user, wishes to send a response or a message at a later time to the first user, then a second, different, one-time session key would be generated, and encrypted using the method of Blackberry.  Hence the combination teaches that the second node generates and transmits a second message, that is encrypted, as taught by Blackberry.  
The combination of Nakashima and Blackberry does not store the session
key for subsequent use.  However, at page 53, lines 15+, Kreft teaches using a different session key for messages in each direction between two parties, i.e. one session key for messages from A to B and one session key for messages from B to A.  This requires saving the session key for future messages.  Both ends, i.e. both nodes, would store the respective session keys.  As such, it would have been obvious to modify the combination to use one session key for all messages in each direction, as it is merely the substitution of one known encryption technique for another.  Further, the method of Kreft simplifies the process by reducing the number of session keys required.  
	Regarding claim 2, Nakashima discloses the workflow system for assigning each person with a role in a group to perform a plurality of tasks which would require access to one or more resources as shown on Fig 8A.
 	Regarding claim 3, the combination of Nakashima teaches that the discovery data is a discovery manifest is signed by a trusted entity (see claim 1 rejection for the parent who signs the manifest). 
 	Regarding claim 4, in Nakashima, message is signed by a trusted entity (Nakashima, par. [0041] discloses a digital signature can be included in message transmission which could be from the sender). 
	Claims 5 and 7 is rejected for the reasons given above in the rejection to claim 1 with respect to the Blackberry reference.                                                   
 	As to claim 6, some of the nodes, i.e. users, are located on the same internal network, for example Staff A, B and C.   
As to claim 8, each message is received by using the session key to decrypt.   
	As to claim 9, the data is sent to the process support tool.  Hence, it is a “push” service. 
	Claim 10 is rejected in that each of the session keys are different keys.   
	As to claim 11, the message sent can be the first message between the parties.  
	Claims 12-17 are rejected for the reasons given above.  
Claims 18-20 are rejected for the reasons given above.  




VIII. RESPONSE TO ARGUMENTS
Applicant has that Nakashima does not have a discovery server.  The Examiner disagrees.  When a group is formed, one of the nodes becomes the parent node and assumes a role of a server, i.e. sends and receives data such as the manifest.  
Applicant has also argued that Nakashima does not have the verification of discovery data from the server as is now claimed.  The Examiner notes that paragraph [0058] shows such a verification process.  
Applicant has argued that the individual devices form their own groups based on input of devices into a process support tool.  The Examiner notes that once the group is formed, the manifest is sent and the group functions as recited in the claims.  


XI. CONCLUSION
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT L NASSER whose telephone number is (571)272-4731. The examiner can normally be reached M-F 8-6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Kosowski can be reached on (571) 272-3744. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ROBERT L NASSER/Primary Examiner, Art Unit 3992                                                                                                                                                                                                        


Conferees:

/ADAM L BASEHOAR/Primary Examiner, Art Unit 3992                                                                                                                                                                                                        
/ALEXANDER J KOSOWSKI/Supervisory Patent Examiner, Art Unit 3992