DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/18/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claim 9 is objected to because of the following informalities: The claim recite the acronyms “RSA/ECC” and “DHE/ECDHE” without spelling out the acronym at its first occurrence. The Examiner suggest the acronym to be spelled out. Appropriate correction is requested.
Claim 19 is objected to because of the following informalities:  The examiner suggest amending the claim to recite “An apparatus” instead “Apparatus” to provide better clarity and quality.  Appropriate correction is requested.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 3-5, 8-9, 19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Devarajan et al. (US Pub No. 2021/0344511) in view of Puranik (US Pub No. 2006/0105740).
Regarding independent claim 1, Devarajan teaches a method for secure data-in-transit cloud communications, comprising: providing a communication security protocol on two or more cloud entities (Devarajan, Figure 6, page 2, paragraphs 0020-0021 and page 6, paragraphs 0048-0051; server and client establish secure channel in cloud based system); using the communication security protocol to establish secure communications between the two or more cloud entities (Devarajan, Figure 6, page 2, paragraphs 0020-0021 and page 6, paragraphs 0048-0051; server and client establish secure channel in cloud based system); wherein the communication security protocol implements security elements using symmetric block encryption, cryptographic hash, public key cryptography in the communications between the two or more cloud entities to provide a secure communication channel (Devarajan, Figure 6, page 2, paragraphs 0020-0021 and page 6, paragraphs 0048-0051; server and client establish secure channel in cloud based system); wherein security for both the data and the cryptographic keys is provided (Devarajan, page 2, paragraphs 0020-0021 and page 6, paragraphs 0048-0051).
Devarajan does not explicitly teaches PFS with ephemeral  key exchange (Devarajan, page 6, paragraph 0057) but does not explicitly teach wherein the communication security protocol implements security elements using symmetric block encryption, cryptographic hash, public key cryptography, and ephemeral key-exchange in the communications between the two or more cloud entities to provide a secure communication channel. 
Puranik teaches wherein the communication security protocol implements security elements using symmetric block encryption, cryptographic hash, public key cryptography, and ephemeral key-exchange in the communications between the two or more cloud entities to provide a secure communication channel (Puranik, Figure 6, pages 8-9, paragraphs 0084-0091).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Devarajan with the teachings of Puranik to include ephemeral key exchange with the with the SSL handshake to provide the advantages of improving security mechanism in wireless networks (Puranik, page 1, paragraphs 0005-0006).
	Regarding claim 3, Devarajan in view of Puranik teaches the method comprising providing perfect forward secrecy (PFS) wherein each communication session is encrypted with a new secret key (Devarajan, page 6, paragraphs 0056-0057).
Regarding claim 4, Devarajan in view of Puranik teaches the method wherein the method is applicable to both Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) communications (Devarajan, page 2, paragraph 0020 and page 9, paragraph 0087).
Regarding claim 5, Devarajan in view of Puranik teaches the method wherein the method is implemented in a software application layer and is integrated with application protocols and server systems (Devarajan, page 1, paragraph 0004, page 2, paragraphs 0020-0021 and page 6, paragraphs 0048-0051).
Regarding claim 8, Devarajan in view of Puranik teaches the method wherein the two or more cloud entities include a cloud user (CU) and a cloud server instance (CI) (Devarajan, page 2, paragraph 0021 and page 6, paragraphs 0048-0051).
Regarding claim 9, Devarajan in view of Puranik teaches the method teaches each and every claim limitation of claim 1, however, Puranik teaches the method wherein establishing cloud communications comprises each cloud entity generating a pair of temporary public-private keypairs; wherein one keypair (RSA/ECC) is used to maintain authenticity and integrity of a payloads, and the other keypair (DHE/ECDHE) is used for ephemeral key-exchange (Puranik, Figure 6, page 8, paragraphs 0084 & 0087).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Devarajan with the teachings of Puranik to include ephemeral key exchange with the with the SSL handshake to provide the advantages of improving security mechanism in wireless networks (Puranik, page 1, paragraphs 0005-0006).
Regarding independent claim 19, Devarajan teaches apparatus including a secure cloud communication architecture for secure data-in-transit cloud communications, comprising: two or more devices connected together over a communications network as two or more cloud entities (Devarajan, Figure 6, page 2, paragraphs 0020-0021 and page 6, paragraphs 0048-0051; server and client establish secure channel in cloud based system); a communication security protocol stored as instructions on non-transitory computer-readable storage media and executed on processors of the two or more cloud entities (Devarajan, Figure 6, page 2, paragraphs 0020-0021 and page 6, paragraphs 0048-0051; server and client establish secure channel in cloud based system); wherein the communication security protocol establishes secure communications between the two or more cloud entities (Devarajan, Figure 6, page 2, paragraphs 0020-0021 and page 6, paragraphs 0048-0051; server and client establish secure channel in cloud based system); wherein the communication security protocol implements security elements using symmetric block encryption, cryptographic hash, public key cryptography in the communications between the two or more cloud entities to provide a secure communication channel (Devarajan, Figure 6, page 2, paragraphs 0020-0021 and page 6, paragraphs 0048-0051; server and client establish secure channel in cloud based system); wherein security for both the data and the cryptographic keys is provided (Devarajan, page 2, paragraphs 0020-0021 and page 6, paragraphs 0048-0051).
Devarajan does not explicitly teaches PFS with ephemeral  key exchange (Devarajan, page 6, paragraph 0057) but does not explicitly teach wherein the communication security protocol implements security elements using symmetric block encryption, cryptographic hash, public key cryptography, and ephemeral key-exchange in the communications between the two or more cloud entities to provide a secure communication channel. 
Puranik teaches wherein the communication security protocol implements security elements using symmetric block encryption, cryptographic hash, public key cryptography, and ephemeral key-exchange in the communications between the two or more cloud entities to provide a secure communication channel (Puranik, Figure 6, pages 8-9, paragraphs 0084-0091).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Devarajan with the teachings of Puranik to include ephemeral key exchange with the with the SSL handshake to provide the advantages of improving security mechanism in wireless networks (Puranik, page 1, paragraphs 0005-0006).
Regarding independent claim 21, Devarajan teaches a non-transitory computer-readable medium having stored thereon instructions that, when executed by processors of two or more cloud entities of a cloud computer network, establish secure data-in-transit cloud communications between the cloud entities (Devarajan, Figure 6, page 2, paragraphs 0020-0021 and page 6, paragraphs 0048-0051; server and client establish secure channel in cloud based system); wherein establishing the secure cloud communications comprises the cloud entities executing processing steps that provide a communication security protocol (Devarajan, Figure 6, page 2, paragraphs 0020-0021 and page 6, paragraphs 0048-0051; server and client establish secure channel in cloud based system); wherein the communication security protocol implements security elements using symmetric block encryption, cryptographic hash, public key cryptography in the communications between the two or more cloud entities to provide a secure communication channel (Devarajan, Figure 6, page 2, paragraphs 0020-0021 and page 6, paragraphs 0048-0051; server and client establish secure channel in cloud based system); wherein security for both the data and the cryptographic keys is provided (Devarajan, page 2, paragraphs 0020-0021 and page 6, paragraphs 0048-0051).
Devarajan does not explicitly teaches PFS with ephemeral  key exchange (Devarajan, page 6, paragraph 0057) but does not explicitly teach wherein the communication security protocol implements security elements using symmetric block encryption, cryptographic hash, public key cryptography, and ephemeral key-exchange in the communications between the two or more cloud entities to provide a secure communication channel. 
Puranik teaches wherein the communication security protocol implements security elements using symmetric block encryption, cryptographic hash, public key cryptography, and ephemeral key-exchange in the communications between the two or more cloud entities to provide a secure communication channel (Puranik, Figure 6, pages 8-9, paragraphs 0084-0091).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Devarajan with the teachings of Puranik to include ephemeral key exchange with the with the SSL handshake to provide the advantages of improving security mechanism in wireless networks (Puranik, page 1, paragraphs 0005-0006).

Claim(s) 2, 20 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Devarajan et al. (US Pub No. 2021/0344511) in view of Puranik (US Pub No. 2006/0105740) as applied to claims 1, 3-5, 8-9, 19 and 21 above, and further in view of Phegade et al. (US Pub No. 2014/0281531).
Regarding claim 2, Devarajan in view of Puranik teaches each and every claim limitation of claim 1. 
Devarajan in view of Puranik does not explicitly teach the method wherein the communication security protocol includes a central key server (CKS) mechanism; wherein the two or more cloud entities are authenticated using the CKS mechanism; wherein the CKS mechanism stores, revokes, and distributes root public keys securely. 
Phegade teaches wherein the communication security protocol includes a central key server (CKS) mechanism; wherein the two or more cloud entities are authenticated using the CKS mechanism; wherein the CKS mechanism stores, revokes, and distributes root public keys securely (Phegade, page 1, paragraph 0013 and page 2, paragraphs 0017-0020; root key manager RKM server).
It would have been obvious to one having ordinary skill in the art before the effective filing of the claimed invention to modify Devarajan in view of Puranik with the teachings of Phegade to use a root key manager to provide the advantage of improving key management and protecting root keys (Phegade, page 1, paragraph 0003). 
Regarding claim 20, Devarajan in view of Puranik teaches each and every claim limitation of claim 19. 
Devarajan in view of Puranik does not explicitly teach the apparatus wherein the communication security protocol includes a central key server (CKS) mechanism; wherein the two or more cloud entities are authenticated using the CKS mechanism; wherein the CKS mechanism stores, revokes, and distributes root public keys securely. 
Phegade teaches wherein the communication security protocol includes a central key server (CKS) mechanism; wherein the two or more cloud entities are authenticated using the CKS mechanism; wherein the CKS mechanism stores, revokes, and distributes root public keys securely (Phegade, page 1, paragraph 0013 and page 2, paragraphs 0017-0020; root key manager RKM server).
It would have been obvious to one having ordinary skill in the art before the effective filing of the claimed invention to modify Devarajan in view of Puranik with the teachings of Phegade to use a root key manager to provide the advantage of improving key management and protecting root keys (Phegade, page 1, paragraph 0003). 
Regarding claim 22, Devarajan in view of Puranik teaches each and every claim limitation of claim 21. 
Devarajan in view of Puranik does not explicitly teach the non-transitory computer-readable medium wherein the communication security protocol includes a central key server (CKS) mechanism; wherein the two or more cloud entities are authenticated using the CKS mechanism; wherein the CKS mechanism stores, revokes, and distributes root public keys securely. 
Phegade teaches wherein the communication security protocol includes a central key server (CKS) mechanism; wherein the two or more cloud entities are authenticated using the CKS mechanism; wherein the CKS mechanism stores, revokes, and distributes root public keys securely (Phegade, page 1, paragraph 0013 and page 2, paragraphs 0017-0020; root key manager RKM server).
It would have been obvious to one having ordinary skill in the art before the effective filing of the claimed invention to modify Devarajan in view of Puranik with the teachings of Phegade to use a root key manager to provide the advantage of improving key management and protecting root keys (Phegade, page 1, paragraph 0003). 

Claim(s) 6-7 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Devarajan et al. (US Pub No. 2021/0344511) in view of Puranik (US Pub No. 2006/0105740) as applied to claims 1, 3-5, 8-9, 19 and 21 above, and further in view of Han et al. (US Pub No. 2013/0297757).
Regarding claim 6, Devarajan in view of Puranik teaches each and every claim limitation of claim 5. 
Devarajan in view of Puranik does not explicitly teach the method comprising using one or more message structures selected from publish (PUB), acknowledge (ACK), reconnect (RECON), request (REQ), response (RES), expired (EXP), and error (ERR). 
Han teaches using one or more message structures selected from publish (PUB), acknowledge (ACK), reconnect (RECON), request (REQ), response (RES), expired (EXP), and error (ERR) (Han, page 7, paragraphs 0095-0096, page 8, paragraphs 0106-0108 and page 9, paragraphs 0109, 0111-0012 & 0114; message type/format).
It would have been obvious to one having ordinary skill in the art before the effective filing of the claimed invention to modify Devarajan in view of Puranik with the teachings of Han for message formats and types to provide the advantage improving router management communications at different layers (Han, page 1, paragraphs 0004-0006). 
Regarding claim 7, Devarajan in view of Puranik and in further view of Han teaches the method wherein the message structures facilitate one or more of secure session establishment, reconnection, data transmission, and error handling between cloud entities (Han, page 7, paragraphs 0095-0096, page 8, paragraphs 0106-0108 and page 9, paragraphs 0109, 0111-0012 & 0114; message type/format).
It would have been obvious to one having ordinary skill in the art before the effective filing of the claimed invention to modify Devarajan in view of Puranik with the teachings of Han for message formats and types to provide the advantage improving router management communications at different layers (Han, page 1, paragraphs 0004-0006). 
Regarding claim 17, Devarajan in view of Puranik teaches each and every claim limitation of claim 1. 
Devarajan in view of Puranik does not explicitly teach the method wherein the communication is UDP; wherein messages are fragmented into messagegrams (MESGs) before preparing datagram packets; wherein each MESG has a transaction id, sequence number, message count, index value, and data payload, and based on these values, MESGs are merged back to form an original message at the receiving end. 
Han teaches the communication is UDP; wherein messages are fragmented into messagegrams (MESGs) before preparing datagram packets; wherein each MESG has a transaction id, sequence number, message count, index value, and data payload, and based on these values, MESGs are merged back to form an original message at the receiving end (Han, page 9, paragraphs 0108-0109).
It would have been obvious to one having ordinary skill in the art before the effective filing of the claimed invention to modify Devarajan in view of Puranik with the teachings of Han for message formats and types to provide the advantage improving router management communications at different layers (Han, page 1, paragraphs 0004-0006). 
Regarding claim 18, Devarajan in view of Puranik and in further view of Han teaches the method wherein delivery of MESGs is confirmed by sending an asynchronous packet-acknowledgment (PACK) message immediately after receiving a messagegram, and the receiver sends an asynchronous sequence-acknowledgment (SACK) message once all the MESGs in a sequence are received (Han, page 9, paragraphs 0109-0114).
It would have been obvious to one having ordinary skill in the art before the effective filing of the claimed invention to modify Devarajan in view of Puranik with the teachings of Han for message formats and types to provide the advantage improving router management communications at different layers (Han, page 1, paragraphs 0004-0006). 

Allowable Subject Matter
Claims 10-16 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Examiner’s Statement for indicating Allowable Subject Matter
The following is a statement of reasons for the indication of allowable subject matter: The prior art Khosravi et al. (US Pub No. 2015/0039890) discloses establishing a secure communication session with a server includes initiating a request for a secure communication session, such as a Secure Sockets Layer (SLL) communication session with a server using a nonce value generated in a security engine of a system-on-a-chip (SOC) of a client device. Additionally, a cryptographic key exchange is performed between the client and the server to generate a symmetric session key, which is stored in a secure storage of the security engine. The cryptographic key exchange may be, for example, a Rivest-Shamir-Adleman (RSA) key exchange or a Diffie-Hellman key exchange. Private keys and other data generated during the cryptographic key exchange may be generated and/or stored in the security engine.  In the illustrative embodiment, the key exchange may be embodied as an RSA key exchange or a Diffie-Hellman key exchange. In embodiments wherein a RSA key exchange is used, the server secure communication application 306 performs a server RSA key exchange in block 320. In such embodiments, the server 104 may generate a temporary RSA public/private key pair and send the RSA public key to the client device 102 in block 320. The security engine 110 generates a hash code of the session key, which may include additional padding depending on the type of hash function used. The hash code of the session key is sent to the server 104 for verification in a client-finished message in block 348. The hash code of the session key may be encrypted by the security engine 110 using the public server key as discussed above. (Khosravi, Abstract, page 4, paragraph 0024 and page 5, paragraph 0032), however, the prior art taken alone or in combination does not teach or suggest “when the CU communicates with the Cl for the first time, a temporary encrypted session is initialized between the CU and the Cl; a pair of messages (PUB-ACK) are transmitted between the CU and the Cl and the CU and Cl store each other's pair of public keys in the temporary session using a hashed session key; the CU and the Cl generate a common secret key to proceed with a data transmission phase; the hashed session key is updated after every successful transaction (encrypted request- response); wherein the CU receives the updated session key hidden inside the encrypted response; and when the session expires, the negotiated public keys and the generated common secret key are destroyed” (as recite in claim 10), in combination with the remaining claim limitations. 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357. The examiner can normally be reached M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/SHAQUEAL D WADE-WRIGHT/Primary Examiner, Art Unit 2437