Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present Office Action is responsive to communication received on 3/15/2021. Claims 1-12 are pending.

Priority
The present application is a continuation of application 15661092, now US patent 10951407, and claims domestic priority from provisional received on 7/27/2016.

Objection to claim
Claims 11 and 12 are being objected to because the listing of claims is missing claim 10; consequently, claims 11 and 12 are renumbered respectively claim 10 and claim 11.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-10 of the instant application are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-5, 11-15 of U.S. Patent No. 10951407, hereinafter ‘407. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-11 are anticipated by the claims in the patent as follows:
Regarding claim 1 of the instant application, claim 1 of ‘407 discloses:
A method of sharing cryptographic material among a set of computing entities, wherein given computing entities do not share a direct trust relationship or network connectivity with one another, comprising (“A method of sharing cryptographic material among a set of computing entities, wherein given computing entities do not share a direct trust relationship or network connectivity with one another, comprising:”): at a conduit entity with which each of the set of computing entities shares a trusted communication path (“at a conduit entity with which each of the set of computing entities shares a trusted communication path:”) : storing an indication that identifies a given one of the computing entities as a leader entity, wherein the cryptographic material to be shared is generated by the leader entity (“storing an indication that identifies a given one of the computing entities as a leader entity, wherein the cryptographic material to be shared is generated by the leader entity”); storing a value representing a synchronization state, the value having been generated by the leader entity applying a given function to the cryptographic material (“storing a value representing a synchronization state, the value having been generated by the leader entity applying a given function to the cryptographic material”); receiving a message from a computing entity that is not the leader entity and, in response, determining whether there is loss or corruption of the cryptographic material at the computing entity (“receiving a message from a computing entity that is not the leader entity and, in response, determining whether the computing entity has the cryptographic material” i.e determining whether the cryptographic material is present or absent, an absence interpreted as a loss of the cryptographic material)); and when it is determined that there is loss or corruption of the cryptographic material at the computing entity, initiating a synchronization protocol among the computing entity, the conduit entity and the leader entity to auto-recover the cryptographic material from the leader entity to the computing entity via the conduit entity, the conduit entity being restricted from viewing the cryptographic material as the cryptographic material passes through to the computing entity (“when it is determined that the computing entity does not have the cryptographic material (i.e the cryptographic material is absent or lost), initiating a synchronization protocol among the computing entity, the conduit entity and the leader entity to provide the cryptographic material from the leader entity to the computing entity via the conduit entity, the conduit entity being restricted from viewing the cryptographic material as the cryptographic material passes through to the computing entity”).  
Regarding claim 2, claim 2 of ‘407 discloses:
The method as described in claim 1 wherein determining whether there is loss or corruption of the cryptographic material at the computing entity compares information in the message to the value (“The method as described in claim 1 wherein determining whether the computing entity has the cryptographic material compares information in the message to the value.” i.e determining whether the cryptographic material is present or absent, an absence interpreted as a loss of the cryptographic material).
Regarding claim 3, claim 3 of ‘407 discloses:
The method as described in claim 1 wherein the synchronization protocol comprises: receiving at the conduit entity a public key associated with the computing entity; forwarding the public key associated with the computing entity to the leader entity; receiving from the leader entity a result of the leader entity encrypting the cryptographic material with the public key associated with the computing entity; and returning the result to the computing entity (“The method as described in claim 1 wherein the synchronization protocol comprises: receiving at the conduit entity a public key associated with the computing entity; forwarding the public key associated with the computing entity to the leader entity; receiving from the leader entity a result of the leader entity encrypting the cryptographic material with the public key associated with the computing entity; and returning the result to the computing entity”).  
Regarding claim 4, claim 4 of ‘407 discloses:
The method as described in claim 3 further including receiving a confirmation message from a target entity, the confirmation message having been generated at the target entity upon (i) the target entity's receipt of the result, and (ii) decrypting of the result using a private key to recover the cryptographic material, wherein the private key and the public key comprise an asymmetric key pair (“The method as described in claim 3 further including receiving a confirmation message from a target entity, the confirmation message having been generated at the target entity upon (i) the target entity's receipt of the result, and (ii) decrypting of the result using a private key to recover the cryptographic material, wherein the private key and the public key comprise an asymmetric key pair.”).  
Regarding claim 5, claim 5 of ‘407 discloses:
The method as described in claim 1 wherein the value is a cryptographic hash of the cryptographic material (“The method as described in claim 1 wherein the value is a cryptographic hash of the cryptographic material”).
Regarding claim 6, claim 11 of ‘407 discloses:
A computer program product comprising a non-transitory computer readable medium holding computer program instructions, the computer program instructions executed by a hardware processor on a conduit entity, the computer program instructions configured to facilitate sharing of cryptographic material among a set of computing entities by (“A computer program product comprising a non-transitory computer readable medium holding computer program instructions, the computer program instructions executed by a hardware processor on a conduit entity, the computer program instructions configured to facilitate sharing of cryptographic material among a set of computing entities by:”): storing an indication that identifies a given one of the computing entities as a leader entity, wherein the cryptographic material to be shared is generated by the leader entity (“storing an indication that identifies a given one of the computing entities as a leader entity, wherein the cryptographic material to be shared is generated by the leader entity”); storing a value representing a synchronization state, the value having been generated by the leader entity applying a given function to the cryptographic material (“storing a value representing a synchronization state, the value having been generated by the leader entity applying a given function to the cryptographic material”); receiving a message from a computing entity that is not the leader entity and in response, determining whether there is loss or corruption of the cryptographic material at the computing entity (“receiving a message from a computing entity that is not the leader entity and, in response, determining whether the computing entity has the cryptographic material” i.e determining whether the cryptographic material is present or absent, an absence interpreted as a loss of the cryptographic material)); and when it is determined that that there is loss or corruption of the cryptographic material at the computing entity, initiating a synchronization protocol among the computing entity, the conduit entity and the leader entity to auto-recover the cryptographic material from the leader entity to the computing entity via the conduit entity, the conduit entity being restricted from viewing the cryptographic material as the cryptographic material passes through to the computing entity (“and when it is determined that the computing entity does not have the cryptographic material (i.e the cryptographic material is absent or lost), initiating a synchronization protocol among the computing entity, the conduit entity and the leader entity to provide the cryptographic material from the leader entity to the computing entity via the conduit entity, the conduit entity being restricted from viewing the cryptographic material as the cryptographic material passes through to the computing entity;”); wherein each of a set of computing entities shares a trusted communication path with the conduct entity that executes the synchronization protocol (“wherein each of a set of computing entities shares a trusted communication path with the conduct entity that executes the synchronization protocol”).  
Regarding claim 7, claim 12 of ‘407 discloses:
The computer program product as described in claim 6 wherein determining whether there is loss or corruption of the cryptographic material at the computing entity compares information in the message to the value (“The computer program product as described in claim 11 wherein determining whether the computing entity has the cryptographic material compares information in the message to the value.”).  
Regarding claim 8, claim 13 of ‘407 discloses:
The computer program product as described in claim 6 wherein the synchronization protocol comprises: receiving at the conduit entity a public key associated with the computing entity; forwarding the public key associated with the computing entity to the leader entity; receiving from the leader entity a result of the leader entity encrypting the cryptographic material with the public key associated with the computing entity; and returning the result to the computing entity (“The computer program product as described in claim 11 wherein the synchronization protocol comprises: receiving at the conduit entity a public key associated with the computing entity; forwarding the public key associated with the computing entity to the leader entity; receiving from the leader entity a result of the leader entity encrypting the cryptographic material with the public key associated with the computing entity; and returning the result to the computing entity.”)  
Regarding claim 9, claim 14 of ‘407 discloses:
The computer program product as described in claim 10 further including receiving a confirmation message from a target entity, the confirmation message having been generated at the target entity upon (i) the target entity's receipt of the result, and (ii) decrypting of the result using a private key to recover the cryptographic material, wherein the private key and the public key comprise an asymmetric key pair (“The computer program product as described in claim 13 further including receiving a confirmation message from a target entity, the confirmation message having been generated at the target entity upon (i) the target entity's receipt of the result, and (ii) decrypting of the result using a private key to recover the cryptographic material, wherein the private key and the public key comprise an asymmetric key pair.”).  
Regarding claim [[11]]10, claim 15 of ‘407 discloses:
The computer program product as described in claim 11 wherein the value is a cryptographic hash of the cryptographic material (“The computer program product as described in claim 11 wherein the value is a cryptographic hash of the cryptographic material”).

Claim 11, is rejected under 35 USC 103 as being unpatentable over claim 6 of ‘407  and in further view of US 20120271795 to Rao et al., hereinafter Rao.
Regarding claim [[12]]11, claim 6 of ‘407 discloses:
A method of sharing cryptographic material among a set of computing entities, wherein given computing entities do not share a direct trust relationship or network connectivity with one another, comprising (“ A method of sharing cryptographic material among a set of computing entities, wherein given computing entities do not share a direct trust relationship or network connectivity with one another, comprising:”): at a conduit entity with which each of the set of computing entities shares a trusted communication path: (“at a conduit entity with which each of the set of computing entities shares a trusted communication path:”) storing an indication that identifies a given one of the computing entities as a leader entity, wherein the cryptographic material to be shared is generated by the leader entity (“storing an indication that identifies a given one of the computing entities as a leader entity, wherein the cryptographic material to be shared is generated by the leader entity;”); storing a value representing a synchronization state, the value having been generated by the leader entity applying a given function to the cryptographic material (“storing a value representing a synchronization state, the value having been generated by the leader entity applying a given function to the cryptographic material;”); receiving, periodically, a message from the leader entity (cl6 of ‘407: “The method as described in claim 1 further including periodically checking for liveness of the leader entity.”).
claim 6 of ‘407 does not explicitly teach: receiving, periodically, a message from the leader entity and in response to receipt of each such message, determining whether there is loss or corruption of the cryptographic material at the leader entity; and when it is determined that there is loss or corruption of the cryptographic material at the leader entity, initiating a synchronization protocol that elects a new leader entity.  
In an analogous art, Rao discloses checking heartbeat from nodes, electing a new leader when a leader fails ([0021]). A failed node may lose all its data ([0038]), Therefore it would have been obvious to a skilled artisan before the instant claims were effectively filed to modify claim 6 of ‘407 and teach: receiving, periodically, a message from the leader entity  and in response to receipt of each such message, determining whether there is loss or corruption of the cryptographic material at the leader entity; and when it is determined that there is loss or corruption of the cryptographic material at the leader entity, initiating a synchronization protocol that elects a new leader entity as taught by Rao  because it would provide fault tolerance (Rao, [0002]) and  would prevent interruptions in the operations involving the cryptographic material, ensuring a continuity in the operations in case of a leader node failure.

 Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claim [[12]]11 is rejected under 35 USC 103 as being unpatentable over US 8458462 to Hanna, hereinafter Hanna, in view of US 20120254342 to Evans, hereinafter Evans and in further view of US 20120271795 to Rao et al., hereinafter Rao.

Regarding claim [[12]]11, Hanna discloses 
A method of sharing cryptographic material among a set of computing entities, wherein given computing entities do not share a direct trust relationship or network connectivity with one another, comprising (Fig. 5B: the control server is the leader, the multicast server is the conduit entity): at a conduit entity with which each of the set of computing entities shares a trusted communication path: wherein the cryptographic material to be shared is generated by the leader entity (Fig. 4, key generator in control server, generates group key distributed to endpoint devices (col. 6, lines  26-35, col. 16, lines 1-5)); storing a value representing a synchronization state, the value having been generated by the leader entity applying a given function to the cryptographic material (col. 8 line 64 to col. 9, lines 17: control server encrypts the group key, and sends to node desiring to join the group thru the multicast server, which stores the groups keys in cryptography module (Fig. 3, col. 13. lines 38-44). The group key represents a synchronization state between the control server (leader) and the node); 
Hanna does not explicitly teach: storing an indication that identifies a given one of the computing entities as a leader entity.  In an analogous art, Evans discloses a plurality of nodes identifying a leader node by a response to a query including an indication of whether the node is a leader node and if so, its current leadership round number ([0026][0029][0054][0141]). Therefore, it would have been obvious to a skilled artisan at the time of the filing to store an indication that identifies a given node as a leader node as taught by Evans, because it would allow to quickly identify the existence of a leader node.
Evans discloses electing a node to leadership ([0062]) but Hanna combined to Evans does not explicitly teach receiving, periodically, a message from the leader entity and in response to receipt of each such message, determining whether there is loss or corruption of the cryptographic material at the leader entity; and when it is determined that there is loss or corruption of the cryptographic material at the leader entity, initiating a synchronization protocol that elects a new leader entity.  
In an analogous art, Rao discloses checking heartbeat from nodes, electing a new leader when a leader fails ([0021]). A failed node may lose all its data ([0038]), Therefore it would have been obvious to a skilled artisan before the instant claims were effectively filed to periodically detect heartbeat from nodes including the leader, determine data loss and elect a new leader as taught by Rao  because it would provide fault tolerance (Rao, [0002]) and  would prevent interruptions in the operations involving the cryptographic material, ensuring a continuity in the operations in case of a leader node failure.

Allowable Subject Matter
Claims 1-10 recite allowable subject matter.
Regarding claims 1, 6, Hanna, discloses:
A method of sharing cryptographic material among a set of computing entities, wherein given computing entities do not share a direct trust relationship or network connectivity with one another, comprising: at a conduit entity with which each of the set of computing entities shares a trusted communication path (Fig. 5B: the control server is the leader, the multicast server is the conduit entity):, wherein the cryptographic material to be shared is generated by the leader entity (Fig. 4, key generator in control server, generates group key distributed to endpoint devices (col. 6, lines  26-35, col. 16, lines 1-5)); storing a value representing a synchronization state, the value having been generated by the leader entity applying a given function to the cryptographic material (col. 8 line 64 to col. 9, lines 17: control server encrypts the group key, and sends to node desiring to join the group thru the multicast server, which stores the groups keys in cryptography module (Fig. 3, col. 13. lines 38-44). The group key represents a synchronization state between the control server (leader) and the node); 
Hanna does not explicitly teach: storing an indication that identifies a given one of the computing entities as a leader entity.  In an analogous art, Evans discloses a plurality of nodes identifying a leader node by a response to a query including an indication of whether the node is a leader node and if so, its current leadership round number ([0026][0029][0141]). Therefore, it would have been obvious to a skilled artisan at the time of the filing to store an indication that identifies a given node as a leader node as taught by Evans, because it would allow to quickly identify the existence of a leader node.
Hanna  teaches the conduit (multicast server) is a transparent proxy (col.17, lines 65-67), however, Hanna combined with Evans does not explicitly teach the conduit entity being restricted from viewing the cryptographic material as the cryptographic material passes through to the computing entity.  In an analogous art, Rubin (US 10778429) discloses a hub in communication with a plurality of HSM nodes (Fig. 1). The hub manages information stored on the set of HSMs by propagating and synchronizing cryptographic information across the HSMs, for instance receive from one of the HSM encrypted key to distribute to the other HSMs, without being able to access the encrypted key (col.3, lines 22-44); therefore, Rubin discloses the limitation. .It would have been obvious to a skilled artisan before the instant application was effectively filed to implement the conduit entity as taught by Rubin because it would promote privacy for the cryptographic material and allow the cryptographic material to be synchronized in an speedy way without the need to be decrypted/re-encrypted at the conduit.
Hanna in view or Evans or Rao or any other prior art of the record does not explicitly teach:
receiving a message from a computing entity that is not the leader entity and, in response, determining whether there is loss or corruption of the cryptographic material at the computing entity; and when it is determined that there is loss or corruption of the cryptographic material at the computing entity, initiating a synchronization protocol among the computing entity, the conduit entity and the leader entity to auto-recover the cryptographic material from the leader entity to the computing entity via the conduit entity.
Therefore, claims 1 and 6 are found allowable.
Claims 2-5, 7-10 depending respectively from claims 1 and 6 are also allowable.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:.
McGrew et al 20100223458, Huang et al. 7421578  discloses a GDOI (group domain of Interpretation)  used to synchronize a key within a group of nodes.
Hanson 20090259612 discloses a conduit server forwarding files without transformation;
Schreter 20170366619 discloses checking liveness of nodes, using a RAFT protocol to elect a leader node;
Riscombe-Burton et al 20160315923 discloses devices not in a direct trust relationship providing their respective public keys to a proxy server over a secure channel;
Basta et al 20170295226 discloses nodes in a leader or follower status, and establishing a leader node.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Friday 7am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL G COLIN can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        12/14/2022