Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The instant application having Application No. 18/607,626 is presented for examination by the examiner. Claims 1-4, 8, 9, 12, 13, 18, 19 and 20 are amended. Claims 1-20 have been examined.
Response to Arguments
Applicant' s arguments, see pages 8-10, filed 10/23/2025, with respect to the rejection(s) of claim(s) 1, 12 and 18 under 35 U.S.C. 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Basile, Agarwal and Nicholson.
The Examiner respectfully suggests that the claim be further amended; details in the specification be incorporated, to distinguish the claimed invention over prior art of record. Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 272-1531 to schedule an interview.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Basile (US 20200382297 A1), in view of Agarwal (US 20110225426 A1), and further in view of Nicholson (US 20140162619 A1).
Regarding Claim 1
Basile discloses:
A method, comprising: creating a first registration, for a first device associated with a mobile device number, comprising a first device public key (Basile ¶¶0016–0017 teach creating a first registration for a first device associated with a phone number by having the device register its public key 104 with IDS server 120, which stores the public key in association with a user account tied to the phone number for message routing.);
creating a second registration, for a second device associated with the same mobile device number, comprising a second device public key (Basile ¶0016 discloses multiple user devices “100A-N” registered to the same user account associated with a phone number, thereby teaching a second device tied to the same mobile device number, and ¶0017 teaches that when a given device is added, it registers its own public key 104 with IDS server 120, thus creating a second registration comprising a second device public key.);
transmitting, to the first device, a first notify message of the second registration and second device public key for the second devicе (Basile ¶0017, ¶0037–0038, claim 12: teaches transmitting to the first device information identifying the second device’s registration and its corresponding public key by having the IDS server provide devices associated with the same user account (e.g., same phone number) with the public keys of registered devices in response to a contact information request. This provision of the second device’s public key to the first device informs the first device of the second device’s registration.);
transmitting, to the second device, a second notify message of the first registration and first device public key for the first device (Basile ¶0017, ¶0037–0038, claim 12: teaches transmitting to the second device information identifying the first device’s registration and its corresponding public key by having the IDS server provide devices associated with the same user account with the public keys of registered devices in response to a contact information request. This provision of the first device’s public key to the second device informs the second device of the first device’s registration.);
Basile teaches a multi-device messaging system in which multiple devices are registered under the same user account and public keys for those devices are distributed and verified to prevent unauthorized device registration. However, Basile does not explicitly teach that, after transmitting a notification of a second device’s registration and public key to a first device, a secure communication invite comprising the second device public key is routed from the second device to the first device for purposes of determining whether the second device is being spoofed. Agarwal teaches that after a device registers within a trusted group, a notification message is sent to an already-registered device (¶0045). In response to receiving the notification, the devices exchange SIP signaling messages including an invite and a response (¶0046–[0047]). Agarwal further teaches that these messages include a self-signed credential from the sending device that is verifiable using public/private key encryption methods (¶0046–0047). A self-signed credential inherently contains or conveys the sender’s public key (or a public-key certificate) because verification of the credential requires use of the corresponding public key. Agarwal explains that this credential enables the receiving device to authenticate the identity of the sending device as a member of the trusted group and continue communications (¶0046–0047), thereby allowing the receiving device to determine whether the sending device is legitimate and not being spoofed.
It would have been obvious to one of ordinary skill in the art at the time of the invention to combine Basile’s multi-device registration and public-key distribution framework with Agarwal’s post-registration invite exchange including public-key-based self-signed credentials, in order to further verify the authenticity of a newly registered device before establishing secure communications. The combination merely applies Agarwal’s well-known technique of device authentication via public-key credentials within Basile’s registered multi-device messaging system, yielding the predictable result of preventing spoofed device participation and ensuring secure communication between devices associated with the same mobile device number.
Basile teaches registering multiple user devices associated with the same user and routing notification messages and communication requests between those devices via a network platform, including transmitting device identity information and public keys to enable secure communication between the devices. Agarwal further teaches that, after registration of multiple devices within a trusted group, a session manager routes notification messages between devices and facilitates the exchange of authentication credentials so that the devices may establish a secure connection. However, Basile and Agarwal do not expressly teach routing a message comprising a first device private key from a first device to a second device after routing a secure communication invite. Nicholson teaches that, after an authentication request flow, a network device sends a private key to a communication device in an encrypted message (¶0057), and further teaches providing a private key to a communication device in response to receiving a message requesting the private key (¶0063). Nicholson thus teaches transmitting a message comprising a private key between computing entities over a network as part of a secure service activation and authentication process, including storing and later using the private key for subsequent secure communications.
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the Basile and Agarwal system to route, after the secure communication invite, a message comprising the first device private key in encrypted form as taught by Nicholson from the first device to the second device, in order to enable authenticated cryptographic operations and challenge response verification between the devices. The combination merely applies Nicholson’s well-known technique of securely transmitting a private key within the established multi-device communication and invite routing framework of Basile and Agarwal, yielding the predictable result of enabling authenticated and secure communications between the registered devices while maintaining private key confidentiality.
Regarding Claim 18
Claim 18 is directed to a method corresponding to the computer-implemented method in claim 1. Claim 18 is similar in scope to claim 1 and is therefore rejected under similar rationale.
Claims 2 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Basile (US 20200382297 A1), in view of Agarwal (US 20110225426 A1), in view of Nicholson (US 20140162619 A1) as applied to claim 1 above, and in further view of SHARMA (US 20210058435 A1).
Regarding Claim 2
Basile, Agarwal, and Nicholson combined teach registering devices with public keys tied to user accounts, notifying and authenticating devices within a trusted group using exchanged credentials, and securely transmitting and using private keys to enable authenticated and encrypted communications between the devices. However Basile, Agarwal, and Nicholson do not expressly teach that routing the secure communication invite is performed via at least one of a CSCF communication component of a communication network or a Rich Communication Suite RCS server of the communication network. Sharma teaches an IP Multimedia Subsystem (IMS) architecture in which a Proxy Call Session Control Function (P-CSCF), which is a CSCF communication component of the network, receives and routes SIP INVITE requests between devices (¶0017–0018, 0048, 0051). Sharma further teaches that the P-CSCF transforms and routes SIP INVITE requests for RCS chat sessions and forwards the SIP INVITE to the terminating user device via the IMS communication network (¶0018, 0051).
It would have been obvious to one of ordinary skill in the art at the time of the invention to implement the routing of the secure communication invite in the Basile, Agarwal, and Nicholson multi-device communication framework using a IMS routing architecture of as taught by Sharma, specifically via a CSCF component or RCS server, because SIP secure session establishment between mobile devices was conventionally handled through CSCF elements in IMS networks. The combination merely substitutes Sharma’s well-known IMS/CSCF routing mechanism for the generic routing platform of Basile, Agarwal, and Nicholson, yielding the predictable result of routing the secure communication invite through communication components.
Regarding Claim 11
Basile, Agarwal, and Nicholson combined teach registering devices with public keys tied to user accounts, notifying and authenticating devices within a trusted group using exchanged credentials, and securely transmitting and using private keys to enable authenticated and encrypted communications between the devices. However Basile, Agarwal, and Nicholson do not expressly teach routing the secure communication invite comprises routing via a CSCF communication component and RCS server in the specific sequence recited. Sharma teaches an IP Multimedia Subsystem (IMS) architecture in which a Proxy Call Session Control Function (P-CSCF), which is a CSCF communication component of the communication network, receives a SIP INVITE from a first user device and routes that INVITE to an RCS messaging service (¶0046, 0051). Sharma further teaches that the RCS messaging service routes the session invitation back to the P-CSCF, which then routes the SIP INVITE to the terminating user device (¶0051–0052). Thus, Sharma expressly teaches routing a secure communication invite from a second device to a CSCF communication component, routing from the CSCF to an RCS server, routing from the RCS server back to the CSCF, and routing from the CSCF to the first device.
It would have been obvious to one of ordinary skill in the art at the time of the invention to implement the invite routing of Basile, Agarwal, and Nicholson using the IMS architecture taught by Sharma, including routing via a CSCF and RCS server, because Sharma teaches that such routing provides standardized session control and secure session establishment within mobile communication networks. The combination merely applies Sharma’s known IMS routing infrastructure to multi-device secure communication framework taught in Basile, Agarwal, and Nicholson, yielding the predictable result of routing secure communication invites between registered devices using established CSCF and RCS network components.
Claims 3 is rejected under 35 U.S.C. 103 as being unpatentable over Basile (US 20200382297 A1), in view of Agarwal (US 20110225426 A1), in view of Nicholson (US 20140162619 A1) as applied to claim 1 above, and in further view of Manas (US 20220217106 A1).
Regarding Claim 3
Basile, Agarwal, and Nicholson combined teach registering devices with public keys tied to user accounts, notifying and authenticating devices within a trusted group using exchanged credentials, and securely transmitting and using private keys to enable authenticated and encrypted communications between the devices. However, Basile, Agarwal, and Nicholson do not expressly teach encrypting a message using the second device’s public key in response to the first device validating a secure communication invite by authenticating that the public key in the invite corresponds to the previously distributed public key. Manas teaches a multi-device system in which a new device generates a public/private key pair, transmits the public key to an already-registered device and, after pairing validation and confirmation that the new device is associated with the same user account, establishes an end-to-end encrypted communication session (Manas ¶0051-0054). Manas further teaches encrypting messages and data blobs using the public key of the newly paired device after successful pairing validation, such that only the intended device possessing the corresponding private key can decrypt the message (¶0071-0075 and 0110). Because encryption using a recipient’s public key necessarily relies on prior validation and association of that public key with the intended device, Manas teaches encrypting communications in response to successful authentication of the device’s public key.
It would have been obvious to one of ordinary skill in the art at the time of the invention to implement the routing of the secure communication invite in the Basile, Agarwal, and Nicholson with Manas’s validated pairing and public-key based end-to-end encryption techniques in order to ensure that after confirming that a second device’s public key corresponds to the previously registered device under the same account, subsequent communications are encrypted using that validated public key. The combination merely applies Manas’s well-known technique of encrypting communications using a validated recipient public key within the multi-device messaging environment taught in Basile, Agarwal, and Nicholson, yielding the predictable result of preventing spoofed device participation and ensuring secure communication between devices associated with the same mobile device number.
Claims 4, 8 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Basile (US 20200382297 A1), in view of Agarwal (US 20110225426 A1), in view of Nicholson (US 20140162619 A1) as applied to claim 1 above, and in further view of THIRUMALAI (US 11,012,428 B1).
Regarding Claim 4
Basile, Agarwal, and Nicholson combined teach registering devices with public keys tied to user accounts, notifying and authenticating devices within a trusted group using exchanged credentials, and securely transmitting and using private keys to enable authenticated and encrypted communications between the devices. However, Basile, Agarwal, and Nicholson do not expressly teach facilitating end-to-end encrypted communication between a sender device and the first and second devices using the first device private key. Thirumalai teaches that, for each new message, a sending client device signs the message using a sender message signing private key and performs authenticated encryption before transmitting the encrypted message, such that recipient devices decrypt and verify the message using corresponding cryptographic keys (Col. 19, ll. 42 – Col. 20, l. 4). Thirumalai further teaches that group key material is wrapped using device-specific encryption keys and that each member device uses its associated private key to decrypt the group blob key necessary to access encrypted communications (Col. 16, ll. 18–24). Thirumalai thus teaches facilitating end-to-end encrypted communication in which secure messaging operations depend upon the use of a device private key.
It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the Basile, Agarwal, and Nicholson system to facilitate end-to-end encrypted communication between the sender device and the first and second devices using the first device private key, as taught by Thirumalai, in order to provide authenticated message signing, confidentiality, and integrity protection within the multi-device communication framework. The combination merely applies Thirumalai’s well-known end-to-end encryption and private-key-based signing techniques within the established device registration and invite-routing architecture of Basile and Agarwal, yielding the predictable result of secure, authenticated communications between the registered devices.
Regarding Claim 8
Basile discloses:
The method of claim 4, wherein the facilitating end-to-end encryption comprises: routing encrypted communication from the sender device to the first device and to the second device based upon the first device and the second device having the same mobile device number (Basile ¶0016 teaches that multiple user devices (100) are registered to the same user account associated with a phone number, and ¶0017 teaches that when a sender device identifies that phone number, IDS server 120 provides the device identifiers and public keys for all registered devices, after which the sender transmits a respective encrypted copy of the message to each device identifier. Thus, Basile teaches routing encrypted communication from the sender device to both the first and second devices based on their association with the same mobile device number.).
Regarding Claim 20
Claim 20 is directed to a method corresponding to the computer-implemented method in claim 4. Claim 20 is similar in scope to claim 4 and is therefore rejected under similar rationale.
Claims 5-7 are rejected under 35 U.S.C. 103 as being unpatentable over Basile (US 20200382297 A1), in view of Agarwal (US 20110225426 A1), in view of Nicholson (US 20140162619 A1) as applied to claim 1 above, and in further view of Sànchez (US 2022/0224728 A1).
Regarding Claim 5
Basile, Agarwal, and Nicholson combined teach registering devices with public keys tied to user accounts, notifying and authenticating devices within a trusted group using exchanged credentials, and securely transmitting and using private keys to enable authenticated and encrypted communications between the devices. However, Basile, Agarwal, and Nicholson do not expressly teach in response to receiving a subscribe request from the first device for event registration information, generating a first device event subscription; and transmitting the first notify message to the first device based upon the first device event subscription. However, in an analogous art, Sànchez discloses an event subscription element system/method that includes (Sànchez Paragraph 91: For example, a client device may utilize SIP SUBSCRIBE to request from a remote node (e.g., wireless carrier system 160) a current state and/or state updates … Sànchez Paragraph 92: Upon receipt of the subscribe request, the system can initiate an event subscription process associated with the requesting device... A database lookup may be performed to determine the appropriate identifier and settings associated with the second device.); and (Sànchez Paragraph 91: When such a request is received, the remote node may send a SIP NOTIFY message, e.g., in response to determination that the change in current state has occurred based on the receipt of a message that includes the notification from delivery application 108.).
Given the teaching of Sánchez, a person having ordinary skill in the art before the effective filing date of the claimed invention would have recognized the desirability of modifying the teaching of Basile, Agarwal, and Nicholson by incorporating a method for generating event subscriptions and sending notifications in response to subscribe requests. Sánchez describes a system where a client device sends a SIP SUBSCRIBE request to a remote node (e.g., a wireless carrier system) to receive updates on current state or state changes. Upon receiving the subscribe request, the system initiates an event subscription process for the requesting device and may send a SIP NOTIFY message when relevant updates are available. It would have been obvious to extend this method to generate a first device event subscription upon receiving a subscribe request from a first device and to transmit a notify message to the first device based on this subscription (Sánchez Paragraphs 91 and 92).
Regarding Claim 6
Basile, Agarwal, and Nicholson combined teach registering devices with public keys tied to user accounts, notifying and authenticating devices within a trusted group using exchanged credentials, and securely transmitting and using private keys to enable authenticated and encrypted communications between the devices. However, Basile, Agarwal, and Nicholson do not expressly teach in response to receiving a subscribe request from the second device for event registration information, generating a second device event subscription; and transmitting the second notify message to the second device based upon the second device event subscription. However, in an analogous art, Sànchez discloses an event subscription element system/method that includes (Sànchez Paragraph 91: For example, a client device may utilize SIP SUBSCRIBE to request from a remote node (e.g., wireless carrier system 160) a current state and/or state updates … Sànchez Paragraph 92: Upon receipt of the subscribe request, the system can initiate an event subscription process associated with the requesting device... A database lookup may be performed to determine the appropriate identifier and settings associated with the second device.); and (Sànchez Paragraph 91: When such a request is received, the remote node may send a SIP NOTIFY message, e.g., in response to determination that the change in current state has occurred based on the receipt of a message that includes the notification from delivery application 108.).
Given the teaching of Sánchez, a person having ordinary skill in the art before the effective filing date of the claimed invention would have recognized the desirability of modifying the teaching of Basile, Agarwal, and Nicholson by incorporating a method for generating an event subscription for a device upon receiving a subscribe request and transmitting notifications based on that subscription. Sánchez describes how a client device may send a SIP SUBSCRIBE request to a remote node to request current state information or updates. Upon receiving this subscribe request, the system initiates an event subscription process for the requesting device, potentially including a database lookup to identify relevant settings for that device. The remote node may then send a SIP NOTIFY message to the device in response to state changes or events. It would have been obvious to apply this method to handle subscribe requests from a second device, creating a second device event subscription and subsequently transmitting a notify message to the second device based on this subscription (Sánchez Paragraphs 91 and 92).
Regarding Claim 7
Basile, Agarwal, and Nicholson combined teach registering devices with public keys tied to user accounts, notifying and authenticating devices within a trusted group using exchanged credentials, and securely transmitting and using private keys to enable authenticated and encrypted communications between the devices. However, Basile, Agarwal, and Nicholson do not expressly teach in response to receiving a publish request from the first device, generating a presence indicator for the first device, wherein the presence indicator comprises the first device public key received within the publish request; and utilizing the presence indicator as an indication to the second device that the first device supports end-to-end encryption. However, in an analogous art, Sànchez discloses an event subscription element system/method that includes (Sánchez Paragraphs 74: Messaging app 156 may generate and send a registration message… which includes a device identifier and a public key associated with the application.” This process serves to identify the device with a unique key as part of its registration. Sánchez Paragraphs 66: The message delivery server…encrypts the message using a public key identified based on a recipient identifier…this ensures secure delivery…only the recipient device with the corresponding private key can decrypt the message).
Given the teaching of Sánchez, a person having ordinary skill in the art before the effective filing date of the claimed invention would have recognized the desirability of modifying the teaching of Basile, Agarwal, and Nicholson by incorporating a method for using a public key in a presence indicator to signify a device’s capability for end-to-end encryption. Sánchez describes a method in which a messaging app generates a registration message containing a unique device identifier and a public key associated with the application, which effectively identifies the device and associates it with a specific public key. Sánchez also explains that the message delivery server encrypts messages using a public key identified based on a recipient identifier, ensuring that only the recipient device, which has the corresponding private key, can decrypt the message. This process inherently supports end-to-end encryption by signaling that a device can decrypt incoming encrypted messages when it holds the appropriate private key corresponding to its registered public key. It would have been obvious to extend Sánchez’s approach by utilizing the presence indicator, which includes the public key, as a signal to another device (the second device) that the first device supports end-to-end encryption (Sánchez Paragraphs 66).
Claims 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Basile (US 20200382297 A1), in view of Agarwal (US 20110225426 A1), in view of Nicholson (US 20140162619 A1), in view of THIRUMALAI (US 11,012,428 B1) as applied to claim 8 above, and in further view of Nayshtut (US 2014/0281477 A1).
Regarding Claim 9
Basile, Agarwal, Nicholson and Thirumalai combined teach registering devices with public keys tied to user accounts, notifying and authenticating devices within a trusted group using exchanged credentials, and securely transmitting and using private keys to enable authenticated and encrypted communications between the devices. However, Basile, Agarwal, Nicholson and Thirumalai do not expressly teach that an encrypted communication that is encrypted by a sender device using the first device public key can be decrypted by the first device and the second device using the first device private key. Nayshtut teaches securely provisioning/distributing a private key to a user’s various devices in a cloud-synchronization context, including exporting a private key from an out-of-band secure processor by encrypting the private key with another node’s public key and distributing the encrypted private key to other user devices, such that multiple nodes may hold respective copies/instances of the same private key simultaneously (Nayshtut ¶0012, 0025, 0057). Nayshtut further teaches a concrete group-key example in which a first node encrypts a shared private key (Pvt-G) with the recipient node’s public key and communicates the encrypted Pvt-G to other nodes, which decrypt and store Pvt-G within their out-of-band secure processors, enabling those nodes to decrypt content/session keys encrypted using the corresponding public key (Pub-G) (Nayshtut ¶0026–0033).
It would have been obvious to one of ordinary skill in the art to modify Basile, Agarwal, Nicholson and Thirumalai multi-device, same-user-account secure messaging arrangement to additionally securely provision the first device private key to the second device by encrypting/exporting the first device private key under the second device’s public key and installing it within secure hardware/key storage on the second device as taught by Nayshtut, so that an encrypted communication encrypted by a sender using the first device public key can be decrypted by both the first device and the second device using the first device private key, thereby enabling seamless access to encrypted communications across a user’s trusted devices while maintaining confidentiality of the private key during transfer.
Claims 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Basile (US 20200382297 A1), in view of Agarwal (US 20110225426 A1), in view of Nicholson (US 20140162619 A1), in view of Manas (US 20220217106 A1) as applied to claim 3 above, and in further view of Sànchez (US 2022/0224728 A1).
Regarding Claim 10
Basile, Agarwal, Nicholson and Manas combined teach registering devices with public keys tied to user accounts, notifying and authenticating devices within a trusted group using exchanged credentials, and securely transmitting and using private keys to enable authenticated and encrypted communications between the devices. Sànchez discloses a private key element system/method that includes (Sànchez Paragraph 66: In block 314, the received message is decrypted using a private key stored locally at the recipient device that received the message. Since the message delivery server encrypts the message using a public key identified based on a recipient identifier (e.g., token), the private key is part of a key pair along with the public key, and can be utilized to decrypt the message).
Given the teaching of Sánchez, a person having ordinary skill in the art before the effective filing date of the claimed invention would have recognized the desirability of modifying the teaching of Basile, Agarwal, Nicholson and Manas by incorporating a method for decrypting an encrypted message using a private key stored on a recipient device to obtain secure information embedded within the message. Sánchez describes a system where a message is encrypted by a server using the recipient’s public key and is subsequently decrypted at the recipient device using the device’s private key. This process ensures that only the intended recipient, with the correct private key, can decrypt and access the contents of the message. It would have been obvious to extend this method to decrypt an encrypted message on a second device using its private key to obtain additional secure information, such as a first device private key for further use by the second device. Sánchez’s approach to utilizing a recipient’s private key to securely decrypt and access message contents aligns with the claimed invention's requirement of decrypting to obtain secure key information, thereby meeting the limitations of the claim (Sànchez Paragraph 66).
Claims 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Basile (US 20200382297 A1), in view of Agarwal (US 20110225426 A1).
Regarding Claim 12
Basile discloses:
A first device comprising: a processor configured to execute a method comprising:
transmitting a registration request to a communication component for generating a first registration for a first device having a mobile device number; receiving a notify message from the communication component, wherein the notify message comprises an indication of a second registration of a second device having the same mobile device number and comprising a second device public key of the second device (Basile ¶0016 discloses multiple user devices “100A-N” registered to the same user account associated with a phone number, thereby teaching a second device tied to the same mobile device number, and ¶0017 teaches that when a given device is added, it registers its own public key 104 with IDS server 120, thus creating a second registration comprising a second device public key. Basile ¶0017, ¶0037–0038, claim 12: teaches transmitting to the first device information identifying the second device’s registration and its corresponding public key by having the IDS server provide devices associated with the same user account (e.g., same phone number) with the public keys of registered devices in response to a contact information request. This provision of the second device’s public key to the first device informs the first device of the second device’s registration.);
Basile teaches a multi-device messaging system in which multiple devices are registered under the same user account and public keys for those devices are distributed and verified to prevent unauthorized device registration. However, Basile does not explicitly teach that, after receiving the notify message of the second registration and the second device public key, determining whether the second device is being spoofed by determining whether a received second device public key received from the communication component matches the second device public key within the notify message. Agarwal teaches that after a device registers within a trusted group, a notification message is sent to an already-registered device (¶[0045]). In response to receiving the notification, the devices exchange SIP signaling messages including an invite and a response (¶[0046]–[0047]). Agarwal further teaches that these messages include a self-signed credential from the sending device that is verifiable using public/private key encryption methods (¶[0046]–[0047]). A self-signed credential inherently contains or conveys the sender’s public key (or a public-key certificate) because verification of the credential requires use of the corresponding public key. Agarwal explains that this credential enables the receiving device to authenticate the identity of the sending device as a member of the trusted group and continue communications (¶[0046]–[0047]), thereby allowing the receiving device to determine whether the sending device is legitimate and not being spoofed.
It would have been obvious to one of ordinary skill in the art at the time of the invention to combine Basile’s multi-device registration and public-key distribution framework with Agarwal’s post-registration invite exchange including public-key-based self-signed credentials, in order to further verify the authenticity of a newly registered device before establishing secure communications. The combination merely applies Agarwal’s well-known technique of device authentication via public-key credentials within Basile’s registered multi-device messaging system, yielding the predictable result of preventing spoofed device participation and ensuring secure communication between devices associated with the same mobile device number.
Claims 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Basile (US 20200382297 A1), in view of Agarwal (US 20110225426 A1) as applied to claim 12 above, and in further view of THIRUMALAI (US 11,012,428 B1).
Regarding Claim 13
Basile and Agarwal combined teach registering devices with public keys tied to user accounts, notifying and authenticating devices within a trusted group using exchanged credentials. However, Basile and Agarwal do not expressly teach transmitting an encrypted message comprising a first device private key encrypted using the second device public key to the second device for use in performing end-to-end encrypted communication between the second device and a sender device. Thirumalai teaches that, for each new message, a sending client device signs the message using a sender message signing private key and performs authenticated encryption before transmitting the encrypted message, such that recipient devices decrypt and verify the message using corresponding cryptographic keys (Col. 19, ll. 42 – Col. 20, l. 4). Thirumalai further teaches that group key material is wrapped using device-specific encryption keys and that each member device uses its associated private key to decrypt the group blob key necessary to access encrypted communications (Col. 16, ll. 18–24). Thirumalai thus teaches facilitating end-to-end encrypted communication in which secure messaging operations depend upon the use of a device private key. It would have been obvious to one of ordinary skill in the art at the time of the invention to modify the Basile, Agarwal, and Nicholson system to facilitate end-to-end encrypted communication between the sender device and the first and second devices using the first device private key, as taught by Thirumalai, in order to provide authenticated message signing, confidentiality, and integrity protection within the multi-device communication framework. The combination merely applies Thirumalai’s well-known end-to-end encryption and private-key-based signing techniques within the established device registration and invite-routing architecture of Basile and Agarwal yielding the predictable result of secure, authenticated communications between the registered devices.
Claims 14 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Basile (US 20200382297 A1), in view of Agarwal (US 20110225426 A1) as applied to claim 12 above, and in further view of Sànchez (US 2022/0224728A1).
Regarding Claim 14
Basile and Agarwal combined teach registering devices with public keys tied to user accounts, notifying and authenticating devices within a trusted group using exchanged credentials. However, Basile and Agarwal do not expressly teach wherein the method further comprises: transmitting a publish request to a presence server for generating a presence indicator for the first device; and utilizing the presence indicator as an indication to the second device that the first device supports end-to-end encryption. Sànchez discloses an event subscription element system/method that includes: encryption (Sánchez Paragraphs 74: Messaging app 156 may generate and send a registration message … which includes a device identifier and a public key associated with the application.” This process serves to identify the device with a unique key as part of its registration); Sánchez Paragraphs 66: The message delivery server…encrypts the message using a public key identified based on a recipient identifier…this ensures secure delivery…only the recipient device with the corresponding private key can decrypt the message).
Given the teaching of Sánchez, a person having ordinary skill in the art before the effective filing date of the claimed invention would have recognized the desirability of modifying the teaching of Basile and Agarwal by incorporating a method for using a public key in a presence indicator to signify a device’s capability for end-to-end encryption. Sánchez describes a method in which a messaging app generates a registration message containing a unique device identifier and a public key associated with the application, which effectively identifies the device and associates it with a specific public key. Sánchez also explains that the message delivery server encrypts messages using a public key identified based on a recipient identifier, ensuring that only the recipient device, which has the corresponding private key, can decrypt the message. This process supports end-to-end encryption by signaling that a device can decrypt incoming encrypted messages when it holds the appropriate private key corresponding to its registered public key. It would have been obvious to extend Sánchez’s approach by utilizing the presence indicator, which includes the public key, as a signal to another device (the second device) that the first device supports end-to-end encryption (Sánchez Paragraphs 66).
Regarding Claim 17
Basile and Agarwal combined teach registering devices with public keys tied to user accounts, notifying and authenticating devices within a trusted group using exchanged credentials. Basile and Agarwal do not disclose the following limitation wherein the method further comprises: transmitting a subscribe request to the communication component to register for receiving notify messages of devices with the mobile device number registering with the communication component. However, in an analogous art, Sànchez discloses a subscribe request element system/method that includes: (Sànchez Paragraph 91: A client device may utilize SIP SUBSCRIBE to request from a remote node (e.g., wireless carrier system 160) a current state and/or state updates. When such a request is received, the remote node may send a SIP NOTIFY message, e.g., in response to determination that the change in current state has occurred based on the receipt of a message that includes the notification from delivery application 108 … Sànchez Paragraph 55: In some implementations, the registration message also includes a telephone number associated with the client device that implements method 200 (e.g., client device 120). Once the client device is registered, a message delivery server (e.g., server 104 that executes delivery application 108) may deliver messages to the client device via a network access layer.).
Given the teaching of Sánchez, a person having ordinary skill in the art before the effective filing date of the claimed invention would have recognized the desirability of modifying the teaching of Basile and Agarwal by incorporating a method for using a subscribe request to register for receiving notify messages based on the state of a device associated with a particular identifier, such as a mobile device number. Sánchez describes a method in which a client device uses SIP SUBSCRIBE to request updates from a remote node, such as a wireless carrier system, to receive notifications regarding the device’s state. Sánchez explains that when a subscription request is received, the remote node may respond with a SIP NOTIFY message if a change in state has occurred. Additionally, Sánchez describes a registration message that includes a telephone number associated with the client device. Upon successful registration, a message delivery server may send messages to the client device, establishing a communication link associated with the device’s telephone number. It would have been obvious to apply Sánchez’s approach to implement a method where a device transmits a subscribe request to a communication component to register for receiving notify messages, specifically using the mobile device number as a means to register with the communication component (Sànchez Paragraph 55).
Claims 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over over Basile (US 20200382297 A1), in view of Agarwal (US 20110225426 A1) as applied to claim 12 above, and in further view of Lackey (US 9,635,003 B1).
Regarding Claim 15
Basile and Agarwal combined teach registering devices with public keys tied to user accounts, notifying and authenticating devices within a trusted group using exchanged credentials. Basile and Agarwal do not disclose the following limitation in response to determining that the second device public key within a secure communication invite does not match the second device public key within the notify message, refraining from creating and transmitting an encrypted message. However, in an analogous art, Lackey discloses a mismatch key system/method that includes: (Lackey Column 5, Line 64: At step 158, Alice determines whether the recovered public key, B* matches the delivered public key, B. If the recovered public key, B*, matches the received public key, B, the received public key, B, is considered valid and Alice will proceed to use her computed session key kA as Bob's session key k to perform the intended cryptographic task. For example, in the event an encrypted message was received from Bob, Alice will decrypt the encrypted message, EnckM (M) to recover the message M. If however, the recovered public key, B*, does not match the received public key, B, the public key B received from Bob is considered invalid and Alice is informed that the communication is invalid. It is important to note that if Alice does not want to reveal information about her private key, she will not communicate to Bob that the session keys do not match. Alice may, however, communicate to Bob that the cryptographic task failed, e.g. the message failed to decrypt correctly. It is noted that regardless of whether the invalid public key provided by Bob would satisfy k=aB allowing Alice to perform the cryptographic task, if the public key is invalid (i.e. it was not created using the key agreement protocol), Alice will respond by notifying Bob that the cryptographic task failed. By providing the same response in each instance, Alice does not provide any information as to the characteristics of her private key, a. Alice therefore eliminates the vulnerability of the prior art method described above.).
Given the teaching of Lackey, a person having ordinary skill in the art before the effective filing date of the claimed invention would have recognized the desirability of modifying the teaching of Basile and Agarwal by incorporating a method for verifying that a public key received during a communication initiation matches an expected public key before proceeding with cryptographic operations. Lackey describes a method where a device (Alice) verifies the validity of a received public key, comparing it to an expected public key, to ensure the authenticity of the communication. Lackey explains the process of verifying public key consistency to ensure that the communication validity aligns with the claimed limitation's step of determining whether the second device’s public key matches an expected value to authenticate the communication. It would have been obvious to modify Lackey’s approach to not only notify the user of an invalid public key but also to refrain from transmitting an encrypted message when the received public key does not match the expected public key. Lackey’s approach to verifying the public key before proceeding with any cryptographic task meets the claimed invention’s requirement of refraining from creating and transmitting an encrypted message upon detecting a mismatch, ensuring secure communication by preventing unauthorized access.
Claims 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Basile (US 20200382297 A1), in view of Agarwal (US 20110225426 A1) as applied to claim 12 above, and in further view of Asveren2 (US 9,800,589 B1).
Regarding Claim 16
Basile and Agarwal teach that when a second device is registered (A1) with the same identity as first device (A), they system generates a new public key for A1 notifies the first device of the second device registration and key via a validation message and enables a secure peer-to-peer communication by exchanging public keys through a signet-based protocol that establish a trusted relationship between both devices. However, they do not disclose the following limitation wherein the method further comprises: in response to determining that the second device is being spoofed, triggering an alert of a spoofing attack of the second device.
However, in an analogous art, Asveren2 discloses a spoofing detection system/method that includes (Asveren2 Column 32, Line 55- Column 33, Line 2: teaches that when a spoofing check is performed the SBC monitors for a reply. If no reply is received, the system concludes that no legitimate device exists at that address, which indicates a spoofing attempt. In such cases, the SBC may trigger an alarm, blacklist the source, or drop future requests.).
Given the teachings of Asveren2, a person of ordinary skill in the art would have found it obvious to modify the teachings of Basile and Agarwal to secure communication system to determine whether a device is spoofed based on its response (or lack thereof) to a test message. Asveren2 teaches that if no reply is received, the SBC can trigger an alarm indicating a spoofing attempt (Asveren2 Column 32, Line 55- Column 33, Line 2).
Claims 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Basile (US 20200382297 A1), in view of Agarwal (US 20110225426 A1), in view of Nicholson (US 20140162619 A1) as applied to claim 18 above, and further view of Atarius (US 20200053133 A1).
Regarding Claim 19
Basile, Agarwal, and Nicholson combined teach registering devices with public keys tied to user accounts, notifying and authenticating devices within a trusted group using exchanged credentials, and securely transmitting and using private keys to enable authenticated and encrypted communications between the devices. However, Basile, Agarwal, and Nicholson do not expressly teach the registration request used for such registration comprises a Contact header. Atarius teaches that a UE registers with an IMS network by transmitting a SIP REGISTER request in which the UE includes information in one or more SIP header fields, including expressly that the UE adds parameters/identifiers in the Contact header field of the SIP REGISTER request (e.g., adding service capability identifiers and/or a transport preference such as “transport=tcp” in the Contact header field) (Atarius ¶0034–0035, 0058–0059, 0129, 0135). It would have been obvious to one of ordinary skill in the art to modify the device registration request of Basile, Agarwal, and Nicholson to utilize a standardized SIP-based registration message format including header fields such as a Contact header, as taught by Atarius, because employing established SIP signaling headers provides a conventional and interoperable mechanism for conveying device addressing and capability information necessary for registration, routing, and subsequent secure session establishment within a communication network.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAAD ABDULLAH whose telephone number is (571) 272-1531. The examiner can normally be reached on Monday - Friday, 9:30am - 5:30pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAAD AHMAD ABDULLAH/ Examiner, Art Unit 2431
/SHIN-HON (ERIC) CHEN/ Primary Examiner, Art Unit 2431