Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 11/28/2025 has been entered.
Response to Amendment
This is in response to the amendments filed on 11/28/2025. Claims 1 and 8-10 have been amended. Claims 1-10 are currently pending and have been considered below.
Response to Arguments
Applicant's arguments filed 11/28/2025 have been fully considered but they are not persuasive. On page 9 of Remarks, Applicant contends that the examiner’s mappings to Jacobs is “internally inconsistent” with the respective recitations of claims 1, 8, 9, and 10. The examiner respectfully disagrees.
Applicant has alleged that if the examiner were to equate System 102 (“Alice”) of Jacobs to the claimed “KM apparatus” then System 104 (“Bob”) would need to be equated to the claimed “opposing KM apparatus” rather than the Encryption Key Manager 182 of Jacobs. However, the examiner contends that nothing in the claim necessitates such mapping. Rather, the present claim introduces two distinct apparatuses: the “KM apparatus” and the “opposing KM apparatus” without any further recitations requiring either apparatus as being identical to the other (as implied by Applicant). Without such clarification, the examiner asserts that such introduction of differently labeled apparatuses (i.e., the “KM apparatus” and “opposing KM apparatus”) would, under broadest reasonable interpretation, allow for the mapping to different apparatuses and/or elements in the prior art. Thus, even though the examiner mapped Jacobs’ System 102 (“Alice”) to the claimed “KM apparatus”, the claim does not necessitate the “opposing KM apparatus” to be an identical apparatus as the “KM apparatus”, and therefore mapping Jacobs’ Key Manager 182 to the “opposing KM apparatus” would be appropriate, and not internally inconsistent, in view of the current scope of the claims.
On pages 9-10 of Remarks, Applicant further contends that Jacobs does not teach or suggest, “… an opposing KM apparatus at a different base … an opposing QKD apparatus that is distinct from the KM apparatus and the opposing KM apparatus”. The examiner respectfully disagrees.
First, while Applicant has further clarified that the “opposing KM apparatus” is “at a different base”, Applicant has not specified with what the “base” is “different” from. In other words, while it’s now clear the “opposing KM apparatus” belongs to a “base”, the claims don’t specify what the “base” constitutes of, nor what other limitations in the claims which may have a “base” that is “different” from the opposing KM’s.
Second, with respect to the “opposing QKD apparatus” being distinct from the “KM apparatus” and the “opposing KM apparatus” “at a different base”, the examiner again refers to the above assertion, where it’s not specified what the “different base” relates to. Thus, the presently mapped Encryption Key Manager 182 of Jacobs can constitute as a “different base”, under broadest reasonable interpretation, because the Encryption Key Manager 182 is shown as its own entity in Jacobs in Figs. 1 and 2.
Therefore, without further clarification as to what specifically the “base” is and how the “base” is “different” from any other aspect(s) in the claims, the examiner contends that Jacobs fully teaches and suggests “… an opposing KM apparatus at a different base … an opposing QKD apparatus that is distinct from the KM apparatus and the opposing KM apparatus”, and thus the rejection is maintained.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1, 4, 5, and 8-10 is/are rejected under 35 U.S.C. 102(a)(1) & (b)(1) as being anticipated by “Jacobs” (US 2013/0315395).
Regarding Claim 1:
A key manager (KM) apparatus (Fig. 1, element 102) comprising
one or more hardware processors configured to:
perform inter-KM-apparatus connection authentication indicating authentication processing with an opposing KM apparatus at a different base (Fig. 1, element 180 communicating with Fig. 1, element 182, wherein element 182 maintains a specific structure as shown by Fig. 2, element 182; ¶0079, “Encryption key managers 180 and 182 may include identical pre-provisioned algorithms to privately perform functions related to sifting, error detection, error correction, and/or privacy amplification with respect to the corresponding raw encryption key, to provide corresponding authenticated encryption keys 184 and 185”; ¶0080, “The pre-provisioned algorithms may be seeded with values generated from authenticated keys 144 and 146 and/or authenticated keys, such that when encryption key managers 180 and 182 converge on solutions for the corresponding authenticated encryption keys 184 and 186, systems 102 and 104 are inherently or implicitly authenticated with respect to one another”; i.e., perform functions involving a key manager that results in another key manager system being authenticated to the key manager) and KM-quantum key distribution (QKD) connection authentication indicating authentication processing with an opposing QKD apparatus (Fig. 1, element 110 communicating via QKD with element 114; ¶0077, “Systems 102 and 104 further include corresponding encryption key managers 180 and 182 to generate respective raw encryption keys based on a corresponding one of transmit event information 124…”; ¶0122, “At 506, a raw key QKD transmission 506 is performed to generate raw keys 508 and 510 and modify authentication keys 502 and 504, such as described in one or more examples above”; i.e., generate raw keys from event information derived from a QKD transmission with another QKD apparatus) that is distinct from the KM apparatus and the opposing KM apparatus (Fig. 1 details element 114 being distinct from element 102 (the “key manager apparatus”) and element 182 (the “opposing KM apparatus”); and
enable a KM function in a case where the inter-KM-apparatus connection authentication is successful and the KM-QKD connection authentication is successful (Fig. 1, element 184; ¶0079, “Encryption key managers 180 and 182 may include identical pre-provisioned algorithms to privately perform functions related to sifting, error detection, error correction, and/or privacy amplification with respect to the corresponding raw encryption key, to provide corresponding authenticated encryption keys 184…”; i.e., enable authentication key 184 to be generated based on the success of the above “authentication processing” occurring between elements 110 & 114 and elements 180 & 184. Fig. 5 further details that each function successfully performed above results in respective final secret key’s A and B).
Regarding Claim 4:
The apparatus according to claim 1,
wherein the KM-QKD connection authentication includes verifying whether or not a QKD apparatus connected to the opposing KM apparatus and the QKD apparatus that has an inter-QKD-apparatus connection to the opposing QKD apparatus are identical (¶0018, “To check for the presence of eavesdropping, Alice and Bob compare a certain subset of their remaining bit strings. If a third party has gained any information about the photons' polarization, this introduces errors in Bobs' measurements. If more than p bits differ, Alice and Bob abort the key and try again, possibly with a different quantum channel, as the security of the key cannot be guaranteed”; ¶0020, “The scheme relies on two properties of entanglement. First, the entangled states are perfectly correlated in the sense that if Alice and Bob both measure whether their particles have vertical or horizontal polarizations, they always get the same answer with 100% probability”).
Regarding Claim 5:
The apparatus according to claim 1,
wherein the KM function includes at least one of a function of executing a KM protocol (¶0125, “At 528, privacy amplification is performed to generate authenticated encrypted keys, illustrated here as final secret keys 530 and 532, based on pseudo-random numbers 534 and 536 generated from the corresponding modified authentication keys, and such as described in one or more examples above”; i.e., execute a KM protocol resulting in the final secret keys being generated), a function of storing a cryptographic key received from the opposing QKD apparatus, and a function of executing key relaying with the opposing KM apparatus.
Regarding Claim 8:
A quantum key distribution (QKD) system (Fig. 1) comprising:
a plurality of QKD apparatuses (Fig., 1, elements 102 and 104 each comprising QKD apparatus elements 110 and 114); and
a plurality of key manager (KM) apparatuses (Fig. 1, elements 102 and 104 each comprising Key Manager elements 180 and 182) that are distinct from the plurality of QKD apparatus (Fig. 1 details elements 102/104, comprising elements 180/182, being distinct from respective QKD apparatuses 110/114. For example, element 102 is distinct from element 114 and element 104 is distinct from element 110) wherein
each of the plurality of KM apparatuses includes one or more hardware processors configured to:
perform inter-KM-apparatus connection authentication indicating authentication processing with an opposing KM apparatus at a different base (Fig. 1, element 180 communicating with Fig. 1, element 182, wherein element 182 maintains a specific structure as shown by Fig. 2, element 182; ¶0079, “Encryption key managers 180 and 182 may include identical pre-provisioned algorithms to privately perform functions related to sifting, error detection, error correction, and/or privacy amplification with respect to the corresponding raw encryption key, to provide corresponding authenticated encryption keys 184 and 185”; ¶0080, “The pre-provisioned algorithms may be seeded with values generated from authenticated keys 144 and 146 and/or authenticated keys, such that when encryption key managers 180 and 182 converge on solutions for the corresponding authenticated encryption keys 184 and 186, systems 102 and 104 are inherently or implicitly authenticated with respect to one another”; i.e., perform functions involving a key manager that results in another key manager system being authenticated to the key manager) and KM-QKD connection authentication indicating authentication processing with an opposing QKD apparatus (Fig. 1, element 110 communicating via QKD with element 114; ¶0077, “Systems 102 and 104 further include corresponding encryption key managers 180 and 182 to generate respective raw encryption keys based on a corresponding one of transmit event information 124…”; ¶0122, “At 506, a raw key QKD transmission 506 is performed to generate raw keys 508 and 510 and modify authentication keys 502 and 504, such as described in one or more examples above”; i.e., generate raw keys from event information derived from a QKD transmission with another QKD apparatus); and
enable a KM function in a case where the inter-KM-apparatus connection authentication is successful and the KM-QKD connection authentication is successful (Fig. 1, element 184; ¶0079, “Encryption key managers 180 and 182 may include identical pre-provisioned algorithms to privately perform functions related to sifting, error detection, error correction, and/or privacy amplification with respect to the corresponding raw encryption key, to provide corresponding authenticated encryption keys 184…”; i.e., enable authentication key 184 to be generated based on the success of the above “authentication processing” occurring between elements 110 & 114 and elements 180 & 184. Fig. 5 further details that each function successfully performed above results in respective final secret key’s A and B).
Regarding Claim 9:
Key management start control method 9 corresponds to apparatus claim 1 and contains no further limitations. Therefore claim 9 is rejected by applying the same rationale used to reject claim 1 above.
Regarding Claim 10:
Computer program product claim 10 corresponds to apparatus claim 1 and contains no further limitations. Therefore claim 10 is rejected by applying the same rationale used to reject claim 1 above.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 2 and 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Jacobs” (US 2013/0315395) in view of “Burnett” (US 2023/0254134).
Regarding Claim 2:
Jacobs teaches:
The apparatus according to claim 1, further comprising a communication interface, …
Jacobs does not disclose:
… wherein
the one or more hardware processors are further configured to cause the communication interface to transmit, to a management system that manages a QKD system, a request for KM apparatus-management system connection authentication indicating authentication processing with the management system, in a case where the inter-KM-apparatus connection authentication is successful and the KM-QKD connection authentication is successful, and
the one or more hardware processors are configured to enable the KM function in a case where validity of the KM apparatus and validity of the management system by the KM apparatus-management system connection authentication are mutually verified.
Burnett teaches:
… wherein
the one or more hardware processors are further configured to cause the communication interface to transmit, to a management system that manages a QKD system (Fig. 1, elements 116-1, 116-2, …, 116-K), a request for KM apparatus-management system connection authentication indicating authentication processing with the management system (Fig. 6, step 810), in a case where the inter-KM-apparatus connection authentication is successful and the KM-QKD connection authentication is successful (Fig. 6, step 805 occurs prior to step 810), and
the one or more hardware processors are configured to enable the KM function in a case where validity of the KM apparatus and validity of the management system by the KM apparatus-management system connection authentication are mutually verified (Fig. 6, steps 820 and 830).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Jacobs’ system to securely derive shared keys by enhancing Jacobs’ system to include a management system that can mutually verify key manager apparatus before deriving shared keys, as taught by Burnett, in order to prevent the shared key from being derived by a third party.
The motivation is to prevent an unauthorized third party from obtaining a shared key between two systems by incorporating a trusted verifying party which can authenticate keys prior to generating a shared final key between the systems (Burnett, ¶0021; ¶0022).
Regarding Claim 3:
Jacobs teaches:
The apparatus according to claim 1, further comprising a communication interface, …
Jacobs does not disclose:
… wherein
the one or more hardware processors are further configured to cause the communication interface to transmit, to a management system that manages a QKD system, a request for KM apparatus-management system connection authentication indicating authentication processing with the management system, and
the one or more hardware processors are configured to perform the inter-KM-apparatus connection authentication and the KM-QKD connection authentication, in a case where the KM apparatus-management system connection authentication is successful.
Burnett teaches:
… wherein
the one or more hardware processors are further configured to cause the communication interface to transmit, to a management system that manages a QKD system (Fig. 1), a request for KM apparatus-management system connection authentication indicating authentication processing with the management system (¶0027, “The key updater 128 determines a set of the verifying parties 116 needed to authenticate the mutually distilled key, wherein each verifying party 116 of the set of verifying parties 116 operates on the network 104 … During each iteration of the KET, the key updater 128 of Alice 108 and Bob 112 communicates with a key authenticator 142 executing on a corresponding verifying party 116”), and
the one or more hardware processors are configured to perform the inter-KM-apparatus connection authentication and the KM-QKD connection authentication (¶0033; ¶0034; ¶0035), in a case where the KM apparatus-management system connection authentication is successful (¶0031, “At 430, the key authenticator of Charlie compares the first hash of the mutually distilled key with the second hash of the mutually distilled key. If the first hash of the mutually distilled key is equal to the second hash of the mutually distilled key, the KET continues”).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Jacobs’ system to securely derive shared keys by enhancing Jacobs’ system to include a management system that can mutually verify key manager apparatus before deriving shared keys, as taught by Burnett, in order to prevent the shared key from being derived by a third party.
The motivation is to prevent an unauthorized third party from obtaining a shared key between two systems by incorporating a trusted verifying party which can authenticate keys prior to generating a shared final key between the systems (Burnett, ¶0021; ¶0022).
Allowable Subject Matter
Claims 6 and 7 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter: The cited prior art of record does not teach, either individually or in combination, the subject matter recited within claims 6 and 7, and thus these claims are deemed allowable over the prior art of record.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329. The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Korzuch can be reached on 571-272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491