Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This action is in response to the application filed on 04/26/2023.
Claims 1-20 are pending.
Examiner’s Note
Please note that Examiner cites particular columns and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in entirely as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claim 1, this claim is within at least one of the four categories of patent eligible subject matter as it is directing to a method claim under Step 1.
1. A method, comprising:
determining, by a quantum computing device, that a first error occurred during a transmission of an update for content from a server computing device to a client computing device over a quantum communication channel that is using a quantum key distribution (QKD) protocol and a first key generated by the QKD protocol;
determining, by the quantum computing device, a risk of discovery of a vulnerability in the update for the content based on a severity level of the vulnerability in the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel, an amount of the first key discovered, and an amount of the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel discovered; and
performing, by the quantum computing device, a first action based on the risk of discovery of the vulnerability in the update for the content.
Regarding claim 1, the limitations “determining, that a first error occurred during a transmission of an update for content,” “determining, a risk of discovery of a vulnerability in the update for the content based on a severity level of the vulnerability in the update for the content transmitted,” and “discovered, and an amount of the update for the content transmitted” as drafted, are functions that, under its broadest reasonable interpretation, recite the abstract idea of a mental process. For example, a person is capable of determining an error, determining a risk based on factors like severity level, amount discovered, and performing an action based on the risk which can be performed mentally or with pen or paper just like risk assessment and decision-making in security protocols. Therefore, these limitations encompass a human mind carrying out the function through observation, evaluation judgment and /or opinion, or even with the aid of pen and paper. Thus, these limitations recite and falls within the “Mental Processes” grouping of abstract ideas under Prong 1.
Under Prong 2, the additional elements “by a quantum computing device” and “from a server computing device to a client computing device over a quantum communication channel that is using a quantum key distribution (QKD) protocol and a first key generated by the QKD protocol,” “from the server computing device to the client computing device over the quantum communication channel, an amount of the first key” and “from the server computing device to the client computing device over the quantum communication channel” are recited at a high-level of generality, using generic computer/quantum components to implement the abstract risk assessment and response are merely to execute/run to and from the device/client to perform the abstract idea. See MPEP 2106.05(f). For the additional elements “performing, a first action based on the risk of discovery of the vulnerability in the update for the content” do nothing more than to add insignificant extra solution activity to the judicial exception of merely updating/gathering data for automation. See MPEP § 2106.05(h).
Under Step 2B, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of “by a quantum computing device” and “from a server computing device to a client computing device over a quantum communication channel that is using a quantum key distribution (QKD) protocol and a first key generated by the QKD protocol,” “from the server computing device to the client computing device over the quantum communication channel, an amount of the first key” and “from the server computing device to the client computing device over the quantum communication channel” amount to no more than mere instructions, or generic computer and/or computer components to carry out the exception, thus, cannot amount to an inventive concept. See MPEP 2105.06(f). For the additional elements “performing, a first action based on the risk of discovery of the vulnerability in the update for the content” the courts have recognized storing and retrieving information in memory and performing repetitive calculation as a well‐understood, routine, and conventional functions, such as generic error detection via lookup of vulneraries are merely generic manner (e.g., at a high level of generality) or an insignificant extra-solution activity (Berkheimer v. HP, Inc., 881 F.3d 1360, 1368, 125 USPQ2d 1649, 1654 (Fed. Cir. 2018)). See MPEP 2106.05(d). Accordingly, the claims are not patent eligible under 35 USC 101.
2. The method of claim 1, further comprising: determining the severity level of the vulnerability in the update for the content; determining the amount of the first key discovered; and determining the amount of the update for the content discovered.
The limitations for this claim further recite an additional mental process under prong 1.
3. The method of claim 2, wherein determining the severity level of the vulnerability in the update for the content comprises obtaining, from the update for the content, the severity level of the vulnerability.
The limitations for this claim further recite an additional mental process under prong 1.
4. The method of claim 2, wherein determining the amount of the first key discovered comprises obtaining, from the QKD protocol, an amount of errors introduced into the first key.
The limitations for this claim further recite an additional mental process under prong 1.
5. The method of claim 2, wherein the amount of the update for the content comprises a quantity of the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel when the first error occurred.
The limitations for this claim further recite an additional insignificant extra solution activity under prong 2.
6. The method of claim 1, wherein determining the risk of discovery of the vulnerability in the update for the content based on the severity level of the vulnerability in the update for the content, the amount of the first key discovered, and the amount of the update for the content discovered comprises: accessing a data structure comprising a plurality of rules, each rule identifying an action to take based on a severity level of a vulnerability in an update for content, an amount of a key discovered, and an amount of an update for content discovered; and
obtaining a rule from among the plurality of rules in the data structure based on the severity level of the vulnerability in the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel, the amount of the first key discovered, and the amount of the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel discovered; wherein the action in the rule corresponds to the risk of discovery of the vulnerability in the update for the content.
The limitations for this claim further recite an additional mental process under prong 1.
7. The method of claim 6, further comprising: subsequent to obtaining the rule from among the plurality of rules in the data structure, updating the rule based on the amount of the first key discovered and the amount of the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel discovered.
The limitations for this claim further recite an additional insignificant extra solution activity under prong 2.
8. The method of claim 6, further comprising: identifying, in the rule, an action to take; and
wherein performing the first action based on the risk of discovery of the vulnerability in the update for the content comprises performing the action identified in the rule.
The limitations for this claim further recite an additional insignificant extra solution activity under prong 2.
9. The method of claim 1, wherein performing the first action based on the risk of discovery of the vulnerability in the update for the content comprises: generating, by the QKD protocol, a second key for use by the quantum communication channel; and transitioning the quantum communication channel to use the second key.
The limitations for this claim further recite an additional insignificant extra solution activity under prong 2.
10. The method of claim 1, wherein performing the first action based on the risk of discovery of the vulnerability in the update for the content comprises: stopping the transmission of the update for the content from the server computing device to the client computing device over the quantum communication channel; and stopping the quantum communication channel.
The limitations for this claim further recite an additional insignificant extra solution activity under prong 2.
11. The method of claim 10, wherein stopping the transmission of the update for the content from the server computing device to the client computing device over the quantum communication channel comprises: stopping the transmission of a segment of the update for the content from the server computing device to the client computing device over the quantum communication channel, wherein the update for the content is separated into a plurality of segments and the transmission of the update for the content from the server computing device to the client computing device over the quantum communication channel comprises a transmission of each segment of the plurality of segments from the server computing device to the client computing device over the quantum communication channel.
The limitations for this claim further recite an additional insignificant extra solution activity under prong 2.
12. The method of claim 1, wherein performing the first action based on the risk of discovery of the vulnerability in the update for the content comprises continuing the transmission of the update for the content from the server computing device to the client computing device over the quantum communication channel.
The limitations for this claim further recite an additional insignificant extra solution activity under prong 2.
13. The method of claim 12, further comprising: determining that a second error occurred during the transmission of the update for the content from the server computing device to the client computing device over the quantum communication channel; stopping the transmission of the update for the content from the server computing device to the client computing device over the quantum communication channel; accessing a data structure comprising a plurality of rules, each rule identifying actions to take based on a severity level of a vulnerability in an update for content, an amount of a key discovered, and an amount of an update for content discovered; and
obtaining a rule from among the plurality of rules in the data structure, wherein the rule identifies a second action to take based on the severity level of the vulnerability in the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel, the amount of the first key discovered, and the amount of the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel discovered.
The limitations for this claim further recite an additional mental process under prong 1.
14. The method of claim 13, further comprising: identifying, in the rule, the second action to take; and performing, based on the rule, the second action.
The limitations for this claim further recite an additional insignificant extra solution activity under prong 2.
15. The method of claim 1, wherein the server computing device is a quantum computing device and the client computing device is a quantum computing device.
The limitation “processor” amount to no more than mere instructions to apply the exception using generic computer and/or mere computer components to carry out the exception under prong 2.
16. The method of claim 15, further comprising: encoding the update for the content into a plurality of qubits, wherein the transmission of the update for the content from the server computing device to the client computing device over the quantum communication channel comprises a transmission of the plurality of qubits from the server computing device to the client computing device over the quantum communication channel.
The limitations for this claim further recite an additional insignificant extra solution activity under prong 2.
17. The method of claim 1, wherein the vulnerability in the update for the content is referred to by a Common Vulnerabilities and Exposures (CVE) identifier and the severity level of the vulnerability in the update for the content is a Common Vulnerability Scoring System (CVSS) score.
The limitations for this claim further recite an additional insignificant extra solution activity under prong 2.
18. The method of claim 1, wherein the first error comprises one or more of an error introduced by an intruder attempting to discover the first key, an error in an encoding of the update for the content, or a defective connection of the quantum communication channel.
The limitations for this claim further recite an additional insignificant extra solution activity under prong 2.
Claim 19, this claim is within at least one of the four categories of patent eligible subject matter as it is directing to a device claim under Step 1.
19. A quantum computing device, comprising:
a memory; and
a processor device coupled to the memory, the processor device to:
determine that a first error occurred during a transmission of an update for content from a server computing device to a client computing device over a quantum communication channel that is using a quantum key distribution (QKD) protocol and a first key generated by the QKD protocol;
determine a risk of discovery of a vulnerability in the update for the content based on a severity level of the vulnerability in the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel, an amount of the first key discovered, and an amount of the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel discovered; and
perform a first action based on the risk of discovery of the vulnerability in the update for the content.
Regarding claim 19, the limitations “determine that a first error occurred during a transmission of an update for content,” “determine a risk of discovery of a vulnerability in the update for the content based on a severity level of the vulnerability in the update for the content transmitted” and “discovered, and an amount of the update for the content transmitted” as drafted, are functions that, under its broadest reasonable interpretation, recite the abstract idea of a mental process. For example, a person is capable of determining an error, determining a risk based on factors like severity level, amount discovered, and performing an action based on the risk which can be performed mentally or with pen or paper just like risk assessment and decision-making in security protocols. Therefore, these limitations encompass a human mind carrying out the function through observation, evaluation judgment and /or opinion, or even with the aid of pen and paper. Thus, these limitations recite and falls within the “Mental Processes” grouping of abstract ideas under Prong 1.
Under Prong 2, the additional elements “A quantum computing device, comprising: a memory; and a processor device coupled to the memory, the processor device to:” and “from a server computing device to a client computing device over a quantum communication channel that is using a quantum key distribution (QKD) protocol and a first key generated by the QKD protocol,” “from the server computing device to the client computing device over the quantum communication channel, an amount of the first key” and “from the server computing device to the client computing device over the quantum communication channel discovered” are recited at a high-level of generality, using generic computer/quantum components to implement the abstract risk assessment and response are merely to execute/run to and from the device/client to perform the abstract idea. See MPEP 2106.05(f). For the additional elements “perform a first action based on the risk of discovery of the vulnerability in the update for the content” do nothing more than to add insignificant extra solution activity to the judicial exception of merely updating/gathering data for automation. See MPEP § 2106.05(h).
Under Step 2B, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of “A quantum computing device, comprising: a memory; and a processor device coupled to the memory, the processor device to:” and “from a server computing device to a client computing device over a quantum communication channel that is using a quantum key distribution (QKD) protocol and a first key generated by the QKD protocol,” “from the server computing device to the client computing device over the quantum communication channel, an amount of the first key” and “from the server computing device to the client computing device over the quantum communication channel discovered” amount to no more than mere instructions, or generic computer and/or computer components to carry out the exception, thus, cannot amount to an inventive concept. See MPEP 2105.06(f). For the additional elements “perform a first action based on the risk of discovery of the vulnerability in the update for the content” the courts have recognized storing and retrieving information in memory and performing repetitive calculation as a well‐understood, routine, and conventional functions, such as generic error detection via lookup of vulneraries are merely generic manner (e.g., at a high level of generality) or an insignificant extra-solution activity (Berkheimer v. HP, Inc., 881 F.3d 1360, 1368, 125 USPQ2d 1649, 1654 (Fed. Cir. 2018)). See MPEP 2106.05(d). Accordingly, the claims are not patent eligible under 35 USC 101.
Claim 20, this claim is within at least one of the four categories of patent eligible subject matter as it is directing to a medium claim under Step 1.
20. A non-transitory computer-readable storage medium that includes computer-executable instructions that, when executed, cause one or more processor devices to:
determine that a first error occurred during a transmission of an update for content from a server computing device to a client computing device over a quantum communication channel that is using a quantum key distribution (QKD) protocol and a first key generated by the QKD protocol;
determine a risk of discovery of a vulnerability in the update for the content based on a severity level of the vulnerability in the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel, an amount of the first key discovered, and an amount of the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel discovered; and
perform a first action based on the risk of discovery of the vulnerability in the update for the content.
Regarding claim 20, the limitations “determine that a first error occurred during a transmission of an update for content,” “determine a risk of discovery of a vulnerability in the update for the content based on a severity level of the vulnerability in the update for the content transmitted” and “discovered, and an amount of the update for the content transmitted” as drafted, are functions that, under its broadest reasonable interpretation, recite the abstract idea of a mental process. For example, a person is capable of determining an error, determining a risk based on factors like severity level, amount discovered, and performing an action based on the risk which can be performed mentally or with pen or paper just like risk assessment and decision-making in security protocols. Therefore, these limitations encompass a human mind carrying out the function through observation, evaluation judgment and /or opinion, or even with the aid of pen and paper. Thus, these limitations recite and falls within the “Mental Processes” grouping of abstract ideas under Prong 1.
Under Prong 2, the additional elements “A non-transitory computer-readable storage medium that includes computer-executable instructions that, when executed, cause one or more processor devices to:” and “from a server computing device to a client computing device over a quantum communication channel that is using a quantum key distribution (QKD) protocol and a first key generated by the QKD protocol,” “from the server computing device to the client computing device over the quantum communication channel, an amount of the first key” and “from the server computing device to the client computing device over the quantum communication channel discovered” are recited at a high-level of generality, using generic computer/quantum components to implement the abstract risk assessment and response are merely to execute/run to and from the device/client to perform the abstract idea. See MPEP 2106.05(f). For the additional elements “perform a first action based on the risk of discovery of the vulnerability in the update for the content” do nothing more than to add insignificant extra solution activity to the judicial exception of merely updating/gathering data for automation. See MPEP § 2106.05(h).
Under Step 2B, the claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of “A non-transitory computer-readable storage medium that includes computer-executable instructions that, when executed, cause one or more processor devices to:” and “from a server computing device to a client computing device over a quantum communication channel that is using a quantum key distribution (QKD) protocol and a first key generated by the QKD protocol,” “from the server computing device to the client computing device over the quantum communication channel, an amount of the first key” and “from the server computing device to the client computing device over the quantum communication channel discovered” amount to no more than mere instructions, or generic computer and/or computer components to carry out the exception, thus, cannot amount to an inventive concept. See MPEP 2105.06(f). For the additional elements “perform a first action based on the risk of discovery of the vulnerability in the update for the content” the courts have recognized storing and retrieving information in memory and performing repetitive calculation as a well‐understood, routine, and conventional functions, such as generic error detection via lookup of vulneraries are merely generic manner (e.g., at a high level of generality) or an insignificant extra-solution activity (Berkheimer v. HP, Inc., 881 F.3d 1360, 1368, 125 USPQ2d 1649, 1654 (Fed. Cir. 2018)). See MPEP 2106.05(d). Accordingly, the claims are not patent eligible under 35 USC 101.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-5, 9-10,12 and 15-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over USPN 20210105130 to Griffin et al. in view of USPN 12200122 to Massimiliano et al.
Per claim 1:
Griffin discloses:
1. A method, comprising:
determining, by a quantum computing device (Paragraph [0024] “The environment 10 includes a quantum computing system 12”), that a first error occurred during a transmission from a server computing device to a client computing device over a quantum communication channel that is using a quantum key distribution (QKD) protocol (here detection in eavesdropping error on quantum channel during QKD key use, see Paragraph [0023] “a QKD protocol… detection of an eavesdropper, a key-revocation message is sent to entities utilizing the key… an eavesdropper is detected substantially instantaneously, the entity can safely halt usage of the key and purge any encrypted information prior to the eavesdropper utilizing the key”) and a first key generated by the QKD protocol (20210105130 Paragraph [0024] “QKD protocol, in conjunction with the qubits 14-1, 14-2… the quantum communication channel 16 to generate a key 22”);
determining, by the quantum computing device, a risk of discovery of a vulnerability based on a severity level of the vulnerability transmitted from the server computing device to the client computing device over the quantum communication channel (Paragraph [0029, 0031] “quantum computing system 12 includes a QKD monitor 42, which continuously monitors the quantum communication channel 16 for eavesdroppers. Upon detection of an eavesdropper, the quantum computing system 12 may notify any entity that has registered for notifications of the eavesdropper… quantum computing system 12 may also determine an estimated amount of the key 22 that has been ascertained by the eavesdropper 44”),
an amount of the first key discovered, and transmitted from the server computing device to the client computing device over the quantum communication channel discovered (here estimated key from error statistics and threshold based actions implies determining exposure amount, see Paragraph [0031-0032] “determine an estimated amount of the key 22 that has been ascertained by the eavesdropper 44 via the use of a test statistic… quantum computing system 12 sends the computing devices 28-1 and 28-2 a key-revocation message that indicates an eavesdropper has been detected… key-revocation message may also include the estimated amount of the key 22 that has been ascertained by the eavesdropper 44… computing device 28-1 may receive the estimated amount of the key 22 that was ascertained by the eavesdropper 44 and compare the estimated amount to a predetermined threshold amount 46”); and
performing, by the quantum computing device, a first action based on the risk of discovery of the vulnerability (here the estimates the amount of key compromised and perform and action i.e., revoke key, send revocation, regenerate key, see Paragraph [0032] “computing device 28-1 may immediately invalidate the key 22 to inhibit use of the key 22… notified of the eavesdropping instantaneously upon detection of the eavesdropping by the eavesdropper 44, and thus the eavesdropper 44 has no opportunity to utilize the key 22”).
Griffin does not explicitly disclose an update for content.
However, Massimiliano discloses in an analogous computer system an update for content (Col. 6, lines 51-62 “server device 110 determines an update… client device 105 updates the PQP with the provided operation and stores S215 the updated PQP”).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to incorporate the method of an update for content as taught by Massimiliano into the method of key generation upon detection of an eavesdropper as taught by Griffin. The modification would be obvious because of one of ordinary skill in the art would be motivated to add/incorporate the features of an update for content to provide an efficient technique for updating contents securely so as to efficiently and accurately delivering data secure suggested by Massimiliano (col. 1, line 29-35).
Per claim 2:
The rejection of claim 1 is incorporated and as applied above to claim 1 that Massimiliano teaches the update for the content and further, Griffin discloses:
2. The method of claim 1, further comprising:
determining the severity level of the vulnerability; determining the amount of the first key discovered; and determining the amount of the update for the content discovered (Paragraph [0029, 0031] “quantum computing system 12 includes a QKD monitor 42, which continuously monitors the quantum communication channel 16 for eavesdroppers. Upon detection of an eavesdropper, the quantum computing system 12 may notify any entity that has registered for notifications of the eavesdropper… quantum computing system 12 may also determine an estimated amount of the key 22 that has been ascertained by the eavesdropper 44”).
Per claim 3:
The rejection of claim 2 is incorporated and further, Griffin does not explicitly disclose wherein determining the severity level of the vulnerability in the update for the content comprises obtaining, from the update for the content, the severity level of the vulnerability.
However, Massimiliano discloses in an analogous computer system wherein determining the severity level of the vulnerability in the update for the content comprises obtaining, from the update for the content, the severity level of the vulnerability (Col. 6, lines 5-7 “a Chain of Authentications that extend the trust to other identities, and Authentications (Signatures) performed on the Data”).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to incorporate the method of wherein determining the severity level of the vulnerability in the update for the content comprises obtaining, from the update for the content, the severity level of the vulnerability as taught by Massimiliano into the method of key generation upon detection of an eavesdropper as taught by Griffin. The modification would be obvious because of one of ordinary skill in the art would be motivated to add/incorporate the features of wherein determining the severity level of the vulnerability in the update for the content comprises obtaining, from the update for the content, the severity level of the vulnerability to provide an efficient technique to obtain standard severity data which is included with security patch.
Per claim 4:
Griffin discloses:
4. The method of claim 2, wherein determining the amount of the first key discovered comprises obtaining, from the QKD protocol, an amount of errors introduced into the first key (here errors introduced by eavesdroppers used to estimate compromise, see Paragraph [0029,0031] “Upon detection of an eavesdropper, the quantum computing system 12 may notify any entity that has registered for notifications of the eavesdropper… quantum computing system 12 may also determine an estimated amount of the key 22 that has been ascertained by the eavesdropper 44 via the use of a test statistic”).
Per claim 5:
The rejection of claim 2 is incorporated and further, Griffin does not explicitly disclose wherein the amount of the update for the content comprises a quantity of the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel when the first error occurred.
However, Massimiliano discloses in an analogous computer system wherein the amount of the update for the content comprises a quantity of the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel when the first error occurred (Col. 8, line 61 to Col. 9, line 3 “Partially (i.e., in quantity) Upgradeable Devices and Quantum-Safe Traditional Authentications… upgrade path might be the most common for the broadband industry given that the possibility to provide secure software updates”).
The feature of providing system wherein the amount of the update for the content comprises a quantity of the update for the content transmitted from the server computing device to the client computing device over the quantum communication channel when the first error occurred would be obvious for the reasons set forth in the rejection of claim 1.
Per claim 9:
The rejection of claim 1 is incorporated and as applied above to claim 1 that Massimiliano teaches the update for the content and further, Griffin discloses:
9. The method of claim 1, wherein performing the first action based on the risk of discovery of the vulnerability comprises:
generating, by the QKD protocol, a second key for use by the quantum communication channel (Paragraph [0033] “computing device 28-1 may then invoke the new key function 36-1 to cause the quantum computing system 12 to generate a new key” also see paragraph [0035]); and
transitioning the quantum communication channel to use the second key (Paragraph [0033] “computing devices 28-1, 28-2 may then begin using the new key for purposes of encrypting and decrypting messages communicated between the computing devices 28-1, 28-2”).
Per claim 10:
The rejection of claim 1 is incorporated and as applied above to claim 1 that Massimiliano teaches the update for the content and further, Griffin discloses:
10. The method of claim 1, wherein performing the first action based on the risk of discovery of the vulnerability comprises:
stopping the transmission of the server computing device to the client computing device over the quantum communication channel (Paragraph [0031] “computing devices 28-1 and 28-2 a key-revocation message that indicates an eavesdropper has been detected by invoking the notification functions 43-1, 43-2”); and
stopping the quantum communication channel (Paragraph [0031] “quantum computing system 12 may also immediately move (i.e., stopping one channer and moving to another) the qubits 14-1 and 14-2 to a different quantum communication channel”).
Per claim 12:
The rejection of claim 1 is incorporated and further, Griffin does not explicitly discloses wherein performing the first action based on the risk of discovery of the vulnerability in the update for the content comprises continuing the transmission of the update for the content from the server computing device to the client computing device over the quantum communication channel.
However, Massimiliano discloses in an analogous computer system wherein performing the first action based on the risk of discovery of the vulnerability in the update for the content comprises continuing the transmission of the update for the content from the server computing device to the client computing device over the quantum communication channel (Col. 12, lines 10-15 “mechanism to continue to use deployed identities (e.g., RSA certificates) in a secure fashion even when the original algorithm is completely broken”).
The feature of providing wherein performing the first action based on the risk of discovery of the vulnerability in the update for the content comprises continuing the transmission of the update for the content from the server computing device to the client computing device over the quantum communication channel would be obvious for the reasons set forth in the rejection of claim 1.
Per claim 15:
Griffin discloses:
15. The method of claim 1, wherein the server computing device is a quantum computing device and the client computing device is a quantum computing device (see Fig. 1 and related discussion).
Per claim 16:
Griffin discloses:
16. The method of claim 15, further comprising:
encoding the update for the content into a plurality of qubits, wherein the transmission of the update for the content from the server computing device to the client computing device over the quantum communication channel comprises a transmission of the plurality of qubits from the server computing device to the client computing device over the quantum communication channel. (Paragraph [0063] “quantum computing system 12 further includes at least one quantum communication channel 16 coupled between at least two qubits 14-1-14-2”).
Per claim 17:
The rejection of claim 1 is incorporated and as applied above to claim 1 that Massimiliano teaches the update for the content and further, Griffin discloses:
17. The method of claim 1, wherein the vulnerability is referred to by a Common Vulnerabilities and Exposures (CVE) identifier (Paragraph [0045] “a key service 82 that is configured to receive messages, such as notifications (i.e., identifier) of eavesdroppers, from the quantum computing system 12… a plurality of policy sets from a secure and trusted location and uses the key 22”)and the severity level of the vulnerability is a Common Vulnerability Scoring System (CVSS) score (Paragraph [0047] “security rules 94 may identify three threshold values 96-1-96-3 (i.e., score) that identify various actions to take in response to notification of an eavesdropper and an estimate of the amount of the key 22”).
Per claim 18:
Griffin discloses:
18. The method of claim 1, wherein the first error comprises one or more of an error introduced by an intruder attempting to discover the first key, an error in an encoding of the update for the content, or a defective connection of the quantum communication channel (Since this appears to be MARKUSH type language requiring at a minimum just one from the list, Griffin teaches Paragraph [00339] “encrypted policy sets 72-1-72-N (generally, encrypted policy sets 72) that contain access rights information that governs access to an electronic resource 62 by an entity… user associated with the user computing device 70… instantaneous key invalidation in response to a detected eavesdropper”).
Claims 19 is/are the apparatus/system claim corresponding to method claim 1 and rejected under the same rational set forth in connection with the rejection of claim 1 as noted above.
Claims 20 is/are the medium claim corresponding to method claim 1 and rejected under the same rational set forth in connection with the rejection of claim 1 as noted above.
Allowable Subject Matter
Claims 6, 11 and 13 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. In addition, claims 7-8 and 14 are objected by virtue of their respective dependencies on claims 6 and 13.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Related cited arts:
Knill, Emanuel. "Quantum computing with realistically noisy devices." Nature 434.7029 (2005): pp. 39-44.
Shor, Peter W. "Quantum computing." Documenta Mathematica 1.1000 (1998): pp. 467-486.
Kitaev, A. Yu. "Quantum computations: algorithms and error correction." Russian Mathematical Surveys 52.6 (1997): pp. 1191-1249.
US10439806 discloses One embodiment described herein provides a system and method for establishing a secure communication channel between a client and a server. During operation, the client generates a service request comprising a first dynamic message, transmits the first service request to the server, which authenticates the client based on the first dynamic message, and receives a second dynamic message from the server in response to the first dynamic message. The client authenticates the server based on the second dynamic message, and negotiates, via a quantum-key-distribution process, a secret key shared between the client and the server. The client and server then establish a secure communication channel based on at least a first portion of the secret key.
US20220345298 discloses Systems and methods for handshaking, without a certificate authority, to provide at least post-quantum communications security over a computer network. The method generates an authentication tag, hashing, by an initiator, a concatenation of unique identifiers of the initiator and a recipient. The method also generates an encrypted text, symmetrically encrypting, by the initiator that is configured to use a shared secret, a concatenation of the authentication tag and the unique identifiers of the initiator and the recipient. The method further includes sending the encrypted text from the initiator to a server. The method also includes symmetrically decrypting, by the server that is configured to use the shared secret, the encrypted text. The method further includes authenticating, by the server, the encrypted text. The method also includes generating a session key and providing the session key from the server to the initiator.
US12225117 discloses One or more computing devices, systems, and/or methods are provided. In an example, a system includes a first non-quantum-resistant (NQR) device configured to generate first data and a first quantum capable proxy server configured to receive the first data, encrypt the first data using a quantum resistant (QR) protocol to generate first QR data, and communicate the first QR data to a first target device using a first QR channel. In an example, a method includes generating first data by a first non-quantum-resistant (NQR) device, communicating the first data, by the first NQR device, to a first quantum capable proxy server, encrypting the first data, by the quantum capable proxy server, using a quantum resistant (QR) protocol to generate first QR data, and communicating, by the quantum capable proxy server, the first QR data to a first target device using a first QR channel.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Satish Rampuria whose telephone number is 571-272-3732. The examiner can normally be reached on Monday-Friday from 8:30 AM to 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chat Do, can be reached at telephone number 571-272-3721. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Satish Rampuria/Primary Examiner, Art Unit 2193
*****