Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
DETAILED ACTION
This action is in response to applicant’s submittal made on 05/29/2024. Claims 1-20 are pending.
Specification (Title)
The title of the invention is not descriptive. A new title is required that is clearly indicative of the invention to which the claims are directed.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-4, 6, 7, 15-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over CAMENISCH (WO 2010/086802) in view TANIZAWA (US Patent Publication No. 2017/0222803).
As to claims 1 and 15, CAMENISCH teaches a system, comprising:
at least one computing device comprising at least one processor and at least one memory (see figure 1 of CAMENISCH);
and machine-readable instructions stored in the at least one memory that, when executed by the at least one processor (i.e., …teaches on page 6 lines 25-36 the following: “a computer program embodying the invention may constitute an independent program or may be an element of a larger program, and may be supplied, for example, embodied in a computer-readable medium such as a disk or an electronic transmission for loading in a computer.”), cause the at least one computing device to at least:
generate a batch of authentication keys comprising a plurality of authentication keys (i.e., …teaches in the abstract the following: “A cryptographic accumulator indicative of the set of credentials is periodically generated.”);
generate, for the respective authentication key, a respective witness of a plurality of witnesses corresponding to the plurality of authentication keys (i.e., …teaches in abstract the following: “A witness is periodically generated for each credential in the set.”),
generate a key accumulator by inputting a respective authentication key of the plurality of authentication keys into an accumulator function (i.e., …teaches in the abstract the following: “A mapping is defined between cryptographic credentials in said set and respective group elements of a predefined plurality of group elements. A cryptographic accumulator indicative of the set of credentials is periodically generated.”);
wherein the respective witness enables regeneration of the accumulator using the respective witness and the respective authentication key (i.e., …teaches on page. 4 lines 30-35 & page 4 lines 1-5 the following: “A new set of witnesses will typically be generated each time the accumulator is regenerated,”);
a batch of authentication maps comprising a plurality of key-witness pairs comprising the respective witness and the respective authentication key (i.e., …teaches in the abstract the following: “A mapping is defined between cryptographic credentials in said set and respective group elements of a predefined plurality of group elements … the product of respective group elements related to the group elements mapped to the credentials in the set.”).
CAMENISCH does not expressly teach:
“and transmit, using a quantum key distribution channel”.
In this instance the examiner notes the teachings of prior art reference TANIZAWA.
With regards to applicant’s claim limitation element of, “and transmit, using a quantum key distribution channel”, teaches in their Abstract the following: “using an encryption key shared through a quantum key distribution”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of CAMENISCH with the teachings of TANIZAWA by having their system comprise a enhanced key management process. One would have been motivated to do so to provide a simple and effective means to distribute key related data in a network, wherein the enhanced key management process helps facilitate device configuring within the network and makes it easier to generate and management key related data.
As to claims 2 and 16, the system of CAMENISCH and TANIZAWA as applied to claim 1 above teaches a generating key related data, specifically CAMENISCH teaches a system of claim 1, wherein machine-readable instructions stored in the at least one memory that, when executed by the at least one processor (see figure 1 of CAMENISCH), cause the at least one computing device to at least:
receive, from a client device, a particular authentication key and a particular witness ( i.e., …teaches on page 17 lines 1-10 the following: “The prover logic then establishes a connection to distributor computer 16 to download the current value of the witness w for the credential C(i) previously obtained from issuer 2”);
and verify whether the particular authentication key is valid based at least in part on processing the particular authentication key and the particular witness to generate a value and comparing the value to the key accumulator (i.e., …teaches on page 17 lines 5-20 the following: “The prover logic then establishes a connection to distributor computer 16 to download the current value of the witness w for the credential C(i) previously obtained from issuer 2 and stored in memory 9. This step is necessary to account for any changes in the accumulator since the credential was issued in accordance with steps 32 to 34 of Figure 3. The updated witness w is stored in memory 9. Next, prover logic 8 sends the credential C(i), containing the serial number i as discussed earlier, together with the full witness wit, (w, σ.sub.t, g,) defined above, to verifier 7. Verifier logic 11 then similarly accesses distributor computer 16 to download the current value of the accumulator accγ which is then stored in memory 12. Next, verifier logic 11 runs the following verification protocol: i, WIt.sub.1, accγ): Parse WIt.sub.1 = (w, O.sub.1, g.sub.l). Output accept, if O.sub.1 is a valid signature on c( £ CiCC ) gill i under verification keypk and — = z . Otherwise output reject. e(g, w)”).
As to claims 3 and 17, the system of CAMENISCH and TANIZAWA as applied to claim 2 above teaches a generating key related data, specifically CAMENISCH teaches a system of claim 2, wherein machine-readable instructions stored in the at least one memory that, when executed by the at least one processor (i.e., …teaches on page 6 lines 25-36 the following: “a computer program embodying the invention may constitute an independent program or may be an element of a larger program, and may be supplied, for example, embodied in a computer-readable medium such as a disk or an electronic transmission for loading in a computer.”), cause the at least one computing device to at least:
transmit, to the client device, a token that provides access to a protected resource stored by a network service (i.e., , … teaches on page 17 lines 20-30 the following: “Verifier logic 11 also checks that the witness w confirms the group element g.sub.t is in the current accumulator accγ. This confirms that the user's credential is valid. Verifier logic 11 then permits or denies user computer 6 access to the service according to whether or not the credential is deemed valid.”).
As to claims 4 and 18, the system of CAMENISCH and TANIZAWA as applied to claims 1 above teaches a generating key related data, specifically CAMENISCH teaches a e system of claim 1, wherein the batch of authentication keys is associated with a timestamp (i.e., …teaches on page 1 lines 15-30 the following: “In most applications the set of valid credentials is a dynamic one, changing with time as new credentials are issued and "old" credentials are removed from the set. In particular, the validity of a cryptographic credential may be transitory, either because it is issued for a limited time period or because it is revoked for some other reason after issuance.”).
As to claims 6 and 20, the system of CAMENISCH and TANIZAWA as applied to claim 1 above teaches a generating key related data, specifically CAMENISCH does not expressly teach a system of claim 1, wherein the quantum key distribution channel comprises an optical fiber.
In this instance the examiner notes the teachings of prior art reference TANIZAWA.
TANIZAWA teaches in par. 32 the following: “the quantum communication channel (the optical fiber link”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of CAMENISCH with the teachings of TANIZAWA by having their system comprise a enhanced key management process. One would have been motivated to do so to provide a simple and effective means to distribute key related data in a network, wherein the enhanced key management process helps facilitate device configuring within the network and makes it easier to generate and management key data.
As to claim 7, the system of CAMENISCH and TANIZAWA as applied to claim 1 above teaches a generating key related data, specifically CAMENISCH teaches a system of claim 1, wherein the accumulator function comprises a one-way cryptographic function that takes the batch of authentication keys as a set of inputs to generate the key accumulator as an output value (i.e., …teaches on page 2 lines 10-20 the following: “A cryptographic accumulator allows a large set of inputs to be hashed in a single short output, namely the accumulator.”).
Claim(s) 5 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over CAMENISCH in view of TANIZAWA as applied claims 4 and 18 above and further in view of Roth et al. (US Patent No. 9,443,108 and Roth hereinafter).
As to claims 5 and 19, the system of CAMENISCH and TANIZAWA as applied to claim 4 above teaches a generating key related data, specifically neither reference expressly teaches a system of claim 4, wherein the timestamp is used as a key to identify the key accumulator from a plurality of timestamped key accumulators.
In this instance the examiner notes the teachings of prior art reference Roth.
Roth illustrates in figure 3, a accumulator management based on a time.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of CAMENISCH and TANIZAWA with the teachings of Roth by having their system comprise a enhanced resource management process. One would have been motivated to do so to provide a simple and effective means to utilize resource in a network, wherein the enhanced resource management process helps facilitate better data management and makes it easier to ensure data integrity.
Claim(s) 8 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over CAMENISCH in view of Zeng (EP 1788746).
As to claims 8, CAMENISCH teaches a method, comprising:
receiving, by an authentication service, a particular authentication key and a particular witness ( i.e., …teaches on page 17 lines 1-10 the following: “The prover logic then establishes a connection to distributor computer 16 to download the current value of the witness w for the credential C(i) previously obtained from issuer 2”);
verifying, by the authentication service, whether the particular authentication key is valid based at least in part on processing the particular authentication key and the particular witness to generate a value (i.e., …teaches in Abstract the following: “A witness is periodically generated for each credential in the set.”),
and comparing the value to a key accumulator (i.e., …teaches in the abstract the following: “The cryptographic accumulator is periodically published in the data processing system (1) so as to be available for use by system components (6, 7) involved in verifying whether cryptographic credentials in use in the system (1) are members of the dynamic set indicated by the accumulator.”),
wherein the key accumulator is cryptographically generated using a one-way cryptographic function (i.e., …teaches on page 2 lines 10-20 the following: “A cryptographic accumulator allows a large set of inputs to be hashed in a single short output, namely the accumulator.”);
based at least in part on the value matching the key accumulator (i.e., …teaches on page 17 lines 5-20 the following: “The prover logic then establishes a connection to distributor computer 16 to download the current value of the witness w for the credential C(i) previously obtained from issuer 2 and stored in memory 9. This step is necessary to account for any changes in the accumulator since the credential was issued in accordance with steps 32 to 34 of Figure 3. The updated witness w is stored in memory 9. Next, prover logic 8 sends the credential C(i), containing the serial number i as discussed earlier, together with the full witness wit, (w, σ.sub.t, g,) defined above, to verifier 7. Verifier logic 11 then similarly accesses distributor computer 16 to download the current value of the accumulator accγ which is then stored in memory 12. Next, verifier logic 11 runs the following verification protocol: i, WIt.sub.1, accγ): Parse WIt.sub.1 = (w, O.sub.1, g.sub.l). Output accept, if O.sub.1 is a valid signature on c( £ CiCC ) gill i under verification keypk and — = z . Otherwise output reject. e(g, w)”).
The system of CAMENISCH does not expressly teach:
and transmitting, by the authentication service,
a token that provides access to a protected resource stored by a network service
In this instance the examiner notes the teachings of prior art reference Zeng.
With regards to applicant’s claim limitation element of, “and transmitting, by the authentication service”, teaches in par. 0077 the following: “the communication unit 114 transmits the selected token and the computed credential to the user.”.
With regards to applicant’s claim limitation element of, “a token that provides access to a protected resource stored by a network service”, teaches in par. 0091 the following: “If the verifying unit 132 determines that the user is authorized by CA, i.e., it is proved that the user's token is accumulated in the accumulator, it notifies the serving unit 133.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of CAMENISCH with the teachings of Zeng by having their system comprise a enhanced access control process. One would have been motivated to do so to provide a simple and effective means to control access to resources in a network, wherein the enhanced access control process helps facilitate security within the network and makes it easier to perform authentication.
As to claims 12, the system of CAMENISCH and Zeng as applied to claim 8 above teaches a generating key related data, specifically CAMENISCH a method of claim 8, wherein the particular authentication key and the particular witness are received in association with a batch identifier (i.e., …teaches on page 1, lines 15-30 the following: “In most applications the set of valid credentials is a dynamic one, changing with time as new credentials are issued and "old" credentials are removed from the set. In particular, the validity of a cryptographic credential may be transitory, either because it is issued for a limited time period or because it is revoked for some other reason after issuance. In the former case, expiration date could be included in the credential (e.g. as one of the components, or "attributes", of data encrypted in the credential) and checked by a verifier to ensure validity.”).
Claim(s) 9 are rejected under 35 U.S.C. 103 as being unpatentable over CAMENISCH in view of Zeng as applied claim 8 above and further in view of TANIZAWA.
As to claims 9, the system of CAMENISCH and ZENG as applied to claim 8 above teaches a generating key related data, specifically CAMENISCH teaches a method of claim 8, further comprising:
transmitting, by the authentication service, a batch of authentication maps the Abstract the following: “A mapping is defined between cryptographic credentials in said set and respective group elements of a predefined plurality of group elements … the product of respective group elements related to the group elements mapped to the credentials in the set.”).
The system of CAMENISCH and ZENG do not expressly teach:
“using a quantum key distribution channel”.
In this instance the examiner notes the teachings of prior art reference TANIZAWA.
With regards to applicant’s claim limitation element of, “using a quantum key distribution channel”, teaches in their Abstract the following: “using an encryption key shared through a quantum key distribution”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of CAMENISCH and Zeng with the teachings of TANIZAWA by having their system comprise a enhanced key management process. One would have been motivated to do so to provide a simple and effective means to distribute key related data in a network, wherein the enhanced key management process helps facilitate device configuring within the network and makes it easier to generate and management key related data.
Claim(s) 10 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over CAMENISCH in view of Zeng as applied claim 8 above and further in view of Lougheed III et al. (US Patent Publication No. 2020/0220726 and Lougheed hereinafter).
As to claims 10, the system of CAMENISCH and Zeng as applied to claim 8 above teaches a generating key related data, specifically reference expressly teaches a method of claim 8, further comprising: generating, by the authentication service, a key revocation accumulator that is generated using at least one revoked authentication key as at least one input to generate the key revocation accumulator as an output value.
In this instance the examiner notes the teachings of prior art reference Lougheed.
Lougheed teaches in par. 0084 the following: “Revocation registry (RR) can be written to the verifiable data registry 160 by issuers 120. The RR is updated every time a credential is issued or revoked. The RR is a data structure that allows a subscriber 130 to check whether a particular credential is still currently valid. When a credential 116 is issued, the RR is updated to ensure that the non-revocation can be proved. When a credential 116 is revoked, the RR is updated to ensure that non-revocation can no longer be proved. The RR can reference the CD and cryptographic accumulator. The cryptographic accumulator is a type of compound hashing function tracking the valid credentials 516 added to and removed from the registry. Only holders 110, through proofs of non-revocation, can prove their credentials 516 are valid (not revoked) without disclosing which credential 516 is in question.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of CAMENISCH and Zeng with the teachings of Lougheed by having their system comprise a enhanced credential management process. One would have been motivated to do so to provide a simple and effective means to management important data related resources within a network, wherein the enhanced credential management process helps facilitate better system integrity and makes it easier to ensure security.
As to claims 11, the system of CAMENISCH and Zeng as applied to claim 10 above teaches a generating key related data, specifically CAMENISCH teaches a method of claim 10, wherein verifying whether the particular authentication key is valid based at least in further part on processing the particular authentication key to determine whether the particular authentication key is used to generate the key revocation accumulator.
In this instance the examiner notes the teachings of prior art reference Lougheed.
Lougheed teaches in par. 0084 the following: “Revocation registry (RR) can be written to the verifiable data registry 160 by issuers 120. The RR is updated every time a credential is issued or revoked. The RR is a data structure that allows a subscriber 130 to check whether a particular credential is still currently valid. When a credential 116 is issued, the RR is updated to ensure that the non-revocation can be proved. When a credential 116 is revoked, the RR is updated to ensure that non-revocation can no longer be proved. The RR can reference the CD and cryptographic accumulator. The cryptographic accumulator is a type of compound hashing function tracking the valid credentials 516 added to and removed from the registry. Only holders 110, through proofs of non-revocation, can prove their credentials 516 are valid (not revoked) without disclosing which credential 516 is in question.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of CAMENISCH and Zeng with the teachings of Lougheed by having their system comprise a enhanced credential management process. One would have been motivated to do so to provide a simple and effective means to management important data related resources within a network, wherein the enhanced credential management process helps facilitate better system integrity and makes it easier to ensure security.
Claim(s) 13 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over CAMENISCH in view of Zeng as applied claim 12 above and further in view of Roth.
As to claims 13, the system of CAMENISCH and Zeng as applied to claim 12 above teaches a generating key related data, specifically neither reference expressly teaches a method of claim 12, further comprising: retrieving the key accumulator based at least in part on the batch identifier.
In this instance the examiner notes the teachings of prior art reference Roth.
Roth illustrates in figure 3, a accumulator management based on a time.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of CAMENISCH and Zeng with the teachings of Roth by having their system comprise a enhanced resource management process. One would have been motivated to do so to provide a simple and effective means to comprehensively utilize resources in a network, wherein the enhanced resource management process helps facilitate better data management and makes it easier to ensure data integrity.
As to claims 14, the system of CAMENISCH and Zeng as applied to claim 12 above teaches a generating key related data, specifically neither reference expressly teaches a method of claim 12, wherein the batch identifier comprises a timestamp.
In this instance the examiner notes the teachings of prior art reference Roth.
Roth illustrates in figure 3, a accumulator management based on a time.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of CAMENISCH and Zeng with the teachings of Roth by having their system comprise a enhanced resource management process. One would have been motivated to do so to provide a simple and effective means to comprehensively utilize resources in a network, wherein the enhanced resource management process helps facilitate better data management and makes it easier to ensure data integrity.
Art Made of record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Pearson et al. (US Patent Publication No. 2018/0357426) , Mohan et al. (US Patent Publication No. 2016/0142205) and Casanova et al. (US Patent No. 11,886,413).
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRYAN F WRIGHT/ Examiner, Art Unit 2497