DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 03/06/2024.
Claims 1, 3-8, 10, 12, 14-15 and 17-20 have been amended, Claim 9 has been canceled and all other claims are previously presented.
Claims 1-8 and 10-20 are submitted for examination.
Claims 1-8 and 10-20 are pending.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Priority
This 371 application filed on March 06, 2024 claims priority of PCT application PCT/EP2022/072273 filed on August 08, 2022 and foreign application GB2112719.6 filed on September 07, 2021.
Information Disclosure Statement
The following Information Disclosure Statements in the instant application submitted in compliance with the provisions of 37 CFR 1.97, and thus, have been fully considered:
IDS filed on 18 March 2024.
Claim Objection
Claim 19 objected to because of the following informalities: Claim 19 recites a limitation, “Computer equipment comprising: memory comprising one or more memory units; and processing apparatus comprising one or more processing units, wherein the memory stores code arranged to run on the processing apparatus, the code being configured so as when run on the processing apparatus, the processing apparatus performs a method of generating a share of a shared private key:…”. Examiner suggests writing “A computer device comprising: memory comprising one or more memory units; and processing apparatus comprising one or more processing units, wherein the memory stores code arranged to run on the processing apparatus, so when the code runs on the processing apparatus, the processing apparatus performs a method of generating a share of a shared private key.”. Appropriate correction is required.
Claim 20 recites a limitation, “A computer program embodied on non-transitory computer- readable storage media and configured so as, when run on one or more processors, the one or more processors to perform a method of any of generating a share of a shared private key..”. Examiner suggest writing the limitation as by removing “any of”, “A computer program embodied on non-transitory computer- readable storage media and configured so as, when run on one or more processors, the one or more processors to perform a method of
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-8 and 10-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The independent claims 1, 19 and 20 recites generating a first share of a first shared private key based on a first share of the master private key and a first hash value, wherein the first hash value is generated by hashing a nonce value one or more times and wherein a coordinating party has access to a chain of hash values comprising an initial hash value, and a final hash value, wherein the initial hash value is generated by hashing the nonce value one or more times, and wherein each next hash value in the chain is generated by hashing a respective previous hash value in the chain, and wherein the first hash value is the final hash value.
The limitation of generating a first share of a first shared private key based on a first share of the master private key and a first hash value as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for recitation of generic computer components. That is, other than reciting “by a computer” (processing unit/processor) nothing in the claim element precludes the step from practically being performed in the mind or using a pen and paper. Similarly, the limitation wherein the initial hash value is generated by hashing the nonce value one or more times, and wherein each next hash value in the chain is generated by hashing a respective previous hash value in the chain, as drafted is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind or using a pen and paper but for the recitation of generic computer components. For example, but for the “by a computer / by a processor” language, “hashing” in the context of this claim encompasses the user calculating on a pan and paper a hash value. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea.
This judicial exception is not integrated into a practical application. In particular, the claim only recites one additional element – that the method is computer-implemented that generates share of a shared private key and each participant of a group of participant has a respective share of a master private key. The computer /processor is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of generating a share of a shared private key and hashing a nonce iteratively) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a computer/processor to perform both the generating first share and first hash value steps amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Dependent claims 2-8 and 10-18 do not represent significantly more and are too directed to non-statutory subject matter.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-8 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Goldfeder et al. (NPL- “Securing Bitcoin wallets via a new DSA/ECDSA threshold signature”, hereinafter “Goldfeder”, provided by the applicant in an IDS), and further in view of Carver et al. (US PGPUB. # US 2020/0167779, hereinafter “Carver”), and further in view of Kocher et al. (US PGPUB. # US 2016/0026826, hereinafter “Kocher”).
Referring To Claims 1, 19 and 20:
Regarding Claim 1, Goldfeder teaches,
A computer-implemented method of generating a share of a shared private key, wherein each participant of a group of participants has a respective share of a master private key, (Section 4.4 on left hand column under the section Deterministic wallets, “the corresponding private key, skmas is shared in a (t,n) manner amongst n players – the jth participant has key shar skmas(j)”, i.e. each participant has respective share of a master private key) and wherein the method is performed by a first participant of the group and comprises: (Section 4.4 on right hand column under the heading Threshold deterministic address derivation, “one of the participants is designated as the leader L”, i.e. Examiner submits that leader L is interpreted as a first participant)
generating a first share of a first shared private key based on a first share of the master private key and a first hash value, wherein the first hash value is generated by hashing a nonce value one or more times, (Section 4.4, on right hand column under the heading Threshold deterministic address derivation, “Our construction also refers to c, a 256-bit nonce that is chosen uniformly at random”, “We also use a hash function H that maps arbitrary strings to 256-bit output strings”, “Equation of computing shared secret key skij is multiplication of master private key and T which is a hash value, where T is computed as a hash of random number, master public key and an index I”, i.e. first share of a first shared private key is based on a first share of the master private key and a first hash value and a nonce value which is hashed at least one time) [and wherein a coordinating party has access to a chain of hash values comprising ……, and a final hash value], wherein the initial hash value is generated by hashing the nonce value one or more times, (Section 4.4, on right hand column under the heading Threshold deterministic address derivation, “T which is a hash value, where T is computed as a hash of random number, master public key and an index I”, i.e. initial hash value is generated by hashing a nonce at least one time) [and wherein each next hash value in the chain is generated by hashing a respective previous hash value in the chain, and wherein the first hash value is the final hash value].
Goldfeder does not teach explicitly,
wherein a coordinating party has access to a chain of hash values comprising ……, and a final hash value, [wherein the initial hash value is generated by hashing the nonce value one or more times], and wherein each next hash value in the chain is generated by hashing a respective previous hash value in the chain, and wherein the first hash value is the final hash value.
However, Carver teaches,
wherein a coordinating party has access to a chain of hash values comprising ……., and a final hash value, (¶3, “Each block typically contains a cryptographic hash linking it to a previous block, and transaction data”, “each block includes the cryptographic hash linking it to the prior block in the blockchain. The linked blocks form a chain. This iterative process confirms the integrity of the previous block, all the way back to the original genesis (or first) block”, ¶69-¶70, “the node coordinator then computes an overall block Merkle tree (from all the segment Merkle roots) and generates a block header incorporating the overall block Merkle root and other information. The node coordinator then transmits/propagates a Mining Done message via 602 containing the block header to the other node coordinators in the network”, ¶83-¶84, “The node coordinator 601 is responsible for tracking active branches and informing the segment handlers 604 which branch they are mining”, i.e. Examiner submits that a node coordinator manages a blockchain indicates that the coordinator has access to a hash chain with initial hash and final hash) [wherein the initial hash value is generated by hashing the nonce value one or more times, and wherein each next hash value in the chain is generated by hashing a respective previous hash value in the chain, and wherein the first hash value is the final hash value].
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Carver with the invention of Goldfeder.
Goldfeder teaches, a first participant generates a first shared private key based on a first share of master key and a first hash value. Carver teaches, a coordinator managing a blockchain has access to first hash value and a final hash value of a blockchain. Therefore, it would have been obvious to have a coordinator managing a blockchain has access to first hash value and a final hash value of a blockchain of Carver with a first participant generating a first shared private key based on a first share of master key and a first hash value of Goldfeder so that a coordinator manages generation of shared private key for the participant nodes in a blockchain to perform threshold cryptography.
KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007).
Combination of Goldfeder and Carver does not teach explicitly,
[and wherein a coordinating party has access to a chain of hash values comprising ……., and a final hash value, wherein the initial hash value is generated by hashing the nonce value one or more times], and wherein each next hash value in the chain is generated by hashing a respective previous hash value in the chain, and wherein the first hash value is the final hash value.
However, Kocher teaches,
[and wherein a coordinating party has access to a chain of hash values comprising ………., and a final hash value, wherein the initial hash value is generated by hashing the nonce value one or more times], and wherein each next hash value in the chain is generated by hashing a respective previous hash value in the chain, and wherein the first hash value is the final hash value. (Fig. 1(101, 102), ¶46, “The encrypting device also generates (step 101) a nonce N”, ¶47, “the encrypting device could compute H1 (step 102) as the hash of N using the function h( )”, Fig. 2, ¶49, ¶50, “the derivation of each intermediate key depends on at least one predecessor key (e.g., in the case of FIG. 2, its immediate parent) and the relevant portion of the message identifier”, ¶55, “We refer to this as “ciphertext hash chaining.”, ¶56, “inclusion of the hash of D1 . . . DL (which, in this case, would just be D1 since L=1) is optional. The result of the process E=E1, since this is the only segment”, Fig. 5, ¶68-¶69 i.e. each next hash value is generated by hashing a previous hash in the chain. The first hash value is the final hash value in the example of data as one segment).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Kocher with the invention of Goldfeder in view of Carver.
Goldfeder in view of Carver teaches, a first participant generates a first shared private key based on a first share of master key and a first hash value and a coordinator managing a blockchain has access to first hash value and a final hash value of a blockchain. Kocher teaches, an iterative hash chain where each next hash value in the chain is generated by hashing a respective previous hash value. Therefore, it would have been obvious to have an iterative hash chain where each next hash value in the chain is generated by hashing a respective previous hash value of Kocher into the teachings of Goldfeder to strengthen the security of generated shared secured key to protect from a malicious user.
KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007).
Regarding Claim 19, it is a Computer equipment Claim of above method Claim 1 and therefore Claim 19 is rejected with the same rationale as applied against Claim 1 above.
Carver discloses a computer equipment having a processor. (Fig. 10, ¶146).
Regarding Claim 20, it is a computer program Claim of above method Claim 1 and therefore Claim 20 is rejected with the same rationale as applied against Claim 1 above.
Carver discloses a computer program (¶156).
Regarding Claim 2, rejection of Claim 1 is included for the same motivation Goldfeder teaches,
The method of claim 1, wherein the first hash value is generated by hashing the nonce value [multiple times]. (Section 4.4, on right hand column under the heading Threshold deterministic address derivation, “Our construction also refers to c, a 256-bit nonce that is chosen uniformly at random”, “T which is a hash value, where T is computed as a hash of random number, master public key and an index I”, i.e. first share of a first shared private key is based on a first share of the master private key and a first hash value and a nonce value is hashed at least one time)
Combination of Goldfeder and Carver does not teach explicitly,
The method of claim 1, [wherein the first hash value is generated] by hashing the nonce value multiple times.
However, Kocher teaches,
The method of claim 1, [wherein the first hash value is generated] by hashing the nonce value multiple times. ( Fig. 1(101, 102), ¶46, “The encrypting device also generates (step 101) a nonce N”, ¶47, “the encrypting device could compute H1 (step 102) as the hash of N using the function h( )”, ¶55, “We refer to this as “ciphertext hash chaining.”, i.e. nonce value is hashed multiple times).
Regarding Claim 3, rejection of Claim 1 is included for the same motivation Goldfeder teaches,
The method of claim 1, wherein the method comprises generating the first hash value. (Section 4.4, on right hand column under the heading Threshold deterministic address derivation, “Our construction also refers to c, a 256-bit nonce that is chosen uniformly at random”, “T which is a hash value, where T is computed as a hash of random number, master public key and an index I”, i.e. the first hash value is generated).
Regarding Claim 4, rejection of Claim 1 is included for the same motivation Goldfeder does not teach explicitly,
The method of claim 1, wherein the method comprises receiving the first hash value from a different participant of the group or a coordinating party.
However, Carver teaches,
The method of claim 1, wherein the method comprises receiving the first hash value from a different participant of the group or a coordinating party. (¶72-¶73).
Regarding Claim 5, rejection of Claim 1 is included for the same motivation Goldfeder teaches,
The method of claim 1, wherein each participant has a master public key corresponding to the master private key, (Section 4.4, Right hand column – Threshold deterministic address derivation has lines 1-6 teaches that each participant has master public key) and wherein the method comprises generating a first public key corresponding to the first shared private key based on the master public key and a public key corresponding to the first hash value. (Section 4.4, Right hand column – Public Key Derivation Function, has formula that teaches, first public key is calculated based on the master public key and a first hash value).
Regarding Claim 6, rejection of Claim 1 is included for the same motivation Goldfeder teaches,
The method of claim 1, comprising: generating a first share of a second shared private key based on a first share of the master private key and a second hash value, wherein the second hash value is generated by hashing the nonce value one or more times, wherein the second hash value is different to the first hash value. (Section 4.4, on right hand column under the heading Threshold deterministic address derivation, “Our construction also refers to c, a 256-bit nonce that is chosen uniformly at random”, “We also use a hash function H that maps arbitrary strings to 256-bit output strings”, “Equation of computing shared secret key skij is multiplication of master private key and T which is a hash value, where T is computed as a hash of random number, master public key and an index I”, Examiner submits that Goldfeder teaches, generating shared keys for each participant in an iterative manner thus same formula applies to a second participant for whom first share of a second shared private key is based on a first share of the master private key and a second hash value and a nonce value which is hashed at least one time)
Regarding Claim 7, rejection of Claim 1 is included for the same motivation Goldfeder teaches,
The method of claim 1, comprising: generating a first share of a third shared private key based on the first share of the first shared private key and a third hash value, wherein the third hash value is generated by hashing the nonce value one or more times. (Section 4.4, on right hand column under the heading Threshold deterministic address derivation, “Our construction also refers to c, a 256-bit nonce that is chosen uniformly at random”, “We also use a hash function H that maps arbitrary strings to 256-bit output strings”, “Equation of computing shared secret key skij is multiplication of master private key and T which is a hash value, where T is computed as a hash of random number, master public key and an index I”, Examiner submits that Goldfeder teaches, generating shared keys for each participant in an iterative manner thus same formula applies to a third participant for whom first share of a third shared private key is based on a first share of the master private key and a third hash value and a nonce value which is hashed at least one time)
Regarding Claim 8, rejection of Claim 5 is included for the same motivation Goldfeder teaches,
The method of claim 5, comprising: generating a first share of a third shared private key based on the first share of the first shared private key and a third hash value, wherein the third hash value is generated by hashing the nonce value one or more times; (Section 4.4, on right hand column under the heading Threshold deterministic address derivation, “Our construction also refers to c, a 256-bit nonce that is chosen uniformly at random”, “We also use a hash function H that maps arbitrary strings to 256-bit output strings”, “Equation of computing shared secret key skij is multiplication of master private key and T which is a hash value, where T is computed as a hash of random number, master public key and an index I”, Examiner submits that Goldfeder teaches, generating shared keys for each participant in an iterative manner thus same formula applies to a third participant for whom first share of a third shared private key is based on a first share of the master private key and a third hash value and a nonce value which is hashed at least one time) and
generating a third public key corresponding to the third shared private key based on the first public key and a public key corresponding to the third hash value. (Section 4.4, Right hand column – Public Key Derivation Function, has formula that teaches, first public key is calculated based on the master public key and a first hash value similarly third public key can be calculated for a third participant based on the master public key and a third hash value).
Regarding Claim 17, rejection of Claim 1 is included for the same motivation Goldfeder teaches,
The method of claim 1, comprising: obtaining a message; (Section 7.4, Usage, “If the phone has a keyshare for the public key, it presents the user with the transaction information along with the ability to allow or cancel the transaction”, i.e. a message is obtained)
and generating a first share of a digital signature based on the first share of the first shared private key and the message. (Section 7.4, Usage ““If the phone has a keyshare for the public key”, “the threshold scheme is run to produce a signature on the desktop. Finally the desktop broadcasts the signed transaction to the Bitcoin”, i.e. digital signature is generated based on a key share (first shared private key) and a message).
Regarding Claim 18, rejection of Claim 17 is included for the same motivation Goldfeder teaches,
The method of claim 17, wherein the message comprises at least part of a blockchain transaction. (Section 7.4, Usage, Right hand column, “We transferred a small amount of bitcoin to our specially created wallet and then spent it by threshold signing a transaction. Our threshold-signed transaction can be viewed in the block chain”, i.e. the message is part of a blockchain transaction).
Claims 10-16 Objected
Claims 10-16 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Goldfeder teaches, threshold signature scheme based on DSA/ECDSA. In particular Goldfeder teaches, generating threshold keys generation utilizing master private key and master public key. The master private key is distributed among the participants. There is a 256 bit nonce known to each participants, however the nonce is not shared publicly. When the master key pair (pkmas and skmas) is initially shared among t participants, one of the participants is designated as the leaser. The participant secret key is calculated based on hashing nonce and master public key and then multiplying computer hash with secret master key. (Section 4.4).
Carver et al. discloses, a high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network core is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. The system also provides for confidence-based consensus and automated fork resolution. The approach enables the blockchain to continue operating in the presence of an underlying network outage, and to enable clients to make decisions about the disposition of transactions during any period of uncertainty before full consensus has been achieved. (Abstract). A blockchain is a continuously growing list of records, called blocks, which are linked and secured using cryptography. Each block typically contains a cryptographic hash linking it to a previous block, and transaction data. For use as a distributed ledger, a blockchain typically is managed by a peer-to-peer network collectively adhering to a protocol for validating new blocks. Once recorded, the data in any given block cannot be altered retroactively without the alteration of all subsequent blocks, which requires collusion of the network majority. Blockchains are suitable for the recording of events, various records management activities (such as identity management, transaction processing, documenting provenance, etc.) and others. Generalizing, a blockchain is a decentralized, distributed and digital ledger that is used to record transactions across many computers so that the record cannot be altered retroactively without the alteration of all subsequent blocks and the collusion of the network. In a typical blockchain, blocks hold batches of valid transactions that are hashed and encoded into a data structure. In this structure, and as noted above, each block includes the cryptographic hash linking it to the prior block in the blockchain. The linked blocks form a chain. This iterative process confirms the integrity of the previous block, all the way back to the original genesis (or first) block. (¶3). Once a segment handler 604 determines that a segment is valid, it returns the result of its processing, namely, the root of a Merkle tree computed for the segment, to the node coordinator via 606. During mining the node coordinator trusts that the segments are valid. The other segment handlers 604 (operating concurrently) function similarly and return their mining results indicating that their segments likewise complete. Once all of the segment handlers respond to the node coordinator (with the Merkle roots of all segments), the node coordinator then computes an overall block Merkle tree (from all the segment Merkle roots) and generates a block header incorporating the overall block Merkle root and other information. The node coordinator then transmits/propagates a Mining Done message via 602 containing the block header to the other node coordinators in the network, and those other node coordinators then use the block Merkle root to complete their block verification process as will be described next. (¶69-¶70). The node coordinator 601 instructs its associated segment handlers 604 to receive transaction hashes at 608 from other nodes and, in response, to verify the associated transaction block assignments made by the mining node's segment handlers as they mine/assign transactions to a block in the mining process. Preferably, verification of segment data is performed progressively (as the data is received) and concurrently with the mining/assignment of additional transactions to the block segments in the mining node. Upon receipt of a transaction hash, via 608, a segment handler 604 forwards the transaction hash via 610 to the transaction handler 609 responsible for handling transactions for the segment. Upon receiving a transaction hash from a segment handler, the transaction handler 609 looks up the associated transaction record in its mem pool. (¶72-¶73).
Kocher et al. teaches, The encrypting device also generates (step 101) a nonce N which (as will be shown below) may be used as a message identifier (or a precursor thereto) for use in connection with the encryption of D. For example, the nonce could be generated using a true random number generator, a pseudorandom number generator, some combination of true and pseudorandom number generators, a counter value or other (preferably unique or seldom-repeating) parameter, or by deriving N from keys and/or data (including without limitation D, e.g., by setting N to the hash of part or all of D) available to the encryption device. In FIG. 1, for a given KROOT, the value of N used to encrypt a particular message is preferably not used to encrypt any other message (or if so, any reuse should be limited, unlikely and/or infrequent). In the exemplary embodiments that follow, a message identifier H1 is formed using nonce N. In the most straightforward implementation, in which N serves as the message identifier, H1 may simply equal N. As another example, in which N serves as a precursor to the message identifier, the encrypting device could compute H1 (step 102) as the hash of N using the function h( ). Hashing is useful in situations where one wishes to produce a fixed-size message identifier, for example, to permit the incorporation of longer data values (such as text strings) while operating on shorter quantities for computational efficiency, or to convert variable-length data values to a uniform length message identifier for computational simplicity, or to reduce any ability adversaries may have to influence the selection of H1. Of course, hashing is only one way to produce the message identifier, and those skilled in the art will appreciate that functions other than h may be employed to produce H1. (¶46-¶47). The encrypted segments E1 . . . EL form the ciphertext E. Step 104 in FIG. 1 is then completed. Using the hash of each Ei+1 in the computation of Ei effectively chains together the encrypted values, which serves to enable decrypting devices to detect modified (or defective) ciphertext segment(s) prior to decrypting the defective segment(s). We refer to this as “ciphertext hash chaining.” In the example shown above, each ciphertext segment Ei (1<i<L) depends on the hash of the next ciphertext segment, e.g., a validator V is used to authenticates the hash of the first ciphertext segment (E1), then E1 yields (after decryption to D1 if necessary) the expected hash of E2. Likewise, E2 yields (after decryption if necessary) the hash of segment E3, and so forth. (¶55).
Lu et al. teaches, One-way hash chain is basically a cryptography approach for safeguarding against password eavesdropping which is firstly proposed in [7]. Now, it can be found in other applications such as micropayment systems and RFID authentication due to elegant and versatile low-cost associated to this technique. Lamport[7] describes that a hash chain of length n could be
constructed by applying a one-way hash function H(.)
recursively to an initial seed value s.
H n(s)= H(H (…H (s)…))(n times) (II Background, C. One-way Hash Chain).
Bergman (US PGPUB. # US 2018/0212779) discloses, a generator device being configured for generating pseudo random numbers, the generator device comprising a computing device operable for (i) calculating a first hash chain from an initial hash value (H_0), the first hash chain comprising a first sequence of M hash values (HA_1, HA_2, . . . , HA_M); (ii) calculating a second hash chain (20) comprising a second sequence of M hash values (HB_1, HB_2, . . . , HB_M) from the initial hash value (H_0) and the hash values (HA_1, HA_2, . . . , HA_M) of the first sequence; and (iii) determining the pseudo random numbers from the hash values (HB_1, HB_2, . . . , HB_M) of the second sequence. Also disclosed are a method for generating pseudo random numbers and a method for quantum computing secure authentication, as well as a computer program product and a data processing system. (Abstract).
However, none of the references teaches the recited claim limitations.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Hennebert et al. (US PGPUB. # US 2021/0073796) discloses, a method of selectively authenticating a user of a blockchain with a smart contract deployed on said blockchain. The user has a hierarchical deterministic keys wallet comprising a path between the user's master private key and a private key specific to the smart contract, this path comprising a plurality of branches each carrying an index, the smart contract being univocally identified by one or several indices of branches followed by said path. The user can issue a transaction from an issuing account address, obtained by hashing the public key corresponding to said specific private key in an asymmetric cryptosystem, and can sign this transaction using the specific private key. The smart contract uses the signature to verify that the transaction was really issued from the issuing account address in question.
Lee et al. (US PGPUB. # US 2021/0058233) discloses, an electronic device is provided. The electronic device includes a display, and a processor configured to generate at least one hierarchy deterministic path, obtain at least one public key using a root seed and the at least one hierarchy deterministic path, obtain a blockchain address for a blockchain account from the at least one public key, obtain information about the blockchain address from a blockchain network based on the blockchain address, the information about the blockchain address including information about a balance of the blockchain account, and display at least part of the information about the blockchain address through the display, based on the information about the balance of the blockchain account.
Wentz (US PGPUB. # US 2020/0351657) discloses, a system for cryptographic authorization of wireless communications includes a verifying node and configured to receive a transfer request from a user device, authenticate the transfer request, generate a transfer authorization token, and provide the transfer authorization token to at least one recipient device.
Griffin et al. (US PAT. # US 10,505,723) discloses, a method of receiving an original message, share-holder list, and threshold amount. The original message is tokenized resulting in a tokenized message. A plurality of shares are generated from the tokenized message using a message sharing algorithm of a secret sharing scheme. Each of the plurality of shares is signcrypted using a public key and a private key associated with the shared secret provider computing system and a public key of a respective one of the share-holders included in the share-holders list, resulting in a plurality of signcrypted shares. The plurality of signcrypted shares is distributed to the respective ones of the share-holders according to the public key used to signcrypt the respective signcrypted share. The authenticity and data integrity of each of the plurality of signcrypted shares can be determined by using the public key associated and a public/private key pair associated with the share-holder.
Zamanl et al. (WIPO PGPUB. # WO 2019/216949) discloses, a node in a plurality of nodes can perform an identity set generation process. The node can then determine a leader node. The node may diffuse an identity set from each node of the plurality of nodes to the plurality of nodes. The node can then determine a majority set including identities occurring in at least one half of the identity sets, wherein the leader node diffuses the majority set of the leader node to the plurality of nodes. The node can verify the majority set of the leader node. The node may then update the identity set based on the majority set of the leader node.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached at 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498