METHOD AND SYSTEM FOR PROTECTING DIGITAL SIGNATURES

§101 §102 §103 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This communication is in response to the amendment filed on 12/02/2025. Claims 1, 3, 6-9, 11, 14-20, and 22-24 are rejected. Claims 2, 4-5, 10, 12-13, and 21 have been canceled. Information Disclosure Statement The information disclosure statement (IDS) submitted on 09/08/2025 was filed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Priority Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. SG10/202112269T, filed on 11/05/2021 and is filed with PCT/SG2022/050769, filed 26 October 2022 and is filed in U.S. 371 application 18/700,993. Response to Arguments Applicant’s arguments, with respect to the claim of foreign priority have been fully considered and are persuasive. The Priority has been updated. Applicant's arguments, with respect to the Rejection under 35 USC § 101 have been fully considered but they are not persuasive. The amendment of the claim include the elements “a digital signing module”, a quantum-resistant protection module”. However, applicant’s specification does not indicate that these modules are hardware module. Claim 1 claimed a system but does not include at least a necessary hardware. Therefore, the rejection is maintained. Dependent claims 3 and 6-7 are also rejected accordingly. Applicant's arguments, with respect to the Rejection under 35 USC § 103 have been fully considered but they are not persuasive. Applicants argue that Jayachandran does not teach the amendment: zero-knowledge proof of computation of the digital signature. However, col. 6, lines 37-41 of Jayachandran teaches the amended limitation (see the rejection below). The other arguments associate with the collapsing hash function have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Jayachandran (col. 5, lines 17-19 and 56-61) teaches that cryptographic systems that are "asymmetric," either encryption or decryption key cannot be readily deduced without additional secret knowledge, wherein symmetrical or asymmetrical, may include quantum-secure cryptography, defined for the purposes of this disclosure as cryptography that remains secure against adversaries possessing quantum computers. In these paragraphs, Jayachandran teaches the zero-knowledge proof algorithm is quantum-secure. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claim 1 is rejected under 35 U.S.C 101 because the claimed invention is directed to non-statutory subject matter. The claims recite "a system" with various items configured to perform operations, but recite no hardware in the system to perform the claimed steps. Claim 1 is nothing more than software per se. The claims lack the necessary physical articles or objects to constitute a machine or manufacture within the meaning of 35 USC 101. They are clearly not a series of steps or acts to be a process nor are they a combination of chemical compounds to be a composition of matter. As such, they fail to fall within a statutory category. They are, at best, functional descriptive material. Claims 2-7 depend on claim 1 and are also rejected accordingly. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claim 20 recites the limitation "the private key and the proof of knowledge of the preimage parameter" in 2-3 There are insufficient antecedent basis for this limitations in the claim. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 20 and 22-24 are rejected under 35 U.S.C. 103 as being unpatentable over Jayachandran et al. (US 10846372 B1) hereafter Jayachandran. Regarding claim 20, Jayachandran teaches a method for verification of a quantum resistant digital signature for authentication of a source of data by verifying a proof of knowledge of the private key and the proof of knowledge of the pre-image parameter, the method comprising: authenticating the source of the data by using i) a public key associated with the private key (Col. 5, lines 14-20, generate, evaluate, and/or utilize digital signatures that includes the private key of a public key cryptographic system), and ii) a zero-knowledge proof of knowledge((col. 18, lines 36-37, alternatively, zero-knowledge proof may be computationally secure), to verify a digital signature corresponding to the data is generated in response to the private key (col. 20, lines 50-58, storing device 104 may have signed root 308, for instance as part of creating a digitally signed assertion including root 308 which may have been posted to immutable sequential listing 112, using a particular private key or other secret; storing device 104 may use the same private key, or another private key and/or secret for which signature may be verified using a verification datum, such as a public key corresponding to private key, that was suitable to verify the first digital signature). wherein the zero-knowledge proof of knowledge comprises a zero-knowledge proof of the computation of the private key (col. 6, lines 37-41, zero-knowledge proof may be computationally secure, meaning that determination of secret from output is computationally infeasible, for instance to the same extent that determination of a private key from a public key in a public key cryptographic system is computationally infeasible), zero-knowledge proof of the computation of the public key (col. 19, lines 5-10, zero-knowledge proof may include a succinct non-interactive arguments of knowledge proof, wherein a “trusted setup” process creates proof and verification keys using secret information encoded using a public key cryptographic system), and zero-knowledge proof of the computation of the digital signature starting from the pre-image parameter (col. 30, lines 21-25, locked payment may, for instance, be a zero-knowledge contingent payment or similar structure that, to be spent, requires public provision of zero-knowledge proof of preimage of accumulated element, potentially in combination with accumulated element itself). Regarding claim 22, Jayachandran teaches the method in accordance with Claim 20 wherein the authentication step comprises parallelly processing verification using the public key and verification using the zero-knowledge proof of knowledge (col. 19, lines 5-13, zero-knowledge proof may include a succinct non-interactive arguments of knowledge (ZKSNARKS) proof, wherein a "trusted setup" process creates proof and verification keys using secret (and subsequently discarded) information encoded using a public key cryptographic system, a prover runs a proving algorithm using the proving key and secret information available to the prover, and a verifier checks the proof using the verification key; public key cryptographic system may include RSA, elliptic curve cryptography). Regarding claim 23, Jayachandran teaches the method in accordance with Claim 22 wherein parallelly processing verification using the public key and verification using the zero-knowledge proof of knowledge comprises: retrieving the public key from a first digital storage location (col. 20, lines 13-16, another datum using either a symmetric or public-key cryptographic system, verifying that a stored key matches the key used for encryption as a function of at least a device-specific secret); and retrieving the zero-knowledge proof of knowledge of the pre-image parameter from a second digital storage location (col. 20, lines 66—67, requesting device 108 may include, for instance, a device that provided collection of data 116 to storing device 104). Regarding claim 24, Jayachandran teaches the method in accordance with Claim 20 to 23 wherein authenticating the source of the data comprises accepting verification of the data if and only if both the digital signature is determined to be generated in response to the private key and the zero-knowledge proof of knowledge is determined to be a valid proof computed from the pre-image parameter (col. 6, lines 8-12, if the public key that decrypts the known signature also decrypts the digital signature, the digital signature may be considered verified. Digital signature may also be used to verify that the file has not been altered since the formation of the digital signature; col. 21, lines 45-50, a proprietor and/or community operating immutable sequential listing 112 may require a secure proof, a password, or other provision of datum and/or proof of performance of a given process as a condition for a valid expenditure of value in the zero knowledge contingent payment). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 2, 4-5, 10, 12-13, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Jayachandran et al. (US 10846372 B1) hereafter Jayachandran, in view of Zhandry (US 20230318840 A1), and further in view of Trock (US 20230291561 A1). Regarding claim 1, Jayachandran teaches a quantum resistant digital signature system comprising: a digital signing module configured to: receive a pre-image parameter (col. 22, lines 2-5, fig. 1, storing device 104 generates a secure proof, which includes a zero-knowledge proof, of possession by storing device 104 of the preimage of the hash of K); generate a public key, wherein the public key is associated with the private key (Col. 5, lines 14-20, generate, evaluate, and/or utilize digital signatures that includes the private key of a public key cryptographic system), generate a digital signature in response to data and the private key (col. 20, lines 50-58, storing device 104 may have signed root 308, for instance as part of creating a digitally signed assertion including root 308 which may have been posted to immutable sequential listing 112, using a particular private key or other secret), a quantum-resistant protection module configured to generate a zero-knowledge proof of knowledge in response to the data (col. 18, lines 36-41, alternatively, zero-knowledge proof may be computationally secure, meaning that determination of secret from output is computationally infeasible, for instance to the same extent that determination of a 40 private key from a public key in a public key cryptographic system is computationally infeasible, wherein col. 3, lines 57-58 shows that cryptographic system includes quantum-secure cryptography), and wherein the zero-knowledge proof of knowledge comprises a zero-knowledge proof of the computation of the private key (col. 6, lines 37-41, zero-knowledge proof may be computationally secure, meaning that determination of secret from output is computationally infeasible, for instance to the same extent that determination of a private key from a public key in a public key cryptographic system is computationally infeasible), zero-knowledge proof of the computation of the public key (col. 19, lines 5-10, zero-knowledge proof may include a succinct non-interactive arguments of knowledge proof, wherein a “trusted setup” process creates proof and verification keys using secret (and subsequently discarded) information encoded using a public key cryptographic system), and zero-knowledge proof of the computation of the digital signature starting from the pre-image parameter (col. 30, lines 21-25, locked payment may, for instance, be a zero-knowledge contingent payment or similar structure that, to be spent, requires public provision of zero-knowledge proof of preimage of accumulated element, potentially in combination with accumulated element itself). Jayachandran does not explicitly teach generate a private key using a collapsing hash function, wherein the private key is generated in response to the pre-image parameter. Zhandry teaches generate a private key using a collapsing hash function ([0075] collapsing hash functions. Their core result is identical to Theorem 1, namely that collision resistance when the number of pre-images is polynomially bounded implies collapsing). It would have been obvious to a person of ordinary skill in the art before the effective filling date of the claimed invention made to include in the Jayachandran disclosure, the collapsing hash function, as taught by Zhandry. One would be motivated to do so to provide a post-quantum strengthening of collision resistance. Jayachandran and Zhandry do not explicitly teach wherein the private key is generated in response to the pre-image parameter Trock teaches wherein the private key is generated in response to the pre-image parameter ([0062] The private key is included in the unlocking script of the spending transaction. Then, the token sub-component verifies that the digital signature is a valid signature when validated against the generated preimage), It would have been obvious to a person of ordinary skill in the art before the effective filling date of the claimed invention made to include in the Jayachandran and Zhandry disclosure, the collapsing hash function, as taught by Trock. One would be motivated to do so to maps out the entire history of valid exchanges of the digital asset all the way back to their creation. Regarding claim 6, Jayachandran, Zhandry, and Trock teach the quantum resistant digital signature system in accordance with Claim 1 wherein Jayachandran further teaches the zero-knowledge proof of knowledge of is generated in response to at least a portion of the private key (col. 18, lines 36-41, zero-knowledge proof may be computationally secure, meaning that determination of secret from output is computationally infeasible, for instance to the same extent that determination of a private key from a public key in a public key cryptographic system is computationally infeasible). Regarding claim 7, Jayachandran, Zhandry, and Trock teach the quantum resistant digital signature system in accordance with Claim 1 wherein Jayachandran further teaches the quantum-resistant protection module sis configured to provide a plurality of proofs of knowledge of the pre-image of the private key, the plurality of proofs of knowledge of the pre-image of a private key having a predefined certificate hierarchy (col. 12, lines 15-17, certificates from a trusted third party, certificates from a decentralized anonymous authentication procedure; col. 19, lines 54-56, various forms of zero-knowledge proofs that may be used, singly or in combination, consistently with this disclosure). Regarding claim 8, Jayachandran a method for quantum-resistant digitally signing data comprising: generating a pre-image parameter in response to a security parameter (col. 22, lines 2-5, fig. 1, storing device 104 generates a secure proof, which includes a zero-knowledge proof, of possession by storing device 104 of the preimage of the hash of K); generating a public key, wherein the public key is associated with the private key (Col. 5, lines 14-20, generate, evaluate, and/or utilize digital signatures that includes the private key of a public key cryptographic system); generating a zero-knowledge proof of knowledge in response to the data (col. 18, lines 36-41, alternatively, zero-knowledge proof may be computationally secure, meaning that determination of secret from output is computationally infeasible, for instance to the same extent that determination of a 40 private key from a public key in a public key cryptographic system is computationally infeasible, wherein col. 3, lines 57-58 shows that cryptographic system includes quantum-secure cryptography); wherein the zero-knowledge proof of knowledge comprises a zero-knowledge proof of the computation of the private key (col. 6, lines 37-41, zero-knowledge proof may be computationally secure, meaning that determination of secret from output is computationally infeasible, for instance to the same extent that determination of a private key from a public key in a public key cryptographic system is computationally infeasible), zero-knowledge proof of the computation of the public key (col. 19, lines 5-10, zero-knowledge proof may include a succinct non-interactive arguments of knowledge proof, wherein a “trusted setup” process creates proof and verification keys using secret information encoded using a public key cryptographic system), and zero-knowledge proof of the computation of the digital signature starting from the pre-image parameter (col. 30, lines 21-25, locked payment may, for instance, be a zero-knowledge contingent payment or similar structure that, to be spent, requires public provision of zero-knowledge proof of preimage of accumulated element, potentially in combination with accumulated element itself). Jayachandran does not explicitly teach generating a private key using a collapsing hash function, wherein the private key is generated in response to the pre-image parameter; Zhandry teaches generating a private key using a collapsing hash function ([0075] collapsing hash functions. Their core result is identical to Theorem 1, namely that collision resistance when the number of pre-images is polynomially bounded implies collapsing). It would have been obvious to a person of ordinary skill in the art before the effective filling date of the claimed invention made to include in the Jayachandran disclosure, the collapsing hash function, as taught by Zhandry. One would be motivated to do so to provide a post-quantum strengthening of collision resistance., wherein the private key is generated in response to the pre-image parameter; Jayachandran and Zhandry do not explicitly teach wherein the private key is generated in response to the pre-image parameter; Trock teaches wherein the private key is generated in response to the pre-image parameter ([0062] The private key is included in the unlocking script of the spending transaction. Then, the token sub-component verifies that the digital signature is a valid signature when validated against the generated preimage), It would have been obvious to a person of ordinary skill in the art before the effective filling date of the claimed invention made to include in the Jayachandran and Zhandry disclosure, the collapsing hash function, as taught by Trock. One would be motivated to do so to maps out the entire history of valid exchanges of the digital asset all the way back to their creation. Regarding claim 9, Jayachandran, Zhandry, and Trock teach the method in accordance with Claim 8 Jayachandran further teaches storing the signature separately from a zero-knowledge proof for parallel verification when generating the digital signature (col. 20, lines 44-49, Storing device 104 may generate digital signature using a process that matches an earlier digital signature, where a first signature “matches” a second signature in this context if the first signature is verifiable using the same verification datum as the second signature). Regarding claim 14, Jayachandran, Zhandry, and Trock teach the method in accordance with Claim 8 wherein Jayachandran further teaches the zero-knowledge proof of knowledge is generated in response to at least a portion of the private key (col. 18, lines 36-41, zero-knowledge proof may be computationally secure, meaning that determination of secret from output is computationally infeasible, for instance to the same extent that determination of a private key from a public key in a public key cryptographic system is computationally infeasible). Regarding claim 15, Jayachandran, Zhandry, and Trock teach the method in accordance with Claim 8 wherein Jayachandran further teaches generating the private key comprises one or more of generating the private key by performing a hash key derivation on the pre-image parameter, performing a one-way function key derivation on the pre-image parameter, or performing a symmetric key derivation on the pre-image parameter (col. 4, lines 5-8, because hashing algorithm is a one-way function, it may be impossible to reconstruct a lot of data from a hash produced from the lot of data using the hashing algorithm; col. 21, lines 60061, K may be a symmetric key, such as an AES key). Regarding claim 16, Jayachandran, Zhandry, and Trock teach the method in accordance with Claim 8 wherein Jayachandran further teaches generating the public key and the pre-image parameter comprises one or more of generating the public key by performing a hash key derivation on the pre-image parameter, generating the public key by performing a one-way function key derivation on the pre-image parameter, or generating the public key by performing a symmetric key derivation on the pre-image parameter (col. 20, lines 11-16, trusted party may verify response by decrypting an encryption of challenge or of another datum using either a symmetric or public-key cryptographic system, verifying that a stored key matches the key used for encryption as a function of at least a device-specific secret). Regarding claim 17, Jayachandran, Zhandry, and Trock teach the method in accordance with Claim 8 wherein Jayachandran further teaches the data comprises a message, the method further comprising sending the digitally signed message, wherein the zero-knowledge proof of knowledge is accessible by a recipient of the message (col. 5, lines 14-20, a "digital signature," as used herein, includes a secure proof of possession of a secret by a signing device, as performed on provided element of data, known as a "message." A message may include an encrypted mathematical representation of a file or other set of data using the private key of a public key cryptographic system). Regarding claim 18, Jayachandran, Zhandry, and Trock teach the method in accordance with Claim 17 wherein Jayachandran further teaches sending the digitally signed message comprises sending the digitally signed message along with one or both of (1) the zero-knowledge proof of knowledge or (ii) location information for identifying a digital storage location from which the zero-knowledge proof of knowledge can be accessed (col. 13, lines 48-3, storing device 104 may be in communication with one or more remote devices 120 that store the data, and capable of commanding such remote devices 120 to transmit data and/or cryptographic hashes, encrypted forms , and/or zero-knowledge proofs of possession of data to requesting devices 108). Regarding claim 19, Jayachandran, Zhandry, and Trock teach the method in accordance with Claim 17, Jayachandran further teaches sending the public key, wherein sending the public key comprises sending the digitally signed message along with the public key or sending the public key to a digital storage location, the digital storage location comprising a certification authority or a public repository (col. 5, lines 25-30, where secure proof is enacted by encrypting message using a private key of a public key cryptographic system, verification may include decrypting the encrypted message using the corresponding public key and comparing the decrypted representation to a purported match that was not encrypted). Claims 3 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Jayachandran, in view of Zhandry, in view of Trock, and further in view of Verheul (US 20230327884 A1). Regarding claim 3, Jayachandran, Zhandry, and Trock teach the quantum resistant digital signature system in accordance with Claim 1 wherein Jayachandran does not explicitly teach a cryptographic key of a predetermined strength generates both the public key and the private key. Verheul teaches a cryptographic key of a predetermined strength generates both the public key and the private key ([0026] strong electronic signatures are based on public key cryptography. Here the user generates a public-private key pair. The private key is kept secret by the user and the public key can be provided to service providers). It would have been obvious to a person of ordinary skill in the art before the effective filling date of the claimed invention made to include in the Jayachandran disclosure, the strong of an electronic signature is determined that based on public-private key pair, as taught by Verheul. One would be motivated to do so to meet the security requirements on strong authentication, most notably the resistance against attackers with moderate or high attack potential. Regarding claim 11, Jayachandran, Zhandry, and Trock teach the method in accordance with Claim 8 wherein Jayachandran does not explicitly teach the security parameter comprises a cryptographic key of a predetermined strength. Verheul teaches the security parameter comprises a cryptographic key of a predetermined strength ([0026] strong electronic signatures are based on public key cryptography. Here the user generates a public-private key pair. The private key is kept secret by the user and the public key can be provided to service providers). It would have been obvious to a person of ordinary skill in the art before the effective filling date of the claimed invention made to include in the Jayachandran disclosure, the strong of an electronic signature is determined that based on public-private key pair, as taught by Verheul. One would be motivated to do so to meet the security requirements on strong authentication, most notably the resistance against attackers with moderate or high attack potential. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANH NGUYEN whose telephone number is (571)270-0657. The examiner can normally be reached M-F. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Umar Cheema can be reached at 5712703037. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ANH NGUYEN/Primary Examiner, Art Unit 2458