DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 05/28/2024.
Claims 1, 45, 48-49 are amended, Claims 2-9, 12, 17-18, 20-39 and 42 are canceled, all other Claims are previously presented.
Claims 1, 10-11, 13-16, 19, 40-41 and 43-52 are submitted for examination.
Claims 1, 10-11, 13-16, 19, 40-41 and 43-52 are pending.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Priority
This 371 application filed on May 28, 2024 claims priority of PCT application PCT/SG2022/050865 filed on November 28, 2022 and foreign application SG10202113249R filed on November 29, 2021.
Information Disclosure Statement
The following Information Disclosure Statements in the instant application submitted in compliance with the provisions of 37 CFR 1.97, and thus, have been fully considered:
IDS filed on 28 May 2024.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “…..a quantum reception device configured to receive a quantum transmission including encoded quantum bits for obtaining a quantum key..”, “…. a quantum transmission device configured to send the quantum transmission to the quantum reception device..”, “…a first encryptor device configured to generate a first key generation bit-sequence..”, “…a second encryptor device configured to receive the detected bit-sequence from the quantum reception device..”, for claim 49, “…wherein the second encryptor device is configured to generate a second key generation bit-sequence..”, for claim 50.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph limitation:
“a first encryptor device” is interpreted as Encryptor 226 of Figure 3. A written description provided in paragraph 75 of PGPUB. # US # 2025/0023720 as “The first key distillation engine 216, the first key manager 220, and the first encryption/decryption 224 may be implemented using integrated circuits such as processors” recites a sufficient structure.
“a second encryptor device” is interpreted as Encryptor 240 of Figure 3. A written description provided in paragraph 80 of PGPUB. # US # 2025/0023720 as “The second key distillation engine 250, the second key manager 254, and the second encryption/decryption engine 256 may be implemented using integrated circuits such as processors”, recites a sufficient structure.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim 1 recites the limitation "…… wherein the encoding or the decoding of the quantum bits uses a key generation bit-sequence received from an encryptor device…”. There is no “an encoding” in the claim. There is insufficient antecedent basis for this limitation in the claim.
Claim 44 recites the limitation, “…. verifying the consistency of the first detection probability and the second detection probability to detect tampering..”. There is no mention of “a consistency” in the claim. There is insufficient antecedent basis for this limitation in the claim.
Claim 45 recites the limitation, “…. verifying the consistency of the first detection probability and the second detection probability to detect tampering..”. There is no mention of “a consistency” in the claim. There is insufficient antecedent basis for this limitation in the claim.
Claim limitation “…..a quantum reception device configured to receive a quantum transmission including encoded quantum bits for obtaining a quantum key..”, “…. a quantum transmission device configured to send the quantum transmission to the quantum reception device..”, for claim 49. invokes 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. “a quantum reception device” is interpreted as QR 504, QR 514, QR 516 of Figure 2. The written description provided in paragraph 77 of the PGPUB. # US # 2025/0023720 as “The quantum reception device 230 includes a reception controller 246 and a photon detection module 244, which includes at least one photon detector and may include more…”. It is not clear a quantum reception device is a hardware or software. “a quantum transmission device” is interpreted as QT 508, QT 510, QT 520 of Figure 2. The written description provided in paragraph 72 of the PGPUB. # US # 2025/0023720 as “The quantum transmission device 208 includes a transmission controller 210 and a photon source 202 for generating photons for transmission via the quantum channel 228… “. It is not clear a quantum transmission device is a hardware or software. Therefore, the claims are indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph.
Applicant may:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph;
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over JI et al. (US PGPUB. # US 2019/0238326, hereinafter “JI”), and further in view of Varcoe et al. (US PGPUB. # US 2015/0134947, hereinafter “Varcoe”).
Regarding Claim 1, JI teaches,
A quantum key generation method, comprising:
receiving, by a quantum reception device, a quantum transmission from a quantum transmission device, the quantum transmission including encoded quantum bits for obtaining a quantum key; (Fig. 1, ¶80, “transmits a quantum in which 0 or 1 is encoded in each basis, the second quantum cryptography communication authentication apparatus 101 may generate a quantum key”, Fig. 3, ¶116, ¶118-¶119, i.e. second quantum cryptography device receives encoded quantum bits to obtain a quantum key) and
decoding and detecting the quantum bits from the quantum transmission to obtain a detected bit-sequence, (Fig. 3, ¶122, “the second quantum cryptography communication authentication apparatus 101 may measure the quantum state received from the first quantum cryptography communication authentication apparatus”, ¶131, “the first quantum cryptography communication authentication apparatus 100 may indicate the sequence of the function classification values, such as the signal bits, the QBER bits, and the authentication bits included in the sifted key”, ¶132, “the second quantum cryptography communication authentication apparatus 101 may classify bits at step S360”, ¶133, i.e. a bit sequence is obtained based on decoding and detecting quantum bits from the quantum transmission)
wherein the encoding or the decoding of the quantum bits uses a key generation bit-sequence received from an encryptor device, the encryptor device being configured to perform post-processing to obtain a quantum key (¶63-¶67, ¶80, Fig. 3, ¶155, “the first quantum cryptography communication authentication apparatus 100 and the second quantum cryptography communication authentication apparatus 101 may perform postprocessing at steps S420 and S430”, ¶157, “the first quantum cryptography communication authentication apparatus 100 and the second quantum cryptography communication authentication apparatus 101 may generate quantum keys, respectively, at steps S440 and S450”, ¶158-¶159, “encryption keys may be generated using the previously shared authentication key”, Fig. 4, ¶161-¶164, i.e. a quantum key is generated based on received key generation bit-sequence) [and detect tampering].
JI does not teach explicitly,
[wherein the encoding or the decoding of the quantum bits uses a key generation bit-sequence received from an encryptor device, the encryptor device being configured to perform post-processing to obtain a quantum key] and detect tampering.
However, Varcoe teaches,
[wherein the encoding or the decoding of the quantum bits uses a key generation bit-sequence received from an encryptor device, the encryptor device being configured to perform post-processing to obtain a quantum key] and detect tampering. (¶153, ¶177, “Alice and/or Bob may detect any tampering or modification of the signal by Eve using any suitable technique”, ¶178, “If any tampering or modification is detected, the protocol may be aborted and re-run from the beginning”, ¶284-¶285, ¶286, “The local noise introduced by Alice and Bob has the effect of randomising the location of errors introduced by Eve, thereby limiting her information about C(y). As increased single bit errors have a higher probability of being rejected at this stage, Eve's tampering is detectable in a reduced data rate”, i.e. a tampering is detected).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Varcoe with the invention of JI.
JI teaches, receiving encoded quantum bits from a quantum device and decoding the quantum bits to generate quantum keys. Varcoe teaches, detecting tampering with quantum transmission to detect an attack. Therefore, it would have been obvious to detect tampering with quantum transmission to detect an attack of Varcoe with receiving encoded quantum bits from a quantum device and decoding the quantum bits to generate quantum keys of JI to provide a secure communication between two parties with the generated quantum keys and avoiding an eavesdropper.
KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007).
Claims: 10-11, 13-16, 19 and 43-44 – Objected
Claims 10-11, 13-16, 19 and 44 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claims: 40-41, 45-48 and 49-52 – Objected
Claims 40-41, 45-48 and 49-52- are objected to as being allowable if the 35 U.S.C. 112(b) Rejection is overcome for the independent claims 45 and 49. The following is an examiner’s statement of reason for allowance.
JI discloses, a first quantum cryptography communication authentication apparatus 100 randomly selects two bases and transmits a quantum in which 0 or 1 is encoded in each basis, the second quantum cryptography communication authentication apparatus 101 may generate a quantum key by performing a procedure for performing measurement in one of the two bases. (¶80). At step S310, the first quantum cryptography communication authentication apparatus 100 may randomly select a first basis and an encoding scheme. At step S310, the first quantum cryptography communication authentication apparatus 100 and the second quantum cryptography communication authentication apparatus 101 may have a previously shared authentication key Ak=(Ak.sub.1, Ak.sub.2, . . . , Ak.sub.n) enabling them to authenticate each other. The quantum cryptography communication authentication method according to the embodiment of the present invention may transmit the quantum state at step S320. That is, at step S320, the first quantum cryptography communication authentication apparatus 100 may transmit the quantum state that uses the randomly selected first basis to the second quantum cryptography communication authentication apparatus 101. (¶116-¶119). At step S330, the second quantum cryptography communication authentication apparatus 101 may measure the quantum state received from the first quantum cryptography communication authentication apparatus 100 using a second basis randomly selected by the second quantum cryptography communication authentication apparatus 101. (¶122). In detail, at step S350, the first quantum cryptography communication authentication apparatus 100 may indicate the sequence of the function classification values, such as the signal bits, the QBER bits, and the authentication bits included in the sifted key, and may then share the bits with the second quantum cryptography communication authentication apparatus 101. Further, in the quantum cryptography communication authentication method according to the embodiment of the present invention, the second quantum cryptography communication authentication apparatus 101 may classify bits at step S360. That is, at step S360, the function classification values of bits included in a sifted key may be divided into signal bits, QBER bits, and authentication bits. (¶131-¶133). Quantum state transfer bases initially predefined by Alice and Bob may be represented by {+} and {×}. Here, in the case of quantum key distribution, the bases may be defined depending on actually utilized physical entities, such as polarization encoding or phase encoding. (¶63-¶67). The first quantum cryptography communication authentication apparatus 100 and the second quantum cryptography communication authentication apparatus 101 may perform postprocessing at steps S420 and S430. That is, at steps S420 and S430, the first quantum cryptography communication authentication apparatus 100 and the second quantum cryptography communication authentication apparatus 101 may correct errors in the authenticated sifted keys. hereafter, in the quantum cryptography communication authentication method according to the embodiment of the present invention, the first quantum cryptography communication authentication apparatus 100 and the second quantum cryptography communication authentication apparatus 101 may generate quantum keys, respectively, at steps S440 and S450. In detail, at steps S440 and S450, the first quantum cryptography communication authentication apparatus 100 and the second quantum cryptography communication authentication apparatus 101 may generate quantum keys by amplifying the privacy of the authenticated sifted keys, respectively. (¶153-¶158).
Varcoe discloses, a sequence X is transmitted from Alice to Bob using a first channel 427a. The first channel 427a may, for example, be regarded as insecure, in the sense that Eve may eavesdrop on the link and detect the signals transmitted over it. However, in the present embodiment, the link 427a may, for example, be regarded as trusted. This is because, for example, due to the quantum nature of the signal, any tampering or modification of the signal can be detected by Alice and/or Bob. The link may also be regarded as trusted if, for example, Alice and Bob perform a suitable scheme to verify or authenticate the values received by Bob, as described further below. In other embodiments, the link 427a may be regarded as untrusted. (¶153). In one embodiment, at this stage of the protocol, Alice and/or Bob may detect any tampering or modification of the signal by Eve using any suitable technique. For example, in one embodiment, in addition to the transmission described above, Alice transmits the sequence X to Bob a second time, but this time using a transmission power that is sufficiently high such that the SNR is sufficiently high that, when Bob performs detection, the recovered sequence will be equal to X with a high degree of accuracy. Thus, Alice and Bob both know the sequence X. Bob then sends a random selection of values back to Alice who can then detect any differences in the data. If any tampering or modification is detected, the protocol may be aborted and re-run from the beginning. (¶177-¶178). One attack that Eve can use is signal tampering by removing or adding symbols. This type of attack is detectable if Bob returns a random sample of the data to Alice. Uncorrelated data is detectable by looking at a data correlation map, where it shows up as incoherent noise. However, as described below, since Eve does not know the exact nature of Alice's data or Bob's data, this attack does not increase her knowledge of the secret information. Bob creates an error correction code C(y) which is forwarded to Alice who incorporates it, for example, into a BCH code xC(y). Alice uses the BCH code to create a new variable x' which represent a q (e.g. single) bit correction to x. Then, x'=x if and only if x=y. or there is a single bit difference between x and y. All other errors increase the difference between Alice and Bob. Alice and Bob have chosen their local noise (the function e and error rate R) such that Eve cannot know y from her knowledge of e, t or C(y) because of the large collision rate (i.e. many different values of y produce the same value C(y)). Signal tampering by a more subtle attack of adding small shifts to the continuous variable symbols (e.g. by selectively amplifying sections of the transmitted signal) introduces new bit errors into the data discretisation (e.g. data slicing) stage, and, as mentioned above, errors of more than one bit actually increase the difference between Alice and Bob. In the data matching agreement (advantage distillation) stage, Alice and Bob filter their data for matches, for example using a virtual channel, to exchange a random variable and a hash value (e.g. BCH code) to check the validity of the random variable exchanged. The local noise introduced by Alice and Bob has the effect of randomising the location of errors introduced by Eve, thereby limiting her information about C(y). As increased single bit errors have a higher probability of being rejected at this stage, Eve's tampering is detectable in a reduced data rate. While Eve is detectable, Eve is not given any information. (¶284-¶286).
Lowans et al. (US # 2013/0251145) discloses, providing the order in which the transmitted bits are to be used as a secret shared between devices agreeing a key. For example, an identity key, which is shared between the devices to allow them to authenticate each other (or another shared value) may be used as a seed in a pseudorandom number generator (PRNG). The output from the PRNG could be used to control the order in which the transmitted bits are used. This ordering controlled by the PRNG could be used in place of authentication as, if the value used to seed the pseudorandom number generator is not the shared value, the keys generated by the BB84 process or the like will not be the same and any information encrypted using this key will be protected by its encryption. Further, discrepancies between `decrypted` information and what is expected will quickly be apparent as the `decrypted` information will not make sense. Indeed, if it can be determined with an acceptable degree of certainty that the sequence remains a secret, varying the order in which bits are used may provide an alternative to monitoring the bit stream in ensuring that key information which can be obtained from a transmitted bit stream is limited. Therefore, in one aspect the invention comprises a QKD system comprising at least two quantum devices arranged to exchange a quantum signal comprising a plurality of bits in a quantum exchange step and at least one of the quantum devices is arranged act as a first key agreement device and to agree a key with a second key agreement device in a key agreement step, wherein each key agreement device is associated with a key determination unit arranged to determine (e.g. through communication between the key agreement devices) which bits are available for key agreement and further to determine the order in which bits are used in the key agreement step. (¶53-¶54). FIG. 3 shows a network 300 in which a Key Management centre KMC, acting as a control QKD device, wishes to set up a secure communication with a given end point device, designated N.sub.3 herein. There are two intermediate QKD devices N.sub.1 and N.sub.2. As has been described in greater detail in our earlier applications (e.g. WO2009/093034), in order to establish the key between the KMC and N.sub.3, the KMC transmits a quantum signal S.sub.Q1 to N.sub.1 then agrees a quantum key with N.sub.1 using classical communication S.sub.N1, and the KMC and N.sub.1 carry out mutual authentication. N.sub.1 then sends a quantum signal S.sub.Q2 to N.sub.2. N.sub.1 and the KMC exchange information about this signal. It may be that N.sub.1 provides the KMC with information about the quantum signal. This may be information indicative of the signal itself (i.e. the full bit stream) or it may be a `starting point` or seed for a pseudo random number generator (wherein both N.sub.1 and KMC contain equivalent pseudo random number generators). The quantum string to be sent by N.sub.1 to N.sub.2 can alternatively have been prescribed by the KMC, which may for example send a pseudo random number generator seed or full bit stream to N.sub.1 (i.e. the information exchange can be from N.sub.1 to KMC or from KMC to N.sub.1, or indeed the bit stream may be sent in whole or as a seed from a third entity--other options are also possible, for example as described in our earlier applications identified above). The information exchanged may be encrypted using the key agreed between KMC and N.sub.1, and ensures that the KMC has sufficient information to agree a quantum key direct with N.sub.2 (and not via N.sub.1), using classical signals S.sub.N2. N.sub.2 and the KMC may then mutually authenticate. N.sub.2 then sends a quantum signal S.sub.Q3 to N.sub.3 and exchanges information about this quantum signal with the KMC encrypted using the key agreed between KMC and N.sub.2, and the KMC can then directly agree a quantum key with N.sub.3 over classical channels in communication S.sub.N3. (Fig. 3, ¶95). A stream of photons is sent between nodes, each photon representing a single bit of data. However, because in practice it is technically difficult to produce single photon sources, QKD systems often use a heavily attenuated laser. A laser in combination with an attenuator may be arranged to emit pulses so that on average less than 1 photon is seen in each pulse. This is designated as .mu.<1. A typical value of .mu. might be 0.1, i.e. for every 10 pulses, on average, approximately 9 have no photons and 1 contains a photon, although it is not known which pulses contain photon(s). o be more precise, the number of photons per pulse corresponds to the Poisson distribution. For .mu.=0.1, on average, around 90.5% of pulses are empty, 9.05% of pulses have 1 photon, 0.45% of pulses have 2 photons, 0.015% have 3 photons, and so on. In known security attacks, Mallory may use the knowledge that some pulses have more than 1 photon and use these multiple photon pulses to obtain information. (¶100-¶101). The received string of random bits remains to form the Key material from which a session key is established. Authentication can be completed, for example by employing a suitable hash of the full messaging sequence using a previously established authentication key as described above (or it may be done at multiple occasions during the message process). If Mallory is to mount a successful covert attack on N.sub.1 (or in more general terms, any node in an uncontrolled portion of the network 300), the anti-tamper measures of N.sub.1 must be broken without raising a network security alert, or at least without the security alert reaching the KMC. If this is achieved however, it may be assumed that Mallory is able to monitor all traffic in and out and can alter traffic if he so chooses. For the sake of simplicity, in this example, Mallory does not carry out any other attacks on other nodes. Mallory knows the full content of the random string S.sub.Q2 sent to N.sub.1 and encrypted by the KMC. Mallory therefore knows the values used for the Decoy state. Mallory also knows the random bases for the quantum signal that are be sent to N.sub.2. Since in this embodiment a QKD Decoy state is employed, this means that N.sub.2 will be able to detect any variation in the statistics if Mallory attempts to alter the probability of any pulses reaching N.sub.2 (i.e. changed some bits so that it could determine at least a portion of the bits received) as this would introduce errors which will take the error checking above the threshold and result in an alert to the effect that the network 300 has been broken. It is assumed herein that Mallory has no prior information on the previously established authentication keys between KMC and N.sub.2 which means that the subsequent QKD protocol messaging between KMC and N.sub.2 is protected by unbroken encryption. KMC and N.sub.2 are able to confirm the final string S'.sub.Q2 which is shorter than the transmitted string S.sub.Q2 and is unknown at this stage to Mallory. The network 300 in this example is arranged such that the `bit loss factor` for S.sub.Q2 is sufficiently high than the number of possible sub strings is higher than the number of key combinations (e.g. 2.sup.128), although other levels may be appropriate depending on the information to be protected by the agreed key. The bit loss factor can be ensured by the design of N.sub.2 (choice of optical components, or choice or length of fibres, for example), use of `throwing away` algorithms, privacy amplification, or the like. (¶109-¶112). The network 300 is arranged such that a maximum of 1/10.sup.th of the bits transmitted from N.sub.1 to N.sub.2 are used in agreeing the Quantum key. In this example, the KMC comprises a security manager SM arranged to calculate a ratio of the bits received and available for use in key generation (this information will become available to the KMC in the usual key agreement communications between the KMC and N.sub.2) to the number of bits transmitted (which is known from the communications between N.sub.1 and KMC). If the Security Manager SM determines that more than 1 in 10 bits are used, then the attempt to establish a key with N.sub.2 is abandoned. The KMC instructs N.sub.1 to send a new, longer, bit stream to N.sub.2 as a quantum signal, and further instructs N2 to employ a higher level of security amplification (which results in a greater degree of bit losses through hashing). For convenience, the SM may also carry out the standard security checks used in QKD, such as checking the error rate to determine if eavesdropping has occurred, although it could be a standalone processing system. (¶114).
However none of the art teaches, “…..generating a key generation bit-sequence by inserting one or more test blocks into an initial bit-sequence or by using a bit-sequence generator….. obtaining a first detection probability of the quantum bits with basis selection made based on test bits of the key generation bit-sequence; obtaining a second detection probability of the quantum bits with basis selection made based on non-test bits of the key generation bit-sequence; verifying the consistency of the first detection probability and the second detection probability to detect tampering…”, for Claim 45 and “….. wherein the first key generation bit-sequence is transmitted from the first encryptor device to the quantum transmission device via the first communication link for encoding the quantum bits, wherein the detected bit-sequence is transmitted from the quantum reception device to the second encryptor via the second communication link,,,,” for Claim 49.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Fung et al. (WIPO PUB. # WO 2019/120567) discloses, a QKD communication device (102, 102'). The QKD communication device (102, 102') comprises a communication interface (102a, 102a') configured to communicate with a further QKD communication device (104, 104') for generating a secret key on the basis of a signal sequence. Moreover, the QKD communication device (102, 102') comprises a processing unit (102b, 102b') configured to determine a noise level associated with the signal sequence, increase the noise level associated with the signal sequence depending on the determined noise level associated with the signal sequence for obtaining a modified signal sequence, perform information reconciliation on the modified signal sequence for obtaining a modified bit sequence, and generate the secret key on the basis of the modified bit sequence.
Vtyurina et al. (US PGPUB. # US 2022/0417013) discloses, cryptographic protection of information which use keys derived from quantum keys from an associated quantum key distribution (QKD) system, in order to improve security of transmitted information. A system comprises a transmitting node and a receiving node of a single-pass QKD system, and two encryptors connected by a classical communication channel. The one encryptor is further connected to the transmitting node of the QKD system by a 1st local communication link, and the other encryptor is connected to the receiving node of the QKD system by a 2nd local communication link.
Takahashi et al. (US PGPUB. # US 2020/0092089) discloses, an information processor includes a memory and one or more hardware processors coupled to the memory. The one or more hardware processors are configured to function as a calculating unit, a determining unit, and a generating unit. The calculating unit is configured to calculate a key length. The determining unit is configured to determine a block size corresponding to a unit of processing in key generation and an outputtable size indicating the size of a key outputtable by the key generation. The generating unit is configured to generate a key having the key length by a hash operation using a matrix having a size determined by the block size and the outputtable size.
Fu (US PGPUB. # US 2018/0109372) discloses, a method for negotiating quantum data keys between first and second entities. During operation, the system performs a mutual authentication between the first and second entities. In response to the mutual authentication succeeding, the first entity receives one or more sets of key-generation parameters from the second entity. In response to validating the sets of key-generation parameters, the first entity sends an acknowledgment message to the second entity, and extracts, from a quantum string shared between the first and second entities, one or more quantum data keys based on the key-generation parameters. A respective quantum data key comprises a number of bits extracted from the quantum string.
Hong et al. (US PGPUB. # US 2017/0338952) discloses, a method for quantum key distribution (QKD). The QKD center includes an authentication key sharing unit for sharing authentication keys with QKD client devices; a quantum key generation unit for generating a sifted key for each of the QKD client devices using a quantum slate; an error correction unit for generating output bit strings by correcting errors of the sifted keys; and a bit string operation unit for calculating an encryption bit string by performing a cryptographic operation on the authentication keys, the distribution output bit strings and output bit strings received from the QKD client devices. The present invention improves security by preventing the QKD center from being aware of keys shared among users.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached at 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DARSHAN I DHRUV/ Primary Examiner, Art Unit 2498