Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2. EXAMINER’S NOTE: The claims have been reviewed and considered under the new guidance pursuant to the 2019 Revised Patent Subject Matter Eligibility Guidance (PEG 2019) issued January 7, 2019.
3. This communication is in response to Applicant’s claims filed on 17 June 2024. Claims 1-20 remain pending.
Information Disclosure Statement
4. The Information Disclosure Statements respectfully submitted on 30 July 2024, 29 January 2025, 24 April 2025, and 10 December 2025 have been considered by the Examiner.
Continued Prosecution Application
5. This application is a continuation-in-part of Serial No. 16/903,873 filed on 17 June 2020, which is now, US Patent No. 12,058,113, issued on 06 August 2024.
Double Patenting
6. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Instant Application 18/745,913
Issued Application 12,058,113
1. A computer-implemented method, comprising: obtaining cryptographic material usable to derive one or more encryption keys; based on at least a portion of the cryptographic material, deriving a first cryptographic key usable with a first cryptographic algorithm; based on at least another portion of the cryptographic material, deriving a second cryptographic key usable with a second cryptographic algorithm, the second cryptographic algorithm different from the first cryptographic algorithm; performing a first cryptographic operation on data based on the first cryptographic key and the first cryptographic algorithm to generate first cryptographically protected data; and performing a second cryptographic operation on the first cryptographically protected data based on the second cryptographic key and the second cryptographic algorithm to generate second cryptographically protected data.
2. The computer-implemented method according to claim 1, wherein the first cryptographic algorithm is a quantum-safe cryptographic algorithm.
3. The computer-implemented method according to claim 1, wherein the second cryptographic algorithm is a non-quantum-safe cryptographic algorithm.
4. The computer-implemented method according to claim 1, wherein the first cryptographic algorithm is a quantum-safe cryptographic algorithm and the second cryptographic algorithm is a non-quantum-safe cryptographic algorithm.
5. The computer-implemented method according to claim 1, further comprising receiving, from a computing system, at least a portion of the cryptographic material usable to derive the one or more encryption keys.
6. The computer-implemented method according to claim 1, further comprising receiving a communication confirming a cryptographic scheme, the cryptographic scheme identifying the first and second cryptographic algorithms.
7. The computer-implemented method according to claim 1, wherein the first cryptographic operation comprises a first encryption operation and the second cryptographic operation comprises a second encryption operation.
8. A system, comprising: one or more processors; and memory that stores computer-executable instructions that are executable to cause the one or more processors to: obtain cryptographic material usable to derive one or more encryption keys; based on at least a portion of the cryptographic material, derive a first cryptographic key usable with a quantum-safe cryptographic algorithm; based on at least another portion of the cryptographic material, derive a second cryptographic key usable with a non-quantum-safe cryptographic algorithm; perform a first cryptographic operation on data based on the first cryptographic key and the quantum-safe cryptographic algorithm to generate first cryptographically protected data; and perform a second cryptographic operation on the first cryptographically protected data based on the second cryptographic key and the non-quantum-safe cryptographic algorithm to generate second cryptographically protected data.
9. The system according to claim 8, wherein the computer-executable instructions are further executable to cause the one or more processors to receive at least a portion of the cryptographic material usable to derive the one or more encryption keys.
10. The system according to claim 8, wherein the computer-executable instructions are further executable to receive a communication confirming a cryptographic scheme, the cryptographic scheme identifying the quantum-safe cryptographic algorithm and the non-quantum-safe cryptographic algorithm.
11. The system according to claim 8, wherein the first cryptographic operation comprises a first encryption operation and the second cryptographic operation comprises a second encryption operation.
12. The system according to claim 8, wherein the quantum-safe cryptographic algorithm comprises a quantum-resistant algorithm identified by National Institute of Standards and Technology (NIST).
13. The system according to claim 8, wherein the computer-executable instructions are further executable to: establish a cryptographically protected communications session; and receive at least a portion of the cryptographic material usable to derive the one or more encryption keys based, at least in part, on establishing the cryptographically protected communications session.
14. The system according to claim 8, wherein obtaining the cryptographic material usable to derive the one or more encryption keys comprises receiving the portion of the cryptographic material from a first computing system and locating the other portion of the cryptographic material in a second computing system.
15. The system according to claim 8, wherein the computer-executable instructions are further executable to: receive an encrypted message generated from plaintext recognizable by a plurality of computing systems, the encrypted message generated using one or more of the first and second cryptographic keys; decrypt the encrypted message to provide an unencrypted message; and determine whether data of the unencrypted message matches the plaintext.
16. A non-transitory computer-readable storage medium storing thereon executable instructions that, as a result of being executed by one or more processors of a system, cause the system to at least: based on at least a portion of cryptographic material, derive a first cryptographic key usable with a quantum-safe cryptographic algorithm; based on at least another portion of the cryptographic material, derive a second cryptographic key usable with a non-quantum-safe cryptographic algorithm; perform a first cryptographic operation on data based on the first cryptographic key and the quantum-safe cryptographic algorithm to generate first cryptographically protected data; and perform a second cryptographic operation on the first cryptographically protected data based on the second cryptographic key and the non-quantum-safe cryptographic algorithm to generate second cryptographically protected data.
17. The non-transitory computer-readable storage medium of claim 16, wherein the executable instructions, as a result of being executed by the one or more processors of the system, cause the system to further at least: establish a cryptographically protected communications session; and receive at least a portion of the cryptographic material usable to derive one or more encryption keys based, at least in part, on establishing the cryptographically protected communications session.
18. The non-transitory computer-readable storage medium of claim 16, wherein the executable instructions, as a result of being executed by the one or more processors of the system, cause the system to further at least receive at least a portion of the cryptographic material usable to derive one or more encryption keys.
19. The non-transitory computer-readable storage medium of claim 16, wherein the executable instructions, as a result of being executed by the one or more processors of the system, cause the system to further at least obtain the cryptographic material, the cryptographic material usable to derive one or more encryption keys, and obtaining the cryptographic material comprises receiving the portion of the cryptographic material from a first computing system and locating the other portion of the cryptographic material in a second computing system.
20. The non-transitory computer-readable storage medium of claim 16, wherein the executable instructions, as a result of being executed by the one or more processors of the system, cause the system to further at least receive a communication confirming a cryptographic scheme, the cryptographic scheme identifying the quantum-safe cryptographic algorithm and the non-quantum-safe cryptographic algorithm.
1. A computer-implemented method, comprising: at a first system, performing a handshake with a second system to establish a cryptographically protected communications session, the handshake comprising: obtaining, from the second system, a first cryptographic material and a second cryptographic material; transmitting, to the second system, a third cryptographic material and a fourth cryptographic material to allow the second system to derive a first encryption key based on the first cryptographic material and the third cryptographic material and to derive a second encryption key based on the second cryptographic material and the fourth cryptographic material; deriving the first encryption key based on the first cryptographic material and the third cryptographic material; deriving the second encryption key based on the second cryptographic material and the fourth cryptographic material; using the first encryption key to encrypt data to obtain first encrypted data; using the second encryption key to encrypt the first encrypted data to obtain second encrypted data; and transmitting a message over the cryptographically protected communications session, the message being based on the second encrypted data, wherein the cryptographically protected communication session is a hybrid cryptographically protected communication session and wherein the first encryption key corresponds to a first cryptographic algorithm and the second encryption key corresponds to a second cryptographic algorithm.
2. The computer-implemented method of claim 1, wherein the first cryptographic material and the second cryptographic material is transmitted, by the second system, to the first system in response to a first message from the first system to the second system identifying a first cryptographic algorithm and a second cryptographic algorithm.
3. The computer-implemented method of claim 1, wherein the first system transmits a first message identifying a first cryptographic algorithm to the second system and a second message identifying a second cryptographic algorithm to the second system, and the second system transmits the first cryptographic material to the first system in response to the first message and a second cryptographic material to the first system in response to the second message.
4. The computer-implemented method of claim 1, wherein the first system transmits, to the second system, a first message comprising the third cryptographic material and the fourth cryptographic material, the first message identifying a first cryptographic algorithm and a second cryptographic algorithm, and receiving, in response to the first message, a second message from the second system comprising the first cryptographic material and the second cryptographic material.
5. The computer-implemented method of claim 1, wherein: the first system transmits a first message comprising the third cryptographic material to the second system, the first message identifying a first cryptographic algorithm; the first system transmits a second message comprising the fourth cryptographic material to the second system, the second message identifying a second cryptographic algorithm; in response to the first message indicating the first cryptographic algorithm, the second system transmits the first cryptographic material to the first system; and in response to the second message indicating the second cryptographic algorithm, the second system transmits the second cryptographic material to the first system.
6. A system, comprising: one or more processors; and memory that stores computer-executable instructions that are executable to cause the one or more processors to: establish a cryptographically protected communications session by at least: obtaining, from another system, a first cryptographic material; transmitting, to the other system, a second cryptographic material to allow the other system to derive a first cryptographic key based on the first cryptographic material and the second cryptographic material and to derive a second cryptographic key based on the first cryptographic material and the second cryptographic material; derive the first cryptographic key based on the first cryptographic material and the second cryptographic material and derive the second cryptographic key based on the first cryptographic material and the second cryptographic material; perform a cryptographic operation on a datum using the first cryptographic key to create a first cryptographically protected datum; perform another cryptographic operation on the cryptographically protected datum using the second cryptographic key to create a second cryptographically protected datum; and transmit the second cryptographically protected datum over the cryptographically protected communications session, wherein the first encryption key corresponds to a first cryptographic algorithm and the second encryption key corresponds to a second cryptographic algorithm.
7. The system of claim 6, wherein the cryptographic operation on the datum using the first cryptographic key is a first type of encryption operation and the other cryptographic operation on the cryptographically protected datum using the second cryptographic key is a second type of encryption operation.
8. The system of claim 6, wherein the instructions that cause the system to establish a cryptographically protected communications session are executable to cause the system to obtain, from the other system, the first cryptographic material in response to a first message transmitted from the system to the other system, the first message comprising information about a first cryptographic algorithm and information about a second cryptographic algorithm.
9. The system of claim 6, wherein the instructions that cause the system to establish a cryptographically protected communications session are executable to cause the system to obtain, from the other system, a first portion of the first cryptographic material in response to a first message transmitted by the system to the other system, the first message comprising information about a first cryptographic algorithm, and a second portion of the first cryptographic material in response to a second message transmitted by the system to the other system, the second message comprising information about a second cryptographic algorithm.
10. The system of claim 6, wherein the instructions that cause the system to establish a cryptographically protected communications session are executable to cause the system to transmit, to the other system, a first message comprising the second cryptographic material, the first message indicating a first cryptographic algorithm and a second cryptographic algorithm and, in response to the first message, the system obtains from the other system a response comprising the first cryptographic material.
11. The system of claim 6, wherein the instructions that cause the system to establish a cryptographically protected communications session are executable to cause the system to: obtain, from the other system, a first portion of the first cryptographic material in response to a first message transmitted by the system to the other system, the first message comprising a first portion of the second cryptographic material and information about a first cryptographic algorithm; and obtain, from the other system, a second portion of the first cryptographic material in response to a second message transmitted by the system to the other system, the second message comprising a second portion of the second cryptographic material and information about a second cryptographic algorithm.
12. The system of claim 6 wherein the instructions that cause the system to perform the cryptographic operation on the datum using the first cryptographic key to create the first cryptographically protected datum and perform the cryptographic operation on the cryptographically protected datum using the second cryptographic key to create the second cryptographically protected datum are executable to cause the system to segment a result of the cryptographic operation on the datum to obtain the cryptographically protected datum.
13. The system of claim 6 wherein the instructions that cause the system to perform the cryptographic operation on the datum using the first cryptographic key to create the first cryptographically protected datum and perform the cryptographic operation on the cryptographically protected datum using the second cryptographic key to create the second cryptographically protected datum are executable to cause the system to segment the datum into individual blocks and perform the cryptographic operation on each block of the individual blocks to obtain the first cryptographically protected datum.
14. A non-transitory computer-readable storage medium storing thereon executable instructions that, as a result of being executed by one or more processors of a system, cause the system to at least: establish a cryptographically protected communications session by at least communicating with another system such that both the system and the other system are able to use a first cryptographic material and a second cryptographic material; derive a first cryptographic key based on the first cryptographic material and derive a second cryptographic key based on the second cryptographic material; perform a cryptographic operation on a datum using the first cryptographic key to create a first cryptographically protected datum; perform the cryptographic operation on the first cryptographically protected datum using the second cryptographic key; and transmit a result of the cryptographic operation on the first cryptographically protected datum over the cryptographically protected communications session, wherein the first encryption key corresponds to a first cryptographic algorithm and the second encryption key corresponds to a second cryptographic algorithm.
15. The non-transitory computer-readable storage medium of claim 14, wherein the instructions that cause the system to perform the cryptographic operation on the datum to create the first cryptographically protected datum comprise instructions to cause the system to serialize a result of the cryptographic operations on the datum to obtain the first cryptographically protected datum.
16. The non-transitory computer-readable storage medium of claim 14, wherein the instructions that cause the system to perform the cryptographic operation on the datum to create the first cryptographically protected datum comprise instructions to cause the system to serialize the datum into a serialized datum and perform the cryptographic operation on the serialized datum to create the first cryptographically protected datum.
17. The non-transitory computer-readable storage medium of claim 14, wherein the instructions that cause the system to perform the cryptographic operation on the datum to create the first cryptographically protected datum comprise instructions to cause the system to serialize the datum into a serialized datum and perform the cryptographic operation on the serialized datum, and serialize a result of the cryptographic operations on the serialized datum to obtain the first cryptographically protected datum.
18. The non-transitory computer-readable storage medium of claim 14, wherein the instructions that cause the computer system to establish a cryptographically protected communications session with the other system further include instructions that cause the computer system to receive, from the other system, the first cryptographic material in response to a first message transmitted from the system to the other system, the first message comprising information about a first cryptographic algorithm and information about a second cryptographic algorithm.
19. The non-transitory computer-readable storage medium of claim 14, wherein the instructions that cause the computer system to establish a cryptographically protected communications session with the other system further include instructions that cause the computer system to transmit, to the other system, a first message comprising the second cryptographic material, the first message indicating a first cryptographic algorithm and a second cryptographic algorithm and, in response to the first message, receive from the other system a response comprising the first cryptographic material.
7. Claims 1-20 is rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. 12,058,113. Although the claims at issue are not identical, they are not patentably distinct from each other because in both instances, the claims are drawn towards hybrid key exchanges for double-hulled encryption. The omission of “at a first system, performing a handshake with a second system to establish a cryptographically protected communications session, the handshake comprising: wherein the cryptographically protected communication session is a hybrid cryptographically protected communication session and wherein the first encryption key corresponds to a first cryptographic algorithm and the second encryption key corresponds to a second cryptographic algorithm” does not change the scope of the claims for the instant application and the issued application. Similarly, in both instances, a similarity measure may be attained wherein multiple cryptographic keys for a session to enable at least double-hull encryption while adhering to common protocols for establishment of cryptographically protected sessions.
Claim Rejections - 35 USC § 102
8. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
10. Applicant has provided evidence in this file showing that the claimed invention and the subject matter disclosed in the prior art reference were owned by, or subject to an obligation of assignment to, the same entity as Amazon Technologies, Inc. not later than the effective filing date of the claimed invention, or the subject matter disclosed in the prior art reference was developed and the claimed invention was made by, or on behalf of one or more parties to a joint research agreement in effect not later than the effective filing date of the claimed invention. However, although reference Wasiq et al. has been excepted as prior art under 35 U.S.C. 102(a)(2), it is still applicable as prior art under 35 U.S.C. 102(a)(1) that cannot be excepted under 35 U.S.C. 102(b)(2)(C).
Applicant may rely on the exception under 35 U.S.C. 102(b)(1)(A) to overcome this rejection under 35 U.S.C. 102(a)(1) by a showing under 37 CFR 1.130(a) that the subject matter disclosed in the reference was obtained directly or indirectly from the inventor or a joint inventor of this application, and is therefore not prior art under 35 U.S.C. 102(a)(1). Alternatively, applicant may rely on the exception under 35 U.S.C. 102(b)(1)(B) by providing evidence of a prior public disclosure via an affidavit or declaration under 37 CFR 1.130(b).
11. Claims 1, 3, and 5-7 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Wasiq et al. (Pub No. 2018/0026950).
Referring to the rejection of claim 1, Wasiq et al. discloses a computer-implemented method, comprising:
obtaining cryptographic material usable to derive one or more encryption keys; (See Wasiq et al., para. 24-25, i.e., the shared-secret cryptographic material produced by the transport layer security component, item 115 is used to derive cryptographic keys)
based on at least a portion of the cryptographic material, deriving a first cryptographic key usable with a first cryptographic algorithm; (See Wasiq et al., para. 27, i.e., The first application-layer cryptographic key, item 116 may be derived from the shared secret information using a one-way function, cryptographic hash function, or key stretching algorithm that produces a cryptographic key that is compatible with a cryptographic algorithm implemented by the application-layer cryptography component, item 114)
based on at least another portion of the cryptographic material, deriving a second cryptographic key usable with a second cryptographic algorithm, the second cryptographic algorithm different from the first cryptographic algorithm; (See Wasiq et al., para. 28, i.e., The secure transport layer, item 122 derives the second application-layer cryptographic key, item 128 using cryptographic material provided by the transport layer security component, item 127)
performing a first cryptographic operation on data based on the first cryptographic key and the first cryptographic algorithm to generate first cryptographically protected data; (See Wasiq et al., para. 39-40 and 43, i.e., the client transport layer generates a pre-master secret based on the seed values exchanged between the client and the server during the handshake. The client transport layer and server transport layer generate a master secret and session key and information from previously determined shared secrets to derive an application layer cryptographic key. Data is cryptographically protected by negotiating shared secret information using Diffie Hellman key exchange or quantum cryptography techniques can be used to supply shared secrets to a component in an application layer that performs application-level encryption)
and performing a second cryptographic operation on the first cryptographically protected data based on the second cryptographic key and the second cryptographic algorithm to generate second cryptographically protected data. (See Wasiq et al., para. 44, i.e. a session key for use during the TLS session is established using a combination of random and seed values exchanged between endpoints of the TLS session. Data is cryptographically protected by digitally signing application data and verifying digital signatures on application data)
Referring to the rejection of claim 3, Wasiq et al. discloses wherein the second cryptographic algorithm is a non-quantum-safe cryptographic algorithm. (See Wasiq et al., para. 44, i.e., Data is cryptographically protected by digitally signing application data and verifying digital signatures on application data)
Referring to the rejection of claim 5, Wasiq et al. discloses further comprising receiving, from a computing system, at least a portion of the cryptographic material usable to derive the one or more encryption keys. (See Wasiq et al., para. 24-25, i.e., the shared-secret cryptographic material produced by the transport layer security component, item 115 is used to derive cryptographic keys)
Referring to the rejection of claim 6, Wasiq et al. discloses further comprising receiving a communication confirming a cryptographic scheme, the cryptographic scheme identifying the first and second cryptographic algorithms. (See Wasiq et al., para. 37-40 and 43, i.e., the client transport layer receives the server hello message from the server transport layer, along with the server's digital certificate. The signatures on the server's digital certificate can be validated by the client to confirm the identity of the server. The server transport layer receives client's digital certificate and validate the signatures on the client's digital certificate to confirm the identity of the client. The application-layer cryptographic key is generated using a one-way function such as a cryptographic hash so that an application provided with the application-layer cryptographic key will have difficulty deriving the underlying transport-layer cryptographic keys from which the application-layer cryptographic key is derived. The cryptographically protected protocols may include protocols that operate outside the transport layer of the OSI model such as the data link layer, the network layer, or the session layer. For example, cryptographically protected protocols which negotiate shared secret information using Diffie Hellman key exchange or quantum cryptography techniques can be used to supply shared secrets to a component in an application layer that performs application-level encryption)
Referring to the rejection of claim 7, Wasiq et al. discloses wherein the first cryptographic operation comprises a first encryption operation and the second cryptographic operation comprises a second encryption operation. (See Wasiq et al., para. 31-32, i.e., A first plaintext data segment, a sensitive plaintext data segment, and a second plaintext data segment are transmitted between the client computer system and the server computer system. An application-layer cryptographic key, item 212 is used to apply application encryption to the sensitive plaintext data segment to produce application-encrypted sensitive plaintext data. The secure transport protocols implemented on the client computer system 202 and the server computer system 204 utilize a transport session key, item 215 to apply secure transport encryption, item 216 to the first plaintext data segment, the application-encrypted sensitive plaintext data segment, and the second plaintext data segment. The resulting data transmission illustrates that by providing application-level encryption, sensitive data may be protected by two levels of nested encryption while in transit between the client computer system and the server computer system)
Claim Rejections - 35 USC § 103
12. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
13. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
14. Claims 2, 4, and 8-20 rejected under 35 U.S.C. 103 as being unpatentable over Wasiq et al. (Pub No. 2018/0026950) in view of Frith et al. (WO 2019/069103).
Wasiq et al. discloses the invention as described above, however, Wasiq et al. does not explicitly disclose a quantum-safe cryptographic algorithm and a quantum-safe cryptographic algorithm comprising a quantum-resistant algorithm identified by National Institute of Standards and Technology (NIST).
Frith et al. discloses a system and method for quantum-safe authentication, encryption, and decryption.
Referring to the rejection of claim 2, (Wasiq et al. modified by Frith et al.) discloses wherein the first cryptographic algorithm is a quantum-safe cryptographic algorithm. (See Frith et al., pg. 2, 3rd paragraph, i.e., a quantum-safe encryption algorithm comprising a Quantum computer safe encryption (QSE) is a cryptographic algorithm that requires a secure one-way function to exchange shared secrets/private keys and/or to encrypt plaintext/input information and decrypt cipher text)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date the claimed invention was made to combine Wasiq et al.’s method and system for leveraging transport-layer cryptographic material modified with Frith et al.’s system and method for quantum-safe authentication, encryption, and decryption. Motivation for such an implementation would provide a secure and practical method of generating a private cryptographic key, that is resistant to an attack by a quantum computer, in other words, to provide a method of quantum safe cryptography. (See Frith et al., pg. 7, 2nd paragraph)
Referring to the rejection of claim 4, (Wasiq et al. modified by Frith et al.) discloses wherein the first cryptographic algorithm is a quantum-safe cryptographic algorithm (See Frith et al., pg. 2, 3rd paragraph, i.e., a quantum-safe encryption algorithm comprising a Quantum computer safe encryption (QSE) is a cryptographic algorithm that requires a secure one-way function to exchange shared secrets/private keys and/or to encrypt plaintext/input information and decrypt cipher text)
and the second cryptographic algorithm is a non-quantum-safe cryptographic algorithm. (See Wasiq et al., para. 27-28 and 44, i.e., The secure transport layer, item 122 derives the second application-layer cryptographic key, item 128 using cryptographic material provided by the transport layer security component, item 127 and digitally signing application data and verifying digital signatures on application data)
The rationale for combining Wasiq et al. in view of Frith et al. is the same as claim 2.
Referring to the rejection of claim 8, (Wasiq et al. modified by Frith et al.) discloses a system, comprising:
one or more processors; (See Wasiq et al., para. 67, i.e., a system comprising a CPU or processor is disclosed)
and memory that stores computer-executable instructions that are executable to cause the one or more processors to: (See Wasiq et al., para. 67, i.e., a memory is disclosed as RAM or ROM)
obtain cryptographic material usable to derive one or more encryption keys; (See Wasiq et al., para. 24-25, i.e., the shared-secret cryptographic material produced by the transport layer security component, item 115 is used to derive cryptographic keys)
based on at least a portion of the cryptographic material, derive a first cryptographic key; (See Wasiq et al., para. 27, i.e., The first application-layer cryptographic key, item 116 may be derived from the shared secret information using a one-way function, cryptographic hash function, or key stretching algorithm that produces a cryptographic key that is compatible with a cryptographic algorithm implemented by the application-layer cryptography component, item 114)
based on at least another portion of the cryptographic material, derive a second cryptographic key usable with a non-quantum-safe cryptographic algorithm; (See Wasiq et al., para. 28, i.e., The secure transport layer, item 122 derives the second application-layer cryptographic key, item 128 using cryptographic material provided by the transport layer security component, item 127)
perform a first cryptographic operation on data based on the first cryptographic key to generate first cryptographically protected data; (See Wasiq et al., para. 39-40 and 43, i.e., the client transport layer generates a pre-master secret based on the seed values exchanged between the client and the server during the handshake. The client transport layer and server transport layer generate a master secret and session key and information from previously determined shared secrets to derive an application layer cryptographic key. Data is cryptographically protected by negotiating shared secret information using Diffie Hellman key exchange or quantum cryptography techniques can be used to supply shared secrets to a component in an application layer that performs application-level encryption)
and perform a second cryptographic operation on the first cryptographically protected data based on the second cryptographic key and the non-quantum-safe cryptographic algorithm to generate second cryptographically protected data. (See Wasiq et al., para. 44, i.e. a session key for use during the TLS session is established using a combination of random and seed values exchanged between endpoints of the TLS session. Data is cryptographically protected by digitally signing application data and verifying digital signatures on application data)
However, Wasiq et al. fails to explicitly disclose a quantum-safe cryptographic algorithm.
Frith et al. discloses a system and method for quantum-safe authentication, encryption, and decryption.
Frith et al. discloses usable with a quantum-safe cryptographic algorithm; (See Frith et al., pg. 2, 3rd paragraph, i.e., a quantum-safe encryption algorithm comprising a Quantum computer safe encryption (QSE) is a cryptographic algorithm that requires a secure one-way function to exchange shared secrets/private keys and/or to encrypt plaintext/input information and decrypt cipher text)
Frith et al. discloses and the quantum-safe cryptographic algorithm to generate cryptographically protected data; (See Frith et al., pg. 40, 1st and 2nd paragraphs and pg. 41, 1st paragraph, i.e., in this process, a sender's challenge process is performed to authenticate the identity (which can include the device ID and/or group ID) of the receiver devices) to be challenged by sending a QSE message/data containing a challenge key which is the result of an operation (such as an XOR operation) between the identity of the receiving device(s) to be challenged and a random challenge nonce. The receiver's response process, which occurs when the receiver is responding to a sender's challenge message, with a QSE challenge response message/data containing the result of the receiver's device/group identity XORed (or another operator) with the sender's challenge message/data to recover the sender's original random challenge nonce from the sender's challenge key. This is subsequently returned to the sender. The sender's authentication process receive the receiver's response message and confirms if the sender's random challenge nonce and the receiver's recovered challenge nonces match and during authentication is that sender or receiver, challenge or response processes may use QSE twice or more to encrypt the challenge/response messages thereby hiding the challenge response sequence and further obscuring the sender's/receiver's identity)
The rationale for combining Wasiq et al. in view of Frith et al. is the same as claim 2.
Referring to the rejection of claim 9, (Wasiq et al. modified by Frith et al.) discloses wherein the computer-executable instructions are further executable to cause the one or more processors to receive at least a portion of the cryptographic material usable to derive the one or more encryption keys. (See Wasiq et al., para. 24-25, i.e., the shared-secret cryptographic material produced by the transport layer security component, item 115 is used to derive cryptographic keys)
Referring to the rejection of claim 10, (Wasiq et al. modified by Frith et al.) discloses wherein the computer-executable instructions are further executable to receive a communication confirming a cryptographic scheme, the cryptographic scheme identifying the quantum-safe cryptographic algorithm (See Frith et al., pg. 2, 3rd paragraph, i.e., a quantum-safe encryption algorithm comprising a Quantum computer safe encryption (QSE) is a cryptographic algorithm that requires a secure one-way function to exchange shared secrets/private keys and/or to encrypt plaintext/input information and decrypt cipher text)
and the non-quantum-safe cryptographic algorithm. (See Wasiq et al., para. 27-28 and 44, i.e., The secure transport layer, item 122 derives the second application-layer cryptographic key, item 128 using cryptographic material provided by the transport layer security component, item 127 and digitally signing application data and verifying digital signatures on application data)
The rationale for combining Wasiq et al. in view of Frith et al. is the same as claim 2.
Referring to the rejection of claim 11, (Wasiq et al. modified by Frith et al.) discloses wherein the first cryptographic operation comprises a first encryption operation and the second cryptographic operation comprises a second encryption operation. (See Wasiq et al., para. 31-32, i.e., A first plaintext data segment, a sensitive plaintext data segment, and a second plaintext data segment are transmitted between the client computer system and the server computer system. An application-layer cryptographic key, item 212 is used to apply application encryption to the sensitive plaintext data segment to produce application-encrypted sensitive plaintext data. The secure transport protocols implemented on the client computer system 202 and the server computer system 204 utilize a transport session key, item 215 to apply secure transport encryption, item 216 to the first plaintext data segment, the application-encrypted sensitive plaintext data segment, and the second plaintext data segment. The resulting data transmission illustrates that by providing application-level encryption, sensitive data may be protected by two levels of nested encryption while in transit between the client computer system and the server computer system)
Referring to the rejection of claim 12, (Wasiq et al. modified by Frith et al.) discloses wherein the quantum-safe cryptographic algorithm comprises a quantum-resistant algorithm identified by National Institute of Standards and Technology (NIST). (See Frith et al., pg. 2, 3rd paragraph, pg. 29, last paragraph, and pg. 33, last paragraph, i.e., a quantum-safe encryption algorithm comprising a Quantum computer resistant encryption (QRE) is an encryption scheme expected to resist decryption using quantum computers, exponentially more powerful than conventional computers. Resistance depends upon vulnerabilities within Resistant One-Way Functions (ROWF), protecting publicly exchanged encryption keys, plaintext/input information messages is identified by NIST standards)
The rationale for combining Wasiq et al. in view of Frith et al. is the same as claim 2.
Referring to the rejection of claim 13, (Wasiq et al. modified by Frith et al.) discloses wherein the computer-executable instructions are further executable to: establish a cryptographically protected communications session; (See Wasiq et al., para. 44, i.e., a communications session data is cryptographically protected with the session key at the application level) and receive at least a portion of the cryptographic material usable to derive the one or more encryption keys based, at least in part, on establishing the cryptographically protected communications session. (See Wasiq et al., para. 24-25, i.e., the shared-secret cryptographic material produced by the transport layer security component, item 115 is used to derive cryptographic keys)
Referring to the rejection of claim 14, (Wasiq et al. modified by Frith et al.) discloses wherein obtaining the cryptographic material usable to derive the one or more encryption keys comprises receiving the portion of the cryptographic material from a first computing system and locating the other portion of the cryptographic material in a second computing system. (See Wasiq et al., para. 24-25, i.e., the shared-secret cryptographic material produced by the transport layer security component, item 115 is used to derive cryptographic keys. The transport layer security component, item 115 or other secure transport protocol that negotiates shared-secret cryptographic material as part of establishing a connection between the first client computer system, item 102, an application-layer cryptographic key, item 116 is derived from the shared-secret cryptographic material and the second server computer system, item 104, an application-layer cryptographic key, item 128 is derived from the secure transport layer, item 122)
Referring to the rejection of claim 15, (Wasiq et al. modified by Frith et al.) discloses wherein the computer-executable instructions are further executable to: receive an encrypted message generated from plaintext recognizable by a plurality of computing systems, the encrypted message generated using one or more of the first and second cryptographic keys and decrypt the encrypted message to provide an unencrypted message; and determine whether data of the unencrypted message matches the plaintext. (See Wasiq et al., para. 32-36, i.e., the service transport layer extracts the session keys associated with the TLS session and provides the TLS session keys to the client and service application. The service application derives first and second application-level cryptographic keys from the TLS session keys. The client application identifies sensitive client data and encrypts the sensitive client data using the application-level cryptographic key derived by the client application. The encrypted sensitive client data is provided to the client transport layer. The client transport layer transmits the encrypted sensitive client data over the established TLS connection to the service transport layer. The service transport layer receives the encrypted sensitive client data, and provides the encrypted sensitive client data to the service application. The service application decrypts the encrypted sensitive client data using the application-level cryptographic key derived by the service application. The service application has gained access to the decrypted sensitive client data and may use the sensitive client data for any purpose. The service application generates a reply to the client application and encrypts the reply using the application-level cryptographic key derived by the service application. The encrypted reply is provided to the service transport layer, and the service transport layer transmits the encrypted reply data to the client transport layer. The client transport layer receives the encrypted reply and provides the encrypted reply to the client application. The client application decrypts the encrypted reply using the application-level cryptographic key derived by the client application. The client application gains access to the reply in plaintext form. As a result, the application-level cryptographic key derived by the service application matches the application-level cryptographic key derived by the client application, and the client application and the service application are able to exchange sensitive data that is encrypted using the application-level cryptographic key)
Referring to the rejection of claim 16, (Wasiq et al. modified by Frith et al.) discloses a non-transitory computer-readable storage medium storing thereon executable instructions that, as a result of being executed by one or more processors of a system, cause the system to at least: (See Wasiq et al., para. 62, i.e., a computer-readable storage medium is disclosed)
based on at least a portion of the cryptographic material, derive a first cryptographic key; (See Wasiq et al., para. 27, i.e., The first application-layer cryptographic key, item 116 may be derived from the shared secret information using a one-way function, cryptographic hash function, or key stretching algorithm that produces a cryptographic key that is compatible with a cryptographic algorithm implemented by the application-layer cryptography component, item 114)
based on at least another portion of the cryptographic material, derive a second cryptographic key usable with a non-quantum-safe cryptographic algorithm; (See Wasiq et al., para. 28, i.e., The secure transport layer, item 122 derives the second application-layer cryptographic key, item 128 using cryptographic material provided by the transport layer security component, item 127)
perform a first cryptographic operation on data based on the first cryptographic key to generate first cryptographically protected data; (See Wasiq et al., para. 39-40 and 43, i.e., the client transport layer generates a pre-master secret based on the seed values exchanged between the client and the server during the handshake. The client transport layer and server transport layer generate a master secret and session key and information from previously determined shared secrets to derive an application layer cryptographic key. Data is cryptographically protected by negotiating shared secret information using Diffie Hellman key exchange or quantum cryptography techniques can be used to supply shared secrets to a component in an application layer that performs application-level encryption)
and perform a second cryptographic operation on the first cryptographically protected data based on the second cryptographic key and the non-quantum-safe cryptographic algorithm to generate second cryptographically protected data. (See Wasiq et al., para. 44, i.e. a session key for use during the TLS session is established using a combination of random and seed values exchanged between endpoints of the TLS session. Data is cryptographically protected by digitally signing application data and verifying digital signatures on application data)
However, Wasiq et al. fails to explicitly disclose a quantum-safe cryptographic algorithm.
Frith et al. discloses a system and method for quantum-safe authentication, encryption, and decryption.
Frith et al. discloses usable with a quantum-safe cryptographic algorithm; (See Frith et al., pg. 2, 3rd paragraph, i.e., a quantum-safe encryption algorithm comprising a Quantum computer safe encryption (QSE) is a cryptographic algorithm that requires a secure one-way function to exchange shared secrets/private keys and/or to encrypt plaintext/input information and decrypt cipher text)
Frith et al. discloses and the quantum-safe cryptographic algorithm to generate cryptographically protected data; (See Frith et al., pg. 40, 1st and 2nd paragraphs and pg. 41, 1st paragraph, i.e., in this process, a sender's challenge process is performed to authenticate the identity (which can include the device ID and/or group ID) of the receiver devices) to be challenged by sending a QSE message/data containing a challenge key which is the result of an operation (such as an XOR operation) between the identity of the receiving device(s) to be challenged and a random challenge nonce. The receiver's response process, which occurs when the receiver is responding to a sender's challenge message, with a QSE challenge response message/data containing the result of the receiver's device/group identity XORed (or another operator) with the sender's challenge message/data to recover the sender's original random challenge nonce from the sender's challenge key. This is subsequently returned to the sender. The sender's authentication process receive the receiver's response message and confirms if the sender's random challenge nonce and the receiver's recovered challenge nonces match and during authentication is that sender or receiver, challenge or response processes may use QSE twice or more to encrypt the challenge/response messages thereby hiding the challenge response sequence and further obscuring the sender's/receiver's identity)
The rationale for combining Wasiq et al. in view of Frith et al. is the same as claim 2.
Referring to the rejection of claim 17, (Wasiq et al. modified by Frith et al.) discloses wherein the executable instructions, as a result of being executed by the one or more processors of the system, cause the system to further at least: establish a cryptographically protected communications session; (See Wasiq et al., para. 44, i.e., a communications session data is cryptographically protected with the session key at the application level) and receive at least a portion of the cryptographic material usable to derive one or more encryption keys based, at least in part, on establishing the cryptographically protected communications session. (See Wasiq et al., para. 24-25, i.e., the shared-secret cryptographic material produced by the transport layer security component, item 115 is used to derive cryptographic keys)
Referring to the rejection of claim 18, (Wasiq et al. modified by Frith et al.) discloses wherein the executable instructions, as a result of being executed by the one or more processors of the system, cause the system to further at least receive at least a portion of the cryptographic material usable to derive one or more encryption keys. (See Wasiq et al., para. 24-25, i.e., the shared-secret cryptographic material produced by the transport layer security component, item 115 is used to derive cryptographic keys)
Referring to the rejection of claim 19, (Wasiq et al. modified by Frith et al.) discloses wherein the executable instructions, as a result of being executed by the one or more processors of the system, cause the system to further at least obtain the cryptographic material, the cryptographic material usable to derive one or more encryption keys, and obtaining the cryptographic material comprises receiving the portion of the cryptographic material from a first computing system and locating the other portion of the cryptographic material in a second computing system. (See Wasiq et al., para. 24-25, i.e., the shared-secret cryptographic material produced by the transport layer security component, item 115 is used to derive cryptographic keys. The transport layer security component, item 115 or other secure transport protocol that negotiates shared-secret cryptographic material as part of establishing a connection between the first client computer system, item 102, an application-layer cryptographic key, item 116 is derived from the shared-secret cryptographic material and the second server computer system, item 104, an application-layer cryptographic key, item 128 is derived from the secure transport layer, item 122)
Referring to the rejection of claim 20, (Wasiq et al. modified by Frith et al.) discloses wherein the executable instructions, as a result of being executed by the one or more processors of the system, cause the system to further at least receive a communication confirming a cryptographic scheme, the cryptographic scheme identifying the quantum-safe cryptographic algorithm (See Frith et al., pg. 2, 3rd paragraph, i.e., a quantum-safe encryption algorithm comprising a Quantum computer safe encryption (QSE) is a cryptographic algorithm that requires a secure one-way function to exchange shared secrets/private keys and/or to encrypt plaintext/input information and decrypt cipher text)
and the non-quantum-safe cryptographic algorithm. (See Wasiq et al., para. 27-28 and 44, i.e., The secure transport layer, item 122 derives the second application-layer cryptographic key, item 128 using cryptographic material provided by the transport layer security component, item 127 and digitally signing application data and verifying digital signatures on application data)
The rationale for combining Wasiq et al. in view of Frith et al. is the same as claim 2.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY D FIELDS whose telephone number is (571)272-3871. The examiner can normally be reached IFP M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached at (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/COURTNEY D FIELDS/Examiner, Art Unit 2436 December 28, 2025
/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436