DETAILED ACTION
Acknowledgements
This office action is in response to the claims filed 06/18/2024.
Claims 1-20 are pending.
Claims 1-20 have been examined.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Subject Matter Eligibility Standard
When considering subject matter eligibility under 35 U.S.C. § 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter (101 Analysis: Step 1). Even if the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea) (101 Analysis: Step 2a(Prong 1), and if so, Identify whether there are any additional elements recited in the claim beyond the judicial exception(s), and evaluate those additional elements to determine whether they integrate the exception into a practical application of the exception. (101 Analysis: Step 2a (Prong 2). If additional elements does not integrate the exception into a practical application of the exception, claim still requires an evaluation of whether the claim recites additional elements that amount to an inventive concept (aka “significantly more”) than the recited judicial exception. If the claim as a whole amounts to significantly more than the exception itself (there is an inventive concept in the claim), the claim is eligible. If the claim as a whole does not amount to significantly more (there is no inventive concept in the claim), the claim is ineligible. (101 Analysis: Step 2b).
The 2019 PEG explains that the abstract idea exception includes the following groupings of subject matter: a) Mathematical concepts b) Certain methods of organizing human activity and c) Mental processes
Analysis
In the instant case, claim 1 is directed to a method.
Step 2a.1– Identifying an Abstract Idea
The claims recite the steps of “receiving … request…. sending,…request… receiving …shares … retrieving…functions… determining… authorized, performing …operations…and returning…output….” The recited limitations fall within the certain methods of organizing human activity grouping of abstract ideas, specifically, commercial interactions, for example, receiving a request for access and information on whether there is authorization and performing operations based on the information. Accordingly, the claims recites an abstract idea.
See MPEP 2106.
Step 2a.2 – Identifying a Practical Application
The claim does not currently recite any additional elements or combination of additional elements that integrate the judicial exception into a practical application.
Accordingly, even in combination, these elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
Mere instructions to apply the exception using generic computer components and limitations to a particular field of use or technological environment do not amount to practical applications. The claim in directed to an abstract idea.
Step 2b
The claim limitations recite “receiving … request…. sending,…request… receiving …shares … retrieving…functions… determining… authorized, performing …operations…and returning…output….” are not additional elements and they amount to no more than mere instructions to apply the exception using a generic computer component. For the same reason these elements are not sufficient to provide an inventive concept. This is also determined to be well-understood, routine and conventional activity in the field. The Symantec, TLI, and OIP Techs, court decision cited in MPEP 2106.05(d)(II) indicates that mere receipt or transmission of data over a network is a well-understood, routine and conventional function when it is claimed in a merely generic manner, as it is here. Therefore, when considering the additional elements alone, and in combination, there is no inventive concept in the claim and thus the claim is not eligible.
Viewed as a whole, instructions/method claims recite the concept of a commercial interaction as performed by a generic computer. The claims do not currently recite any additional elements or combination of additional elements that amount to significantly more than the judicial exception. The elements used to perform the claimed judicial exception amount to no more than mere instructions to implement the abstract idea in a network, and/or merely uses a network as a tool to perform an abstract idea and/or generally linking the use of the judicial exception to a particular environment.
Dependent claims 2-15, 17, 18, and 19 provide descriptive language surrounding the abstract idea. As such, these elements do not provide the significantly more to the underlying abstract idea necessary to render the invention patentable.
Dependent claims 16 and 20 discuss functions in more descriptive detail of the steps geared toward the abstract idea. As such, these elements do not provide the significantly more to the underlying abstract idea necessary to render the invention patentable.
The claims do not, for example, purport to improve the functioning of the computer itself. Nor do they effect an improvement in any other technology or technical field. Therefore, based on case law precedent, the claims are claiming subject matter similar to concepts already identified by the courts as dealing with abstract ideas. See Alice Corp. Pty. Ltd., 573 U.S. 208 (citing Bilski v. Kappos, 561, U.S. 593, 611 (2010)).
The claims at issue amount to nothing significantly more than an instruction to apply the abstract idea using some unspecified, generic computer. See Alice Corp. Pty. Ltd., 573 U.S. 208. Mere instructions to apply the exception using a generic computer component and limitations to a particular field of use or technological environment cannot integrate a judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. The use of a computer or processor to merely automate and/or implement the abstract idea cannot provide significantly more than the abstract idea itself (MPEP 2106.05(I)(A)(f) & (h)). Therefore, the claim is not patent eligible.
Conclusion
The claim as a whole, does not amount to significantly more than the abstract idea itself. This is because the claim does not affect an improvement to another technology or technical filed; the claim does not amount to an improvement to the functioning of a computer system itself; and the claim does not move beyond a general link of the use of an abstract idea to a particular technological environment.
Accordingly, the Examiner concludes that there are no meaningful limitations in the claim that transform the judicial exception into a patent eligible application such that the claim amounts to significantly more than the judicial exception itself.
Dependent claims do not resolve the deficiency of independent claims and accordingly stand rejected under 35 USC 101 based on the same rationale.
Dependent claims 2-20 are also rejected.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention.
Claim 1 recites “wherein the MPC shares were generated as part of a digital contract between party A and party B permitting for combining the first data and the second data within an environment of the trusted third party provided by the server, to which neither party A nor party B have access.” The claims are unclear and indefinite. The claims are unclear whether “neither party A nor party B have access” to the “MPC shares” or the “environment of the trusted third party provided by the server”. The claim language is unclear and indefinite. Dependent claims 2-20 are also rejected.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Chiapuzio (US20240249289) (“Chiapuzio”), and further in view of Yadlin et al. (US 20200044863) (“Yadlin”).
Regarding claim 1, Chiapuzio discloses receiving, by a server and from a party B system, (i) a request to access first data of a party A system and (ii) second data of the party B system (Abstract ¶ 36-39, 62-65, 72, 77, 82, 85, 86, 91, 115, 120);
Chiapuzio-It should be understood that the terms “transaction” and “exchange” are herein used interchangeably, when used within a context of digitally transferring items of value, such as digital assets (e.g., non-fungible digital asset 130 (FIG. 1 )), collateral assets, and/or collateral tokens, among entities associated with a blockchain network, … each actor can maintain its cryptographic information in private while still allowing other actors on a network to gain access to the secured digital asset by requesting the key or key shard, without the need to provide underlying cryptographic information in the given key or key shard. In other words, in a multiparty computation search element configuration, each actor possessing an input to a function can see a result of the given function, without being able to see each respective actor's input to the given function. This allows multiple actors across the network to agree to provide access to a digital asset…Suppose participants A, B, and C contain respective numerical values X, Y, and Z; and the objective of the calculation is to determine the largest numerical value N of inputs X, Y, and Z. Each value X, Y, and Z would be entered into an example MPC tool… The oracle may be configured based on rules and participate in the MPC locker system. The oracle would inherit the protocol, so the key signature design would be within that node. (¶ 77, 85, 86, 91)
receiving, by the server and from the party A system and the party B system, MPC shares associated with trusted third party processing of data from party A and party B, wherein the MPC shares were generated as part of a digital contract between party A and party B permitting for combining the first data and the second data within an environment of the trusted third party provided by the server, to which neither party A nor party B have access(¶ 11, 13, 42-45, 61, 82-87, 111, 112, 115, 122, 125-127);
Chiapuzio- The MPC security system may provide multiple sharding to a cryptographic key, where the given key is used to secure a digital asset. In this way, multiple parties may be respectively assigned multiple key shards… a digital asset may be exchanged, cross-chain, securely, and despite differences between constraints or rules of operation that may be established for the different blockchains. Such a digital asset may be in the form of a token, which may be fungible, or may be a non-fungible token (NFT). Such constraints or rules may be in the form of smart contracts, or other forms… MPC aims to ensure that participants in a network maintain their privacy in their individual information, while still being able to verify a variable relevant to multiple participants…Suppose participants A, B, and C contain respective numerical values X, Y, and Z; and the objective of the calculation is to determine the largest numerical value N of inputs X, Y, and Z. Each value X, Y, and Z would be entered into an example MPC tool…A composable digital asset integrates two or more individual digital assets into a new combined form, which may be referred to as an asset cluster. An asset cluster may comprise components of similar or different types. For example, an asset cluster may include an element of fungible currency such as cryptocurrency, along with a NFT. Thus, combining an amount of cryptocurrency with an NFT effectively establishes a floor value for the NFT equal to the value of the fungible cryptocurrency. (¶ 32, 42, 86, 125)
retrieving, by the server, one or more MPC authorization functions associated with the digital contract(¶ 88, 89, 99, 111);
Chiapuzio- To enable transfer of the NFT digital asset from one blockchain to third party blockchain, the MPC locker is opened, and the NFT digital asset is deposited into the MPC locker with a signature and then locked. The ownership of the NFT digital asset is updated via an encoded smart contract, which is locked via digital signature… A request to access a subject NFT may trigger a key shard command to be executed by associated device(s). The command may be signed and/or encrypted by the MPC locker system 700. The cryptographic key shards from the respective devices are preloaded into the MPC locker system during a pairing process, which may be conducted by the blockchain(s)/sidechain(s) 706 1-n. This allows the MPC locker system 700 to validate the origin of the request, and, if needed, decrypt the contents of the instruction, and request that the other devices having key shards approve it. (¶ 88, 111)
determining, by the server, whether the requested access to the first data and the second data is authorized based on the received MPC shares and the one or more MPC authorization functions associated with the digital contract (¶ 48, 50, 98, 103, 115-117);
Chiapuzio- he MPC security system 110 may be further configured to verify secure possession of each shard of the shard(s) 106 a-c by each corresponding node of the respective node(s) 104 a-c. Responsive to the verifying, the MPC security system 110 may be further configured to approve or validate a transaction, e.g., transaction 150, for the non-fungible digital asset 130, which transaction 150 may occur among at least two, e.g., node 104 n-1 and node 104 n, of the multiple nodes 104 a-n, thereby securing the non-fungible digital asset 130… The MPC locker 704 will only unlock and allow access to the user device(s) 705 that contain, and provide, an appropriate key shard of the cryptographic key. The MPC locker system will then run a multiparty computational search algorithm with the provided cryptographic key to attest as to the validity of the provided key. (¶ 48, 98)
performing, by the server and based on a determination that the requested access is authorized, data processing operations using the first data and the second data in a secure environment; and (¶ 43, 98, 119, 120);
Chiapuzio- If the MPC locker system determines that the provided key is valid, it will unlock the MPC locker 704 and allow the user device 705 access to the MPC locker 704. (¶ 98)
returning, by the server, output from the data processing operations(¶ 43-45, 119, 120);
Chiapuzio- In an exemplary gaming environment, granting players access to portions of the shards to manage security and control of digital assets can improve security of digital assets during gameplay and enhance usability…The owner is now the contract, which will be unlocked by a signature. To unlock, the wallet is released and the NFT is pulled out. In another example embodiment, unlocking is a two-step process where (i) a signature is provided and (ii) permission to access is verified. The locker is unlocked so the second participant with a separate address may access it. (¶ 45, 120)
Chiapuzio does not disclose sending, by the server and to the party A system and the party B system, an authorization request to authorize the request to access the first data.
Yadlin teaches sending, by the server and to the party A system and the party B system, an authorization request to authorize the request to access the first data (¶ 40- 44, 47-50, 65)
Yadlin- The signing policy may also ensure authenticity of the request using multi-factor authentication, for example by sending an email to the requesting user to validate the request… The employee requests $110,000 worth of Bitcoin to be deposited in a wallet W…. The manager and the finance analyst each receives a text notification asking for approval of the transaction sending $110,000 of Bitcoin to Wallet W … The policy engine 242 may further be configured to determine whether the signing policy is met based on one or more additional requirements. The additional requirements may indicate other entities (not shown) that must approve a transaction, required authentication protocols (e.g., multi-factor authentication, use of particular devices, biometric authentication, combinations thereof, etc.), both,… The signing includes running a MPC protocol the shares as part of an interactive signing process. The interactive signing process includes each system running a MPC protocol using its respective shares. In an embodiment, the data is signed using a distributed implementation of a digital signature algorithm (for example ECDSA/EdDSA/ED25519), such that the full private key is never reconstructed on any system. In a further embodiment, during the signing, no portion of each system's shares is revealed to the other system. (¶ 42, 44, 47, 65)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Chiapuzio and Yadlin in order to provide anonymous transactions with securing digital signatures (Yadlin; ¶ 2-4).
Regarding claim 2, Yadlin teaches wherein the MPC shares are rescinded when one of the party A system and the party B system opt not to provide the respective first data or the second data (¶ 30, 31, 48, 49).
Regarding claim 3, Chiapuzio discloses wherein the data processing operations are performed in a secure execution environment or secure enclave of the trusted third party provided by the server where the party A system provides the first data and the party B system provides the second data without the first and second data being exposed to the other party system (Abstract; ¶ 134-139).
Regarding claim 4, Chiapuzio discloses wherein the data processing operations performed in the secure environment are based on code that is authorized and audited by the party A system and the party B system to restrict information that is outputted from the secure environment(¶ 11, 94, 103-111).
Regarding claim 5, Chiapuzio discloses wherein the MPC authorization functions include a signing policy comprising (i) a designation of a transaction signing group, (ii) a designation of a plurality of transaction signing client devices that are included in the transaction signing group, and (iii) for each transaction class of a plurality of transaction classes, a corresponding threshold number of the plurality of transaction signing client devices that is required to authorize a transaction request, wherein the transaction request is a member of the transaction class (Abstract; ¶ 94, 103-111, 126).
Regarding claim 6, Chiapuzio discloses wherein the transaction request comprises a request to process the first data using the second data, wherein the second data is a machine learning model (¶ 62, 64, 91, 125-129).
Regarding claim 7, Chiapuzio discloses wherein determining, by the server, whether the requested access to the first data and the second data is authorized based on the received MPC shares and the one or more MPC authorization functions associated with the digital contract comprises determining that a threshold quantity of users are required to provide permission for the data processing operations to execute(¶ 42-45, 111, 139-143).
Regarding claim 8, Chiapuzio discloses wherein the threshold quantity of users comprises all users(Abstract; ¶ 103-105, 108, 111).
Regarding claim 9, Chiapuzio discloses wherein all the users comprise the party A system and the party B system (Abstract; ¶ 103-108, 111, 115, 139).
Regarding claim 10, Chiapuzio discloses wherein the secure environment is an MPC system (¶ 32-45, 109).
Regarding claim 11, Chiapuzio discloses wherein the secure environment is a secure enclave of a trusted platform model (“TPM”) (¶ 54, 73, 81, 84).
Regarding claim 12, Chiapuzio discloses wherein the secure environment is a secure enclave of a hardware security module (“HSM”) (¶ 82).
Regarding claim 13, Chiapuzio discloses wherein the authorization data comprises each of the party A system and the party B system signed shares of a cryptographic key associated with a digital contract between the party A system and the party B system(¶ 83, 94, 97, 113-120).
Regarding claim 14, Chiapuzio discloses wherein the first data is raw trade data and the second data is a machine learning model, wherein performing, by the server, processing operations using the first data and the second data in a secure environment comprises providing the raw trade data as input to the machine learning model to generate output, the output comprising secondary business data or commercial insights data (¶ 62, 64, 91, 125-131).
Regarding claim 15, Yadlin teaches wherein the processing operations are performed until at least one of the party A client device and the party B client device rescinds its respective authorization data(¶ 30, 31, 48, 49).
Regarding claim 16, Chiapuzio discloses creating, by the server system, a digital contract between the party A system and the party B system, wherein creating the digital contract comprises establishing an MPC group for sharing a cryptographic key and authenticating requests to access data between the party A system and the party B system; instructing, by the server, each of the party A system and the party B system to generate shares of the cryptographic key associated with the digital contract; and receiving, by the server and from each of the party A system and the party B system, respective shares of the cryptographic key(Abstract; ¶ 11, 32, 94, 98, 103-111, 115, 131).
Regarding claim 17, Chiapuzio discloses wherein the creating, by the server system, a digital contract operation is performed before receiving, by a server and from a party B system, (i) a request to access first data of a party A system and (ii) second data of the party B system(¶ 32, 82-88, 94, 118-120).
Regarding claim 18, Chiapuzio discloses wherein performing, by the server, processing operations using the first data and the second data comprises: processing the first data into a plurality of data segments; processing the second data into a plurality of machine learning operations; and performing the processing operations for each of the plurality of machine learning operations, wherein each of the plurality of machine learning operations comprises a plurality of permission requests to access one or more of the plurality of data segments (Abstract; ¶ 42, 94, 103, 115, 131-134).
Regarding claim 19, Chiapuzio discloses wherein the authorization data comprises signed payloads from each of the party A system and the party B system(¶ 94, 103, 111).
Regarding claim 20, Chiapuzio discloses encrypting, by the server, the first data with signatures from the signed payloads; transmitting the encrypted first data to a HSM, wherein the HSM is configured to perform the processing operations using the encrypted first data and the second data in a secure environment of the HSM; and receiving, by the server and from the HSM, the output from the processing operations (¶ 13, 82, 94, 103, 111, 115).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Brown et al., (US 20240348592) teaches MPC shares and signatures.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ILSE I IMMANUEL whose telephone number is (469)295-9094. The examiner can normally be reached Monday-Friday 9:00 am to 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NEHA H PATEL can be reached on (571) 270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ILSE I IMMANUEL/Primary Examiner, Art Unit 3699