DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claims recite mathematical formula/calculations (such as determining based on a first verification value C and a second verification value D whether a public key A is properly generated). In addition, the steps of the independent claims could be performed mentally, or by hand. In addition, all of the dependent claims recite additional mathematical formulas/calculations. This judicial exception is not integrated into a practical application because the claims are drawn to a method of establishing a common secret key during a key exchange. However, the claims do not recite any steps which establish the common secret key. They merely recite determining if the public key is properly generated and ending the key exchange if it is not properly generated. There is no practical application of establishing the common secret key. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the only additional elements would be the medium of claim 9 and the cloud-based server of claim 17, which are well-known and basic computing elements.
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 9-16 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claims do not fall within at least one of the four categories of patent eligible subject matter because the claims recite a computer-readable medium, which could be interpreted a signal. A signal or carrier wave does not fall under one of the four statutory categories. The examiner suggests reciting a “non-transitory computer readable medium”.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being incomplete for omitting essential steps, such omission amounting to a gap between the steps. See MPEP § 2172.01. The omitted steps are: establishing a common secret key during a key exchange. The claims recite “a method of establishing, at a first entity, a common secret key (k) for encrypted data communication during a key exchange between the first entity and a second entity” (and corresponding medium and server). However, no common secret key is ever established in the claims.
Allowable Subject Matter
Claims 1-20 would be allowable if rewritten or amended to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, and the 101 rejections set forth in this Office action.
The following is a statement of reasons for the indication of allowable subject matter: The following is the closest prior art:
Young et al. (US 6,122,742) which teaches: In another variant the users publish their public keys which are used for key exchanges in a Diffie-Hellman like "key exchange". For example, the following method can be used. Let a be user A's private key and let b be user B's private key. Let y.sub.a =(g to the power a) mod p be user A's public key and let y.sub.b =(g to the power b) mod p be user B's public key. To establish a random session key, user B chooses a random string s. User A then sends m=(y.sub.b to the a power)s mod p to user B. User B recovers s by computing m/(y.sub.a to the power b) mod p. Users A and B derive a session key from s using a known public function (e.g., applying to it a one-way hash function). Later, when the session key is required to be taken out of escrow, the trustees can use either a or b to recover s, and hence the session key. – see column 12 lines 41-54.
Pettit (US 12,542,658) which teaches: generating a third public key corresponding to the intermediary private key; generating a first value based on the first and second public keys; and verifying that the second secret share of the shared secret has been generated correctly based on whether the first value matches the third public key. Statement 16. The method of statement 15, comprising: in response to determining that the second secret share has not been generated correctly, performing the following steps for one, some or all of the other respective participants: obtaining a respective first public key corresponding to the respective first secret share of that participant; obtaining a respective second public key corresponding to the respective blinding share of that participant; obtaining a respective third public key corresponding to the respective intermediary share of that participant; generating a respective first value based on the respective first and second public keys of that participant; and verifying that the respective second secret share of the shared secret has been generated correctly by that participant based on whether the respective first value matches the respective third public key – see column 25 lines 31-56.
Minagawa (JP 2024055092) which teaches: The public key for generating the shared key of the communication device 101 is a public key of the communication device 101 that corresponds to the private key for generating the shared key of the communication device 101 that is used when the communication device 101 generates the shared key. The public key for generating the shared key of the communication device 102 is a public key that corresponds to the private key for generating the shared key of the communication device 102 that is used when the communication device 102 generates the shared key. By using such a combination of keys, the communication device 101 can generate a shared key that is the same as the shared key generated by the communication device 102. Note that if the public keys for generating the shared key are not correctly exchanged between the communication device 101 and the communication device 102 by sending and receiving the above mentioned authentication request and authentication response, the same shared key cannot be generated – see page 10, second paragraph from the bottom.
Smith et al. (CN 102625939) which teaches: public key validation step is verifying public key is correctly generated and received. key verification step to check to see whether it satisfies some basic characteristic of a valid key. input is the parameter of EC domain and public key Q candidate. output is to accept (ACCEPT) or reject (REJECT). 1) the detection Q. = O. 2) checking xQ and yQ is an element of the bottom domain F. 3) checking Q satisfies EC equation as defined in EC domain parameters. 4) checking 4 *Q. = O. 5) if it satisfies all the more, and returning acceptance (ACCEPT), otherwise, returning refuse (REJECT) – see page 68 last paragraph.
However, the prior art does not teach determining whether a public key is properly generated based on the steps recited in the instant claims (such as the verification values and random numbers recited in the claims).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LISA C LEWIS whose telephone number is (571)270-7724. The examiner can normally be reached Monday - Thursday 7am-2pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/LISA C LEWIS/Primary Examiner, Art Unit 2495