DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claim 1 is objected to because of the following informalities: Claim 1 recites “the group” which should recite “a group”. Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-8 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 1 recites “a coordinator” three times. It is unclear if these are the same coordinator or a first/second/third coordinator.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 5, 6, 9-11, and 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over Gluck et al. (US 2020/0076827) in view of Di Nicola (US 2019/0354972).
Regarding claims 1, 9, 14, and 15, Gluck teaches computer implemented methods (and corresponding computer equipment and non-transitory computer readable medium) of generating shares of child private keys, and wherein the method is by a first participant of the group and comprises:
Generating a master private key, wherein the master private key is generated based on a first portion of a hash of a seed value (A master seed is hashed to generate a master hash which is split into a master chain code and a master private key - see [0143] – [0144]).
Generating, a master chain code for the master private key, wherein the master chain code is generated based on a second portion of the hash of the seed value (A master seed is hashed to generate a master hash which is split into a master chain code and a master private key - see [0143] – [0144]).
Generating a master public key corresponding to the master private key (Multiple master public keys are generated from the master private key – see [0145]).
Generating one or more child private key, wherein the child private key is generated based on the master private key, and a first portion of a hash of i) the master chain code, ii) the master public key, and iii) a respective key index (The master chain code, the master public key, and the index are combined into a child seed. The child seed is hashed to generate a child hash. The child hash is split into a child chain code and an intermediate child private key. The intermediate child private key and the master private key are combined to form a child private key) – see [0150] – [0153] and figure 16.
Gluck does not teach performing key sharing or receiving the data from a coordinator or making the data available to other participants.
Di Nicola teaches dividing a master private key into M portions using Shamir’s secret sharing. Each one of M devices receives and stores one of the M portions– see [0036].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Gluck by using secret sharing, in order to promote collaboration and increase the security of the key, based upon the beneficial teachings provided by Di Nicola. These modifications would result in increased security to the system.
The Examiner notes that receiving the data and generating/making available the data, are merely the two different sides of the secret sharing scheme.
Regarding claim 2, Gluck further teaches for each respective child private key, generating a corresponding respective child public key, wherein each respective child public key is generated based on the master public key and a public key corresponding to the first portion of a hash of i) the master chain code, ii) the master public key, and iii) the respective key index (The master chain code, the master public key, and the index are combined into a child seed. The child seed is hashed to generate a child hash. The child hash is split into a child chain code and an intermediate child private key. The intermediate child private key and the master public key are combined to form a child public key – see [0150] – [0153], [0181], and figure 16.
Regarding claim 3, Gluck teaches for each respective child private key, generating a respective chain code, wherein the respective chain code is generated based on a second portion of a hash of the master chain code, the master public key and the respective key index (the master chain code, the master public key, and the index are combined into a child seed. The child seed is hashed to generate a child hash. The child hash is split into a child chain code and an intermediate child private key – see [0152] and figure 16). Gluck does not teach that the hash includes the master private key. However, Gluck teaches that the master chain code is associated with the master private key (see [0143] – [0144]). Therefore it would have been obvious before the effective filing date of the claimed invention to also include it the master private key in the hash in order to have additional values, which would add security to the system.
Regarding claim 5, the combination of Gluck and Di Nicola teaches wherein the hash of the first share of the master private key, the master chain code, the master public key and a respective key index is a HMAC of the first share of the master private key, the master chain code, the master public key, and a respective key index (HMAC – see [0143] of Gluck).
Regarding claim 6, Gluck teaches performing a signing phase of a threshold signature scheme, said performing comprising:
Obtaining a message (a predefined message – see [0155]).
Generating a first signature share based on the message and one of the first child private key (Message is signed by the child private key to generate a signature – see [0155]).
Sending the first signature share to the coordinator (The nodes of the distributed blockchain system may verify the signature, which indicates transmission – see [0157]).
Regarding claim 10, Di Nicola teaches dividing a master secret key into shares and using Shamir’s secret sharing algorithm as an exemplary algorithm – see [0036].
Regarding claim 11, Gluck teaches that the has of the seed value is HMCA of the seed value (HMAC – see [0151]).
Regarding claim 13, Gluck teaches that the coordinator is one of the participants (Nodes of distributed blockchain – see [0157]).
Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Gluck et al. (US 2020/0076827) in view of Di Nicola (US 2019/0354972), and further in view of Patel et al. (US 2019/0228406).
The teachings of Gluck and Di Nicola are relied upon for the reasons set forth above.
Regarding claim 4, Gluck and Di Nicola teach generating the first shares of one or more respective child private keys, wherein each first share of the respective child private key is generated based on the first share of the respective child private key is generated based on the first share of the at least one respective private key, and a first portion of a hash of i) the respective chain code for the at least one private key, ii) the public key corresponding to the at least one private key, and iii) a respective key index, as discussed above.
However Gluck and Di Nicola do not teach that the child key is a grandchild private key.
Patel teaches that a grandchild private key may be generated using a child private key, a child chain code and a child index number (B). The child private key may have an index number A, i.e., the child private key is the (A+1)th child private key generated from the parent private key – see [0076].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Gluck and Di Nicola by generating grandchild private keys, in order to create a larger hierarchy, based upon the beneficial teachings provided by Patel. These modifications would result in key strength while focusing efforts mostly on the security of the master key, thus saving resources.
Claims 7 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Gluck et al. (US 2020/0076827) in view of Di Nicola (US 2019/0354972), and further in view of Gennaro et al. (“Threshold-optimal DSA/ECDSA signatures and an application to Bitcoin wallet security”).
The teachings of Gluck and Di Nicola are relied upon for the reasons set forth above.
Regarding claim 7, Gluck and Di Nicola do not teach that the threshold signature scheme is a threshold-optimal signature scheme.
Gennaro teaches a threshold-optimal signature scheme used for bitcoin that does not require an honest majority and is useful for securing bitcoin wallets – see abstract.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Gluck and Di Nicola by using a threshold-optimal signature scheme, based upon the beneficial teachings provided by Gennaro. These modifications would result in securing bitcoin wallets without requiring an honest majority.
Regarding claim 8, Gluck teaches that the message comprises at least part of a blockchain transaction (The nodes of the distributed blockchain system may verify the signature by, for example, hashing the pre-defined message, decrypting the signature with the child public key, and determining whether the hash matches the decrypted signature – see [0157]).
Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Gluck et al. (US 2020/0076827) in view of Di Nicola (US 2019/0354972), and further in view of Davis (US 2019/0213821).
The teachings of Gluck and Di Nicola are relied upon for the reasons set forth above.
Regarding claim 12, Gluck and Di Nicola do not teach deleting the master private key from memory.
Davis teaches the processing server may be configured to delete the master private key once the master public key has been posted to the blockchain. In such embodiments, this may be done to ensure that votes cannot be decrypted prior to the closing of the election – see [0029].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Gluck and Di Nicola by deleting the master private key from memory, in order to ensure that votes cannot be decrypted prior to the close of an election, based upon the beneficial teachings provided by Davis. Both Gluck and Davis are in the art of blockchain. These modifications would result in additional security for the blockchain.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LISA C LEWIS whose telephone number is (571)270-7724. The examiner can normally be reached Monday - Thursday 7am-2pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/LISA C LEWIS/Primary Examiner, Art Unit 2495
/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495