DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office Action is in response to Application 18877520 filed on 12/20/2024. Claims 1, 6, 10, and 20-23 are independent claims. Claims 20-21 were currently amended via the preliminary amendments. Claims 22-23 have been added. Claims 17-19 have been canceled. Claims 1-16 and 20-23 have been examined and are pending in this application. This Office Action is made Non-Final.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/20/2024 and 11/04/2025 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-6, 10-12, and 20-23 are rejected under 35 U.S.C. 103 as being unpatentable over Watson et al. (“Watson,” US 20230208643, filed on 12/23/2021) in view of Badrinarayanan et al. (“Badrinarayanan,” US 20220131698, published on 04/28/2022).
Regarding Claim 1;
Watson discloses a data processing method, applied to a data application device, the method comprising:
acquiring a service algorithm of an application service, and performing format conversion on the service algorithm to obtain an algebraic intermediate representation (par 0027; used in a cryptographic algorithm to transform input data into another representation. A cryptographic algorithm can be an encryption algorithm that transforms original data into an alternate representation, or a decryption algorithm that transforms encrypted information back to the original data);
processing the algebraic intermediate representation according to a preset Scalable Transparent ARgument of Knowledge (STARK) conversion rule to obtain a prover and a verifier (par 0031; zero-knowledge proof can be an interactive zero-knowledge proof or a non-interactive zero-knowledge proof. An interactive zero-knowledge proof occurs when a prover must perform an action or series of actions to convince a specific verifier of something. A non-interactive zero-knowledge proof can occur when a provider provides a proof to anyone, where the proof can be verified by anyone that can access the information and attempts to verify the proof. Two example non-interactive zero-knowledge proofs include Zk-SNARK (zero-knowledge succinct non-interactive arguments of knowledge and Zk-STARK (zero-knowledge scalable transparent arguments of knowledge));
sending the prover to a computing power processing device (par 0133, fig. 5; the first user device can transmit the identifier commitment, the balance commitment, and the enrollment proof to the interaction validation computer; par 0047; the users can present an encrypted version of their account balances to the interaction validation computer S. These encrypted balances can be referred to as a state or a user device state);
receiving an operation result sent by the computing power processing device, wherein the operation result comprises proof information and a ciphertext result, the proof information and the ciphertext result are obtained by the computing power processing device through calculation on ciphertext data using the prover, and the ciphertext data is obtained by a data source device using a encryption algorithm (par 0047; fig. 5; the users can present an encrypted version of their account balances to the interaction validation computer; par 0134; after receiving the enrollment request message the interaction validation computer S can verify the enrollment proof it by checking that non-interactive zero-knowledge verification algorithm NIZK.Verify(ff) passes. For example, the non-interactive zero-knowledge verification algorithm NIZK.Verify(p) can output a value of 1 if the enrollment proof it is valid; par 0135; after determining that the enrollment proof is valid, the interaction validation computer can generate a signature s.sub.C on a combination of the identifier commitment and the balance commitment using a interaction validation computer private key sk.sub.s. The resulting signature can be a state signature; par 0136; after generating the signature, the interaction validation computer can generate an enrollment response message. The enrollment response message can include an indication of whether or not the first user device. A is enrolled, and the state signature s.sub.C; par 0138; after generating the enrollment response message, the interaction validation computer can provide the enrollment response message to the first user device); and
performing a verification on the proof information using the verifier, and sending the ciphertext result to the data source device in response to the verification of the proof information being successful (par 0139. fig. 5; after receiving the enrollment response message, the first user device can generate an enrolled indication message that can indicate to a state attestation computer that the first user device has been enrolled. The enrolled indication message can include the user device public key, the balance commitment, the first random value, and the state signature; par 0141; after receiving the enrolled indication message, the state attestation computer can verify that the first user device was not previously enrolled. For example, the state attestation computer can retrieve a state mapping from memory. The state mapping can map user device states to user device public keys. The state attestation computer can check if the state mapping includes the user device public key; par 0142; the state attestation computer can verify the state signature s.sub.C [] the state attestation computer can verify the state signature s.sub.C using the interaction validation computer public key corresponding to the interaction validation computer private key used to form the state signature; par 0143; if the user device state is valid, then the state attestation computer can add the user device state signature s.sub.C and the user device public key vk.sub.C to the state map; par 0170; after generating the verify state response message, the state attestation computer can provide the verify state response message to the first user device).
Watson discloses using a encryption algorithm; sending the ciphertext result to the data source device in response to the verification of the proof information being successful as recited above, but do not explicitly disclose a homomorphic encryption algorithm; such that the data source device decrypts the ciphertext result using the homomorphic encryption algorithm and returns a plaintext result.
However, in an analogous art, Badrinarayanan discloses authentication system/method that includes:
a homomorphic encryption algorithm (Badrinarayanan: par 0104; the encrypted code may be computed with the public key, using properties of homomorphic encryption. The encrypted code can be used to increase the security of the authentication process);
such that the data source device decrypts the ciphertext result using the homomorphic encryption algorithm and returns a plaintext result (Badrinarayanan: par 0124; the cryptographic technique can be homomorphic such that operations on the encrypted values provides the same result once decrypted, as when the operations are performed on the plaintext values).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Badrinarayanan with the method/system of Watson to include a homomorphic encryption algorithm; such that the data source device decrypts the ciphertext result using the homomorphic encryption algorithm and returns a plaintext result. One would have been motivated to use during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. One enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device (Badrinarayanan: abstract).
Regarding Claim 2;
The combination of Watson and Badrinarayanan disclose the method of claim 1,
Watson discloses wherein after performing a verification on the proof information using the verifier, the method further comprises: sending first accountability information to the computing power processing device and ending the operation procedure, in response to the verification of the proof information being unsuccessful, wherein the first accountability information indicates that the service algorithm has been tampered with (Watson: par 0134; after receiving the enrollment request message the interaction validation computer S can verify the enrollment proof it by checking that non-interactive zero-knowledge verification algorithm NIZK.Verify(ff) passes. For example, the non-interactive zero-knowledge verification algorithm NIZK.Verify(p) can output a value of 1 if the enrollment proof it is valid [] if the enrollment proof p is not valid, the interaction validation computer can generate a proof failed message that indicates that the enrollment proof it is not valid. The interaction validation computer can provide the proof failed message to the first user device).
Regarding Claim 3;
The combination of Watson and Badrinarayanan disclose the method of claim 1,
Watson discloses wherein after sending the ciphertext result to the data source device, such that the data source device decrypts the ciphertext result using the homomorphic encryption algorithm and returns a plaintext result, the method further comprises: receiving the plaintext result, wherein the plaintext result comprises identification information; and performing a verification on the identification information, and sending the plaintext result to the application service in response to the verification on the identification information being successful (par 0139. fig. 5; after receiving the enrollment response message, the first user device can generate an enrolled indication message that can indicate to a state attestation computer that the first user device has been enrolled. The enrolled indication message can include the user device public key, the balance commitment, the first random value, and the state signature; par 0141; after receiving the enrolled indication message, the state attestation computer can verify that the first user device was not previously enrolled. For example, the state attestation computer can retrieve a state mapping from memory. The state mapping can map user device states to user device public keys. The state attestation computer can check if the state mapping includes the user device public key; par 0142; the state attestation computer can verify the state signature s.sub.C [] the state attestation computer can verify the state signature s.sub.C using the interaction validation computer public key corresponding to the interaction validation computer private key used to form the state signature; par 0143; if the user device state is valid, then the state attestation computer can add the user device state signature s.sub.C and the user device public key vk.sub.C to the state map; par 0170; after generating the verify state response message, the state attestation computer can provide the verify state response message to the first user device).
Badrinarayanan further discloses sending the plaintext result (Badrinarayanan: par 0124; the cryptographic technique can be homomorphic such that operations on the encrypted values provides the same result once decrypted, as when the operations are performed on the plaintext values).
The motivation is the same that of claim 1 above.
Regarding Claim 4;
The combination of Watson and Badrinarayanan disclose the method of claim 3,
Watson discloses wherein after performing a verification on the identification information, the method further comprises: sending second accountability information to the computing power processing device and ending the operation procedure, in response to the verification of the identification information being unsuccessful, wherein the second accountability information indicates that the ciphertext data has been tampered with (Watson: par 0134; after receiving the enrollment request message the interaction validation computer S can verify the enrollment proof it by checking that non-interactive zero-knowledge verification algorithm NIZK.Verify(ff) passes. For example, the non-interactive zero-knowledge verification algorithm NIZK.Verify(p) can output a value of 1 if the enrollment proof it is valid; par 0141; after receiving the enrolled indication message, the state attestation computer can verify that the first user device was not previously enrolled. For example, the state attestation computer can retrieve a state mapping from memory. The state mapping can map user device states to user device public keys. The state attestation computer can check if the state mapping includes the user device public key [] if state mapping already includes the user device public key, the state attestation computer can generate an enrollment failed response since the first user device has previously enrolled).
Regarding Claim 5;
The combination of Watson and Badrinarayanan disclose the method of claim 4,
Watson discloses wherein after sending the ciphertext result to the data source device, the method further comprises: sending the second accountability information to the computing power processing device and ending the operation procedure, in response to the decryption of the ciphertext result being unsuccessful (Watson: par 0134; after receiving the enrollment request message the interaction validation computer S can verify the enrollment proof it by checking that non-interactive zero-knowledge verification algorithm NIZK.Verify(ff) passes. For example, the non-interactive zero-knowledge verification algorithm NIZK.Verify(p) can output a value of 1 if the enrollment proof it is valid; par 0141; after receiving the enrolled indication message, the state attestation computer can verify that the first user device was not previously enrolled. For example, the state attestation computer can retrieve a state mapping from memory. The state mapping can map user device states to user device public keys. The state attestation computer can check if the state mapping includes the user device public key [] if state mapping already includes the user device public key, the state attestation computer can generate an enrollment failed response since the first user device has previously enrolled).
Regarding Claim 6;
Watson discloses a data processing method, applied to a computing power processing device, the method comprising:
receiving a prover sent by a data application device (par 0133, fig. 5; the first user device can transmit the identifier commitment, the balance commitment, and the enrollment proof to the interaction validation computer; par 0047; the users can present an encrypted version of their account balances to the interaction validation computer S. These encrypted balances can be referred to as a state or a user device state);
acquiring, from a data source device, ciphertext data obtained using a encryption algorithm, and performing calculation on the ciphertext data through the prover to obtain proof information and a ciphertext result (par 0047; fig. 5; the users can present an encrypted version of their account balances to the interaction validation computer; par 0134; after receiving the enrollment request message the interaction validation computer S can verify the enrollment proof it by checking that non-interactive zero-knowledge verification algorithm NIZK.Verify(ff) passes. For example, the non-interactive zero-knowledge verification algorithm NIZK.Verify(p) can output a value of 1 if the enrollment proof it is valid; par 0135; after determining that the enrollment proof is valid, the interaction validation computer can generate a signature s.sub.C on a combination of the identifier commitment and the balance commitment using a interaction validation computer private key sk.sub.s. The resulting signature can be a state signature; par 0136; after generating the signature, the interaction validation computer can generate an enrollment response message. The enrollment response message can include an indication of whether or not the first user device. A is enrolled, and the state signature s.sub.C; par 0138; after generating the enrollment response message, the interaction validation computer can provide the enrollment response message to the first user device); and
sending the proof information and the ciphertext result to the data application device (par 0139. fig. 5; after receiving the enrollment response message, the first user device can generate an enrolled indication message that can indicate to a state attestation computer that the first user device has been enrolled. The enrolled indication message can include the user device public key, the balance commitment, the first random value, and the state signature; par 0141; after receiving the enrolled indication message, the state attestation computer can verify that the first user device was not previously enrolled. For example, the state attestation computer can retrieve a state mapping from memory. The state mapping can map user device states to user device public keys. The state attestation computer can check if the state mapping includes the user device public key; par 0142; the state attestation computer can verify the state signature s.sub.C [] the state attestation computer can verify the state signature s.sub.C using the interaction validation computer public key corresponding to the interaction validation computer private key used to form the state signature; par 0143; if the user device state is valid, then the state attestation computer can add the user device state signature s.sub.C and the user device public key vk.sub.C to the state map; par 0170; after generating the verify state response message, the state attestation computer can provide the verify state response message to the first user device).
Watson discloses using a encryption algorithm; sending the proof information and the ciphertext result to the data application device as recited above, but do not explicitly disclose a homomorphic encryption algorithm; such that the data application device obtains a plaintext result according to the proof information and the ciphertext result.
However, in an analogous art, Badrinarayanan discloses authentication system/method that includes:
a homomorphic encryption algorithm (Badrinarayanan: par 0104; the encrypted code may be computed with the public key, using properties of homomorphic encryption. The encrypted code can be used to increase the security of the authentication process);
such that the data application device obtains a plaintext result according to the proof information and the ciphertext result (Badrinarayanan: par 0124; the cryptographic technique can be homomorphic such that operations on the encrypted values provides the same result once decrypted, as when the operations are performed on the plaintext values).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Badrinarayanan with the method/system of Watson to include a homomorphic encryption algorithm; such that the data application device obtains a plaintext result according to the proof information and the ciphertext result. One would have been motivated to use during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. One enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device (Badrinarayanan: abstract).
Regarding Claim 10;
Watson discloses a data processing method, applied to a data source device, the method comprising:
encrypting plaintext data of an application service using a encryption algorithm to obtain ciphertext data (par 0133, fig. 5; the first user device can transmit the identifier commitment, the balance commitment, and the enrollment proof to the interaction validation computer; par 0047; the users can present an encrypted version of their account balances to the interaction validation computer S. These encrypted balances can be referred to as a state or a user device state);
sending the ciphertext data to a computing power processing device, such that the computing power processing device performs calculation on the ciphertext data using a prover to obtain proof information and a ciphertext result, and sends the proof information and the ciphertext result to a data application device (par 0047; fig. 5; the users can present an encrypted version of their account balances to the interaction validation computer; par 0134; after receiving the enrollment request message the interaction validation computer S can verify the enrollment proof it by checking that non-interactive zero-knowledge verification algorithm NIZK.Verify(ff) passes. For example, the non-interactive zero-knowledge verification algorithm NIZK.Verify(p) can output a value of 1 if the enrollment proof it is valid; par 0135; after determining that the enrollment proof is valid, the interaction validation computer can generate a signature s.sub.C on a combination of the identifier commitment and the balance commitment using a interaction validation computer private key sk.sub.s. The resulting signature can be a state signature; par 0136; after generating the signature, the interaction validation computer can generate an enrollment response message. The enrollment response message can include an indication of whether or not the first user device. A is enrolled, and the state signature s.sub.C; par 0138; after generating the enrollment response message, the interaction validation computer can provide the enrollment response message to the first user device);
receiving a decryption request sent by the data application device, wherein the decryption request indicates that the proof information passes a verification by a verifier deployed on the data application device and carries the ciphertext result (par 0047; fig. 5; the users can present an encrypted version of their account balances to the interaction validation computer; par 0134; after receiving the enrollment request message the interaction validation computer S can verify the enrollment proof it by checking that non-interactive zero-knowledge verification algorithm NIZK.Verify(ff) passes. For example, the non-interactive zero-knowledge verification algorithm NIZK.Verify(p) can output a value of 1 if the enrollment proof it is valid; par 0135; after determining that the enrollment proof is valid, the interaction validation computer can generate a signature s.sub.C on a combination of the identifier commitment and the balance commitment using a interaction validation computer private key sk.sub.s. The resulting signature can be a state signature; par 0136; after generating the signature, the interaction validation computer can generate an enrollment response message. The enrollment response message can include an indication of whether or not the first user device. A is enrolled, and the state signature s.sub.C; par 0138; after generating the enrollment response message, the interaction validation computer can provide the enrollment response message to the first user device);
decrypting the ciphertext result using the encryption algorithm to obtain a result; and sending the result to the data application device (par 0139. fig. 5; after receiving the enrollment response message, the first user device can generate an enrolled indication message that can indicate to a state attestation computer that the first user device has been enrolled. The enrolled indication message can include the user device public key, the balance commitment, the first random value, and the state signature; par 0141; after receiving the enrolled indication message, the state attestation computer can verify that the first user device was not previously enrolled. For example, the state attestation computer can retrieve a state mapping from memory. The state mapping can map user device states to user device public keys. The state attestation computer can check if the state mapping includes the user device public key; par 0142; the state attestation computer can verify the state signature s.sub.C [] the state attestation computer can verify the state signature s.sub.C using the interaction validation computer public key corresponding to the interaction validation computer private key used to form the state signature; par 0143; if the user device state is valid, then the state attestation computer can add the user device state signature s.sub.C and the user device public key vk.sub.C to the state map; par 0170; after generating the verify state response message, the state attestation computer can provide the verify state response message to the first user device).
Watson discloses using a encryption algorithm; decrypting the ciphertext result using the encryption algorithm to obtain a result as recited above, but do not explicitly disclose a homomorphic encryption algorithm; homomorphic encryption algorithm to obtain a plaintext result; and sending the plaintext result to the data application device.
However, in an analogous art, Badrinarayanan discloses authentication system/method that includes:
a homomorphic encryption algorithm a homomorphic encryption algorithm (Badrinarayanan: par 0104; the encrypted code may be computed with the public key, using properties of homomorphic encryption. The encrypted code can be used to increase the security of the authentication process);
homomorphic encryption algorithm to obtain a plaintext result; and sending the plaintext result to the data application device (Badrinarayanan: par 0124; the cryptographic technique can be homomorphic such that operations on the encrypted values provides the same result once decrypted, as when the operations are performed on the plaintext values).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Badrinarayanan with the method/system of Watson to include a homomorphic encryption algorithm; homomorphic encryption algorithm to obtain a plaintext result; and sending the plaintext result to the data application device. One would have been motivated to use during enrollment to validate a norm of user templates and knowledge of the plaintext biometric template. One enrolled, the verifier can sign the encrypted template for use in a later matching phase with an access device (Badrinarayanan: abstract).
Regarding Claim 11;
The combination of Watson and Badrinarayanan disclose the method of claim 10,
Watson discloses wherein the decryption request further carries decryption permission (Watson: par 0125; The first user device can generate an identifier commitment using a user device public key vk.sub.C, the serial number S custom-character No.sub.C, and a first random value r.sub.1. For example, the first user device can generate the identifier commitment, which commits the first user device to the identifier); and before decrypting the ciphertext result using the homomorphic encryption algorithm to obtain a plaintext result, the method further comprises: executing the operation of decrypting the ciphertext result using the homomorphic encryption algorithm, in response to the decryption permission being valid; or sending response information indicating that the decryption is unsuccessful to the data application device and ending the decryption procedure, in response to the decryption permission being invalid (par 0139. fig. 5; after receiving the enrollment response message, the first user device can generate an enrolled indication message that can indicate to a state attestation computer that the first user device has been enrolled. The enrolled indication message can include the user device public key, the balance commitment, the first random value, and the state signature; par 0141; after receiving the enrolled indication message, the state attestation computer can verify that the first user device was not previously enrolled. For example, the state attestation computer can retrieve a state mapping from memory. The state mapping can map user device states to user device public keys. The state attestation computer can check if the state mapping includes the user device public key; par 0142; the state attestation computer can verify the state signature s.sub.C [] the state attestation computer can verify the state signature s.sub.C using the interaction validation computer public key corresponding to the interaction validation computer private key used to form the state signature; par 0143; if the user device state is valid, then the state attestation computer can add the user device state signature s.sub.C and the user device public key vk.sub.C to the state map; par 0170; after generating the verify state response message, the state attestation computer can provide the verify state response message to the first user device; par 0134; if the enrollment proof p is not valid, the interaction validation computer can generate a proof failed message that indicates that the enrollment proof it is not valid. The interaction validation computer can provide the proof failed message to the first user device).
Badrinarayanan further discloses homomorphic encryption algorithm (Badrinarayanan: par 0104; the encrypted code may be computed with the public key, using properties of homomorphic encryption. The encrypted code can be used to increase the security of the authentication process).
The motivation is the same that of claim 10 above.
Regarding Claim 12;
The combination of Watson and Badrinarayanan disclose the method of claim 11,
Watson discloses wherein after decrypting the ciphertext result using the homomorphic encryption algorithm, the method further comprises: sending the response information indicating that the decryption is unsuccessful to the data application device, in response to the decryption of the ciphertext result being unsuccessful (Watson: par 0134; after receiving the enrollment request message the interaction validation computer S can verify the enrollment proof it by checking that non-interactive zero-knowledge verification algorithm NIZK.Verify(ff) passes. For example, the non-interactive zero-knowledge verification algorithm NIZK.Verify(p) can output a value of 1 if the enrollment proof it is valid [] if the enrollment proof p is not valid, the interaction validation computer can generate a proof failed message that indicates that the enrollment proof it is not valid. The interaction validation computer can provide the proof failed message to the first user device).
Badrinarayanan further discloses homomorphic encryption algorithm (Badrinarayanan: par 0104; the encrypted code may be computed with the public key, using properties of homomorphic encryption. The encrypted code can be used to increase the security of the authentication process).
The motivation is the same that of claim 10 above.
Regarding Claim 20;
This Claim recites a device that perform the same steps as method of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.
Regarding Claim 21;
This Claim recites a non-transitory computer-readable storage medium that perform the same steps as method of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.
Regarding Claim 22;
This Claim recites a device that perform the same steps as method of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6.
Regarding Claim 23;
This Claim recites a device that perform the same steps as method of Claim 10, and has limitations that are similar to Claim 10, thus are rejected with the same rationale applied against claim 10.
Claims 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over Watson et al. (US 20230208643) in view of Badrinarayanan et al. (US 20220131698), and further in view of Ceravolo et al. (“Ceravolo,” US 20220109573, published on 04/07/2022).
Regarding Claim 7;
The combination of Watson and Badrinarayanan disclose the method of claim 6,
Watson discloses wherein before acquiring, from a data source device, ciphertext data obtained using a homomorphic encryption algorithm, and performing calculation on the ciphertext data through the prover to obtain proof information and a ciphertext result, the method further comprises: performing a verification on deployment permission of the prover (Watson: par 0125; The first user device can generate an identifier commitment using a user device public key vk.sub.C, the serial number S custom-character No.sub.C, and a first random value r.sub.1. For example, the first user device can generate the identifier commitment, which commits the first user device to the identifier), and querying an already deployed prover in response to the deployment permission being valid (par 0125; fig. 5; the first user device can generate an identifier commitment using a user device public key vk.sub.C, the serial number S custom-character No.sub.C, and a first random value r.sub.1. For example, the first user device can generate the identifier commitment, which commits the first user device to the identifier; par 0133, the first user device can transmit the identifier commitment, the balance commitment, and the enrollment proof to the interaction validation computer; par 0047; the users can present an encrypted version of their account balances to the interaction validation computer S. These encrypted balances can be referred to as a state or a user device state); and in response to the already deployed prover and the prover belong to a same category (Watson: par 0141; the state attestation computer can check if the state mapping includes the user device public key [] if state mapping already includes the user device public key, the state attestation computer can generate an enrollment failed response since the first user device has previously enrolled).
Badrinarayanan further discloses homomorphic encryption algorithm (Badrinarayanan: par 0104; the encrypted code may be computed with the public key, using properties of homomorphic encryption. The encrypted code can be used to increase the security of the authentication process).
The motivation is the same that of claim 6 above.
The combination of Watson and Badrinarayanan disclose generate an enrollment failed response, in response to the already deployed prover and the prover belong to a same category as recited above, but do not explicitly disclose deleting the already deployed prover and deploying the prover.
However, in an analogous art, Ceravolo discloses authentication system/method that includes:
deleting the already deployed prover and deploying the prover (Ceravolo: par 0135; once these prompts are identified, the device then requires the user to respond to each prompt by requesting the corresponding user credential(s). If the user has already responded to the same prompt in a previous round, the user is not prompted again within the same authentication session. Instead, previous responses are cached internally and automatically included in the set of user credentials if repeat prompts are given. All cached credentials are later automatically deleted once authentication ends either by successful completion, rejection or early termination).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Ceravolo with the method/system of Watson and Badrinarayanan to include a homomorphic deleting the already deployed prover and deploying the prover. One would have been motivated to repeat the step of commencing a round of authentication until the verifier computer accepts or rejects the prover's identity. A zkMFA method of authentication and an authentication system for authenticating a prover by a verifier (Ceravolo: abstract).
Regarding Claim 8;
The combination of Watson, Badrinarayanan, and Ceravolo disclose the method of claim 7,
Watson discloses wherein after performing a verification on deployment permission of the prover, the method further comprises: rejecting deployment of the prover and ending the operation procedure, in response to the deployment permission being invalid (Watson: par 0134; after receiving the enrollment request message the interaction validation computer S can verify the enrollment proof it by checking that non-interactive zero-knowledge verification algorithm NIZK.Verify(ff) passes. For example, the non-interactive zero-knowledge verification algorithm NIZK.Verify(p) can output a value of 1 if the enrollment proof it is valid; par 0141; after receiving the enrolled indication message, the state attestation computer can verify that the first user device was not previously enrolled. For example, the state attestation computer can retrieve a state mapping from memory. The state mapping can map user device states to user device public keys. The state attestation computer can check if the state mapping includes the user device public key [] if state mapping already includes the user device public key, the state attestation computer can generate an enrollment failed response since the first user device has previously enrolled).
Regarding Claim 9;
The combination of Watson, Badrinarayanan, and Ceravolo disclose the method of claim 7,
Watson discloses wherein in response to detecting new data from the data source device and not receiving the prover sent by the data application device, the method further comprises: acquiring, from the data source device, updated ciphertext data obtained using the homomorphic encryption algorithm (Watson: par 0027; used in a cryptographic algorithm to transform input data into another representation. A cryptographic algorithm can be an encryption algorithm that transforms original data into an alternate representation, or a decryption algorithm that transforms encrypted information back to the original data); and performing calculation processing on updated ciphertext data using the already deployed prover to obtain the proof information and the ciphertext result (Watson: par 0134; after receiving the enrollment request message the interaction validation computer S can verify the enrollment proof it by checking that non-interactive zero-knowledge verification algorithm NIZK.Verify(ff) passes. For example, the non-interactive zero-knowledge verification algorithm NIZK.Verify(p) can output a value of 1 if the enrollment proof it is valid; par 0141; after receiving the enrolled indication message, the state attestation computer can verify that the first user device was not previously enrolled. For example, the state attestation computer can retrieve a state mapping from memory. The state mapping can map user device states to user device public keys. The state attestation computer can check if the state mapping includes the user device public key [] if state mapping already includes the user device public key, the state attestation computer can generate an enrollment failed response since the first user device has previously enrolled).
Badrinarayanan further discloses homomorphic encryption algorithm (Badrinarayanan: par 0104; the encrypted code may be computed with the public key, using properties of homomorphic encryption. The encrypted code can be used to increase the security of the authentication process).
The motivation is the same that of claim 6 above.
Claims 13-16 are rejected under 35 U.S.C. 103 as being unpatentable over Watson et al. (US 20230208643) in view of Badrinarayanan et al. (US 20220131698), and further in view of ZHANG et at. (“ZHANG,” CN 106534221 B, filed on 01/05/2017).
Regarding Claim 13;
The combination of Watson and Badrinarayanan disclose the method of claim 10,
wherein before encrypting plaintext data of an application service using a homomorphic encryption algorithm to obtain ciphertext data, the method further comprises: receiving a data acquisition request sent by the computing power processing device, wherein the data acquisition request carries a data range and plaintext data information (Watson: par 0027; used in a cryptographic algorithm to transform input data into another representation. A cryptographic algorithm can be an encryption algorithm that transforms original data into an alternate representation, or a decryption algorithm that transforms encrypted information back to the original data; par 0133, the first user device can transmit the identifier commitment, the balance commitment, and the enrollment proof to the interaction validation computer; par 0047; the users can present an encrypted version of their account balances to the interaction validation computer S. These encrypted balances can be referred to as a state or a user device state);
information from a preset data set in response to the data range being valid (Watson: par 0125; user device can generate an identifier commitment using a user device public key vk.sub.C, the serial number S custom-character No.sub.C, and a first random value r.sub.1. For example, the first user device can generate the identifier commitment, which commits the first user device to the identifier; para 0130-0131; p=NIZK.Prove; the non-interaction zero-knowledge proof p, also referred to as an enrollment proof, can prove that there exists a user device public key, a balance, a first random value, and a second random value [] the enrollment proof p can prove that the public key is committed to, the balance is committed to, and that the balance is greater than or equal to zero).
Badrinarayanan further discloses homomorphic encryption algorithm (Badrinarayanan: par 0104; the encrypted code may be computed with the public key, using properties of homomorphic encryption. The encrypted code can be used to increase the security of the authentication process).
The motivation is the same that of claim 10 above.
The combination of Watson and Badrinarayanan disclose information from a preset data set in response to the data range being valid as recited above, but do not explicitly disclose selecting the plaintext data corresponding to the plaintext data information from a preset data set.
However, in an analogous art, Smith discloses identifying a potential DDOS attack system/method that includes:
selecting the plaintext data corresponding to the plaintext data information from a preset data set (ZHANG: page 6, par 1; the end code arithmetic unit according to the pre-stored basic key and owner input plaintext, according to the preset encryption algorithm selected by the preset encryption algorithm to encrypt, to generate the turn on character string).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of ZHANG with the method/system of Watson and Badrinarayanan to include selecting the plaintext data corresponding to the plaintext data information from a preset data set. One would have been motivated to generating the turn on character string according to the plaintext input by the home terminal keyboard by the owner (ZHANG: abstract).
Regarding Claim 14;
The combination of Watson, Badrinarayanan, and ZHANG disclose the method of claim 13,
Watson discloses wherein before encrypting plaintext data of an application service using a homomorphic encryption algorithm to obtain ciphertext data, the method further comprises: in response to a ciphertext within the data range being present in a ciphertext buffer (Watson: par 0125; user device can generate an identifier commitment using a user device public key vk.sub.C, the serial number S custom-character No.sub.C, and a first random value r.sub.1. For example, the first user device can generate the identifier commitment, which commits the first user device to the identifier; par 0130-0131; p=NIZK.Prove; the non-interaction zero-knowledge proof p, also referred to as an enrollment proof, can prove that there exists a user device public key, a balance, a first random value, and a second random value [] the enrollment proof p can prove that the public key is committed to, the balance is committed to, and that the balance is greater than or equal to zero).
Badrinarayanan further discloses homomorphic encryption algorithm (Badrinarayanan: par 0104; the encrypted code may be computed with the public key, using properties of homomorphic encryption. The encrypted code can be used to increase the security of the authentication process).
The motivation is the same that of claim 10 above.
ZHANG further discloses selecting the ciphertext in the ciphertext buffer as the ciphertext data (ZHANG: page 6, par 1; the end code arithmetic unit according to the pre-stored basic key and owner input plaintext, according to the preset encryption algorithm selected by the preset encryption algorithm to encrypt, to generate the turn on character string).
The motivation is the same that of claim 13 above.
Regarding Claim 15;
The combination of Watson, Badrinarayanan, and ZHANG disclose the method of claim 13,
Watson discloses wherein the preset data set is obtained by: acquiring a plurality of pieces of first data corresponding to the application service; and preprocessing each respective one of the plurality of pieces of first data to obtain plaintext data corresponding to the respective first data (Watson: par 0027; used in a cryptographic algorithm to transform input data into another representation. A cryptographic algorithm can be an encryption algorithm that transforms original data into an alternate representation, or a decryption algorithm that transforms encrypted information back to the original data; par 0131; the enrollment proof p can prove that the public key is committed to, the balance is committed to, and that the balance is greater than or equal to zero; par 0133, the first user device can transmit the identifier commitment, the balance commitment, and the enrollment proof to the interaction validation computer; par 0047; the users can present an encrypted version of their account balances to the interaction validation computer S. These encrypted balances can be referred to as a state or a user device state; par 0066; if the interaction validation computer and the state attestation computer were a single device with all of the data obtained by the interaction validation computer and the state attestation computer, then the single device could be able to track the user device states over time as well as link those states to the interactions themselves).
Regarding Claim 16;
The combination of Watson, Badrinarayanan, and ZHANG disclose the method of claim 15,
Watson discloses wherein preprocessing each respective one of the plurality of pieces of first data to obtain plaintext data corresponding to the respective first data comprises: performing data cleaning on each respective one of the plurality of pieces of first data to obtain second data corresponding to the respective first data (Watson: par 0027; a cryptographic algorithm can be an encryption algorithm that transforms original data into an alternate representation, or a decryption algorithm that transforms encrypted information back to the original data; par 0131; the enrollment proof p can prove that the public key is committed to, the balance is committed to, and that the balance is greater than or equal to zero; par 0133, the first user device can transmit the identifier commitment, the balance commitment, and the enrollment proof to the interaction validation computer; par 0134; after receiving the enrollment request message the interaction validation computer S can verify the enrollment proof it by checking that non-interactive zero-knowledge verification algorithm NIZK.Verify(ff) passes. For example, the non-interactive zero-knowledge verification algorithm NIZK.Verify(p) can output a value of 1 if the enrollment proof it is valid; par 0135; after determining that the enrollment proof is valid, the interaction validation computer can generate a signature s.sub.C on a combination of the identifier commitment and the balance commitment using a interaction validation computer private key sk.sub.s. The resulting signature can be a state signature; par 0136; after generating the signature, the interaction validation computer can generate an enrollment response message. The enrollment response message can include an indication of whether or not the first user device. A is enrolled, and the state signature s.sub.C); performing format conversion of the second data to obtain third data corresponding to the second data (Watson: par 0142; the state attestation computer can verify the state signature s.sub.C [] the state attestation computer can verify the state signature s.sub.C using the interaction validation computer public key corresponding to the interaction validation computer private key used to form the state signature; par 0143; if the user device state is valid, then the state attestation computer can add the user device state signature s.sub.C and the user device public key vk.sub.C to the state map; par 0170; after generating the verify state response message, the state attestation computer can provide the verify state response message to the first user device); and adding identification information to the third data to obtain the data (Watson: par 0143; if the user device state is valid, then the state attestation computer can add the user device state signature s.sub.C and the user device public key vk.sub.C to the state map; par 0170; after generating the verify state response message, the state attestation computer can provide the verify state response message to the first user device).
Badrinarayanan further discloses the third data to obtain the plaintext data (Badrinarayanan: par 0124; the cryptographic technique can be homomorphic such that operations on the encrypted values provides the same result once decrypted, as when the operations are performed on the plaintext values).
The motivation is the same that of claim 10 above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644. The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/C.W./Examiner, Art Unit 2439
/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439