DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
Claims 1-15 are pending.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “a detector for detecting” and “a generator for generating” in claim 11.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim limitations “a detector for detecting” and “a generator for generating” invoke 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The specification makes clear that the claimed “modules" are software modules, and therefore not necessarily structural elements (see e.g. [0067] of the instant specification). Therefore, claims 11-14 are indefinite and are rejected under 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph.
Applicant may:
(a) Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph;
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(c) Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either:
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claims 12-14 are additionally rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claim 12 recites “a computing power server… for acquiring a target quantum computer in a network domain… and transmitting the target quantum computer to the data management and control server”. A review of the specification does not provide a clear definition of “target quantum computer”. As the BRI of “target quantum computer” would appear to indicate a physical device, it is unknown how a computing power server would “transmit” the target quantum computer. The claim is therefore indefinite for attempting to transmit a physical device. None of claims 13-14 fix this and are therefore rejected for the same reasons.
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 11-14 are rejected under 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA the inventor(s), at the time the application was filed, had possession of the claimed invention. As described above, the disclosure does not provide adequate structure to perform the claimed functions of “a detector for detecting” and “a generator for generating”. The specification does not demonstrate that applicant has made an invention that achieves the claimed function because the invention is not described with sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor had possession of the claimed invention. None of claims 12-14 fix this and are therefore rejected for the same reasons.
Claims 2-3 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 2 recites “a registration authorization security level” of the target service object. However, it is unclear from the claim what exactly comprises “a registration authorization security level”. The term itself provides no clear indication as to what the value represents, e.g. is it the authorization security level of a registration, or the security level of registration authorization? There is no clear indication of how the value is calculated, either. The specification describes the term in several different ways (e.g. [0086] “acquiring a registration authorization security level of the target service object, the registration authorization security level being also the authorization security level determined after the target service object is registered on the data management and control server, [0126] “identify the security level of the digital wallet, including a technical implementation security level and an authorization security level for registration”), and does not indicate how the value is determined. Therefore, the claim was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor had possession of the claimed invention. Claim 3 does not fix this and is therefore rejected for the same reasons.
Claims 4-6 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 4 recites “acquiring a target quantum computer in a network domain where the target service object is located”. It is unclear from the specification and claims what is meant by “acquiring a target quantum computer”. The conventional meaning of “acquire” is to take possession, but that doesn’t seem to fit the meaning of the claim. The “target quantum computer” is referenced in the specification (e.g. [0089] “the data management and control server may acquire a target quantum computer in a network domain where the target service object is located based on a computing power server connected with the data management and control server”), however, the form and function of the target quantum computer is never defined. Fig. 4 depicts the overall data management and control server environment, but the target quantum computer is not shown. Therefore, it is unclear how it is “acquired”. Therefore, the claim was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor had possession of the claimed invention. None of claims 5-6 fix this and are rejected for the same reasons.
Claim 8 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claim 8 recites “a technical implementation security level” of the target service object. However, it is unclear from the claim what exactly comprises “a technical implementation security level”. The term itself provides no clear indication as to what the value represents, e.g. what “technical implementation” is being referred to? There is no clear indication of how the value is calculated, either. The specification merely references the term, providing no definition (e.g. [0096], [0113], [0126], [0128]), nor is it indicated how the value is determined. Therefore, the claim was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor had possession of the claimed invention.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 7, 11, 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bordow et al (PGPUB 2025/0103720), and further in view of Chacko (PGPUB 2023/0261990).
Regarding Claim 1:
Bordow teaches a data quantum computing management and control method, which is applied to a data management and control server ([0012] the present disclosure relates to post-quantum cryptography (PQC) risk modeling; [0013] in the examples provided herein, various modeling is provided that assesses the potential risks posed by Cryptographic Relevant Quantum Computers (CRQCs); in these examples, an entity can use the risk modeling on various applications associated with the entity), comprising:
receiving a data management and control service request sent by a target service object connected with the data management and control server ([0024] the applications 104, 106, 108 are various applications used by the entity to conduct business; these applications 104, 106, 108 can include data that has a financial impact on the entity; [0040] referring now to an example framework 500 of FIG. 5, the application 104 of the system 100 is depicted, which has data pass through three nodes (1, 2, 3); [0042] when the application 104 is being modeled, one can call to a separate table or database for that application; for instance, the computing device 102 can make calls to the database 120 to obtain the data necessary);
in response to the data management and control service request, detecting a target risk information of the target service object cracked by quantum computing ([0022] the computing device 102 is programmed to perform post-quantum cryptography risk modeling; [0042] when the application 104 is being modeled, one can call to a separate table or database for that application; for instance, the computing device 102 can make calls to the database 120 to obtain the data necessary to perform the following: [0043] 1) For an individual ‘t’ (′t′ is the “Q-Day” for when a PQC becomes a threat));
generating a data management and control instruction based on the target risk information ([0022] the computing device 102 is programmed to perform post-quantum cryptography risk modeling; the computing device 102 can be programmed to query the database 120 to obtain the data necessary for modeling, such as remediation information, etc.).
Bordow does not explicitly teach transmitting the data management and control instruction to the target service object, so that the target service object performs data management and control based on the data management and control instruction (Chacko [0055], [0074], [0076]).
However, Chacko teaches the concept of transmitting a data management and control instruction to a target service object, so that the target service object performs data management and control based on the data management and control instruction ([0055] …Intrusion Detection (IDE) Events, is collected and sent to USC controller; USC controller then processes it and looks for any rule match and send descriptors of instructions to be executed at DTC node; these response commands are referred as Contextual Risk Mitigation commands or CRM operations; [0074] when any security or IT risk incident happens, USC engage DTC nodes to deliver various Contextual Risk Mitigation (also referred as CRM) Operations such as taking an immediate backup; [0076] embodiments of the present disclosure provide sufficient guarantee of eliminating wiretapping or data exposure risk in-motion, the same way it provides data exposure risk at rest, in the context of quantum computer attacks).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the automated remediation command teachings of Chacko with the data quantum computing management and control method of Bordow, with the benefit of automatically providing security controls and updates to critical data systems to improve protection and minimize threats upon detection of said threats, such as the imminent risk of having data exposed by improvements to quantum cracking techniques.
Regarding Claim 7:
Bordow in view of Chacko teaches the method of claim 1. In addition, Bordow teaches the method further comprising:
identifying a security authentication algorithm of the target service object ([0030] this cryptographic profile provides details of the cryptography used by a node; each cryptographic method has a series of possible remediations to become resilient to CRQCs; details of the remediation for the relevant current cryptography can include such options as a Post Quantum Computer (PQC) algorithm, larger key size, etc.).
Regarding Claim 11:
Bordow teaches a data quantum computing management and control device, comprising a data management and control server, wherein the data management and control server comprises ([0012] the present disclosure relates to post-quantum cryptography (PQC) risk modeling; [0013] in the examples provided herein, various modeling is provided that assesses the potential risks posed by Cryptographic Relevant Quantum Computers (CRQCs); in these examples, an entity can use the risk modeling on various applications associated with the entity):
a receiving port for receiving a data management and control service request sent by a target service object connected with the data management and control server ([0024] the applications 104, 106, 108 are various applications used by the entity to conduct business; these applications 104, 106, 108 can include data that has a financial impact on the entity; [0040] referring now to an example framework 500 of FIG. 5, the application 104 of the system 100 is depicted, which has data pass through three nodes (1, 2, 3); [0042] when the application 104 is being modeled, one can call to a separate table or database for that application; for instance, the computing device 102 can make calls to the database 120 to obtain the data necessary);
a detector for detecting a target risk information of the target service object cracked by quantum computing in response to the data management and control service request ([0022] the computing device 102 is programmed to perform post-quantum cryptography risk modeling; [0042] when the application 104 is being modeled, one can call to a separate table or database for that application; for instance, the computing device 102 can make calls to the database 120 to obtain the data necessary to perform the following: [0043] 1) For an individual ‘t’ (′t′ is the “Q-Day” for when a PQC becomes a threat));
a generator for generating a data management and control instruction based on the target risk information ([0022] the computing device 102 is programmed to perform post-quantum cryptography risk modeling; the computing device 102 can be programmed to query the database 120 to obtain the data necessary for modeling, such as remediation information, etc.).
Bordow does not explicitly teach a transmission port for transmitting the data management and control instruction to the target service object, so that the target service object performs data management and control based on the data management and control instruction.
However, Chacko teaches the concept of a transmission port for transmitting a data management and control instruction to a target service object, so that the target service object performs data management and control based on the data management and control instruction ([0055] …Intrusion Detection (IDE) Events, is collected and sent to USC controller; USC controller then processes it and looks for any rule match and send descriptors of instructions to be executed at DTC node; these response commands are referred as Contextual Risk Mitigation commands or CRM operations; [0074] when any security or IT risk incident happens, USC engage DTC nodes to deliver various Contextual Risk Mitigation (also referred as CRM) Operations such as taking an immediate backup; [0076] embodiments of the present disclosure provide sufficient guarantee of eliminating wiretapping or data exposure risk in-motion, the same way it provides data exposure risk at rest, in the context of quantum computer attacks).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the automated remediation command teachings of Chacko with the data quantum computing management and control method of Bordow, with the benefit of automatically providing security controls and updates to critical data systems to improve protection and minimize threats upon detection of said threats, such as the imminent risk of having data exposed by improvements to quantum cracking techniques.
Regarding Claim 15:
Bordow in view of Chacko teaches the method as claimed in claim 1. In addition, Bordow teaches electronic equipment, comprising:
a memory for storing a computer program ([abstract] memory); and
a processor for implementing the data quantum computing management and control method as claimed in claim 1 when executing the computer program ([abstract] processor; see also claim 1, above).
Claim(s) 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bordow in view of Chacko, and further in view of Lee et al (PGPUB 2023/0007464).
Regarding Claim 9:
Bordow in view of Chacko teaches the method of claim 1.
Neither Bordow nor Chacko explicitly teaches wherein prior to receiving a data management and control service request sent by a target service object connected with the data management and control server, the method further comprises:
generating a management and control trigger condition and sending the management and control trigger condition to the target service object; and
the step of receiving a data management and control service request sent by a target service object connected with the data management and control server comprises:
receiving the data management and control service request sent by the target service object after meeting the management and control trigger condition.
However, Luo teaches the concept wherein prior to receiving a data management and control service request sent by a target service object connected with a data management and control server, a method comprises:
generating a management and control trigger condition and sending the management and control trigger condition to the target service object ([0058] the control node includes means for transmitting, to the wireless node, a configuration that configures a triggering condition for the wireless node to transmit the status report to the control node, wherein the triggering condition is associated with a periodic reporting of the status report or an aperiodic reporting of the status report due to an event occurrence); and
the step of receiving a data management and control service request sent by a target service object connected with the data management and control server comprises:
receiving the data management and control service request sent by the target service object after meeting the management and control trigger condition ([0114] the wireless node may be triggered to transmit the status report based at least in part on triggering conditions that are (pre)configured for the wireless node (e.g., triggering conditions configured by the control node); the wireless node may transmit the status report based at least in part on an aperiodic triggering by an event (e.g., LBT or a communication failure event); [0054] a control node includes means for receiving, from a wireless node, a status report of an unlicensed band associated with an unlicensed channel access of the wireless node, wherein the status report indicates LBT failures during the unlicensed channel access of the wireless node; and/or means for transmitting, to the wireless node, an updated configuration for unlicensed channel access based at least in part on the status report of the unlicensed band).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the updated trigger condition teachings of Luo with the data quantum computing management and control method of Bordow in view of Chacko, with the benefit of adjusting trigger conditions which provoke the reporting of anomalous conditions, thereby allowing administrators to adjust critical systems to monitor for dynamic threats in real time, and respond with automated mitigation techniques, thus improving the security environment.
Claim(s) 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bordow in view of Chacko, and further in view of Tola et al (PGPUB 2022/0200973).
Regarding Claim 10:
Bordow in view of Chacko teaches the method of claim 1.
Neither Bordow nor Chacko explicitly teaches wherein the target service object comprises a digital currency wallet and/or a digital currency transaction node, and the data management and control service request comprises a digital currency management and control request.
However, Tola teaches the concept wherein a target service object comprises a digital currency wallet and/or a digital currency transaction node, and a data management and control service request comprises a digital currency management and control request ([0002] present application relates to systems and methods for protecting enterprise data and applications, financial and cryptocurrency exchanges and network communications for the same; [0133] a request is made to change or add a remediation workflow).
It would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to combine the digital currency teachings of Tola with the data quantum computing management and control method of Bordow in view of Chacko, with the benefit of applying advanced quantum threat mitigation techniques to critical environments where real assets are at stake, such as cryptocurrency exchanges, thereby providing enhanced threat protection to ensure the safety of high value targets..
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814. The examiner can normally be reached 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Korzuch can be reached at (571) 272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/FORREST L CAREY/Examiner, Art Unit 2491
/WILLIAM R KORZUCH/Supervisory Patent Examiner, Art Unit 2491