Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Amendment filed on 10/22/2020 has been acknowledged. Claims 33-34, 36, 38-42, 4447, 49-52 are currently pending and have been considered below. Claim 33, 41, 44 and 50 are independent claim. Claims 33, 36, 38, 41, 44 and 50 have been amended. Claims 35, 37, 43 and 48 have been cancelled.

Priority
The application is a 371 of PCT/SE2016/050453 filed on 05/19/2016.

Remarks and Response
Applicant’s arguments filed in the amendments on 10/22/2020 have been fully considered but are moot in view of new grounds of rejection. Applicant presents arguments regarding the presence or absence of claimed limitations in the prior art. However, applicant has amended the claims and in doing so has changed the scope. New grounds of rejection, necessitated by applicant's amendments, are outlined below.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to 
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal 
Claims 33-34, 36, 38-42, 44-47 and 49-52 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 of U.S. Patent No. 10,482,078 B2 (application no. 14/765,602). Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the U.S. Patent No. 10,482,078 B2 contains every element of claims of the instant application.  A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a 35 patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
Claim 33, 41, 44 and 50 are rejected on the ground of nonstatutory obviousness type double patenting as being unpatentable over claim 1 of U.S. Patent No. 10,482,078 in view of Orsini (US Patent Application Publication No 2013/0276074 A1) in view of “Keyless signatures’ infrastructure: How to build .
This is a non-provisional non-statutory obviousness type double patenting rejection because the conflicting claims have been patented.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 33-34, 36, 38-42, 44-47, 49-52 are rejected under 35 U.S.C. 103 as being unpatentable over Orsini (US Patent Application Publication No 2013/0276074 A1) in view of “Keyless signatures’ infrastructure: How to build global distributed hash-trees” by Ahto Buldas hereinafter Buldas. 

Regarding Claim 33, Orsini discloses a method implemented by a client device of efficiently storing a hash-tree based data signature, the method comprising: 
splitting the hash-tree based data signature into a first partial signature and a second partial signature (Orsini, ¶[0148], sensitive data is received by data splitting module. The data splitting module then generates a substantially random number, value or string or set of bits. The random number may be generated in a wide number of varying conventional techniques for producing high quality random numbers. ¶[0149], data splitting process generates another random number C. The data splitting module then combines the numbers A and C with the sensitive data S such that new numbers B and D are generated. During the first data splitting process, the pairing AC may be sent to depository D2. Then during a second data splitting process, the pairing AC may be sent to depository D4);
storing, in memory of the client device, the first partial signature for subsequent use in verifying integrity of the data asset (Orsini, ¶[0150], the data splitting process places portions of the sensitive data in each of the four data storage facilities so that no single data storage facility includes sufficient encrypted data to recreate the original sensitive data. The data splitting module uses data portions from at least two of the data storage facilities to recreate the sensitive data. The pairings of AC, AD, BC and BD were distributed such that any two provide one of A and B or 
deleting the second partial signature from the memory of the client device (Orsini, ¶[0150], the data splitting process places portions of the sensitive data in each of the four data storage facilities so that no single data storage facility includes sufficient encrypted data to recreate the original sensitive data. The data splitting module uses data portions from at least two of the data storage facilities to recreate the sensitive data. The pairings of AC, AD, BC and BD were distributed such that any two provide one of A and B or C and D. Users may advantageously add, edit/update or delete identities as they are needed. ¶[0158], user may appear in person to the trusted third party, produce credentials such as a birth certificate, driver’s license, military ID. ¶[0159], after receiving the enrollment authentication data, the transaction engine forwards the 
Orsini does not explicitly teach the following limitation that Buldas teaches:
receiving, from a gateway device, a hash-tree based data signature associated with a data asset (Buldas, ¶[Hash Tree and Hash Calendars], page 2, user sends a hash of a document to the service and receives a signature token-proof that the data existed at the given time and that the request was received through a specific access point. All received requests are aggregated together into a large hash tree and the top of the tree is fixed and retained for each second. Page 5, ¶[Gateway], the gateway works a s a protocol adapter, accepting requests in application specific format and forwarding them to the designated aggregator. The first level of aggregation happens at a gateway host-giving low and predictable communication bandwidth between the aggregator and gateway. ¶[Hash Tree in Action], page 3, in order to irrevocably commit to the ordered sequence of values in calendar database they are linked into a binary hash tree so that the leaves are added to one side only).


Regarding Claim 34, Osini in view of Buldas discloses the method of claim 33, further comprising, prior to the receiving, sending a data signature generation request to the gateway device, the request comprising an indication for a partial data signature (Buldas, ¶[Hash Tree and Hash Calendars], page 2, user sends a hash of a document to the service and receives a signature token-proof that the data existed at the given time and that the request was received through a specific access point. All received requests are aggregated together into a large hash tree and the top of the tree is fixed and retained for each second. Page 5, ¶[Gateway], the gateway works a s a protocol adapter, accepting requests in application specific format and forwarding them to the 

Regarding Claim 36, Buldas in view of Naccache discloses the method of claim 33, wherein the splitting comprises splitting the hash-tree based data signature using an indication specifying how to split the hash-tree based data signature (Orsini, ¶[0148], sensitive data is received by data splitting module. The data splitting module then generates a substantially random number, value or string or set of bits. The random number may be generated in a wide number of varying conventional techniques for producing high quality random numbers. ¶[0149], data splitting process generates another random number C. The data splitting module then combines the numbers A and C with the sensitive data S such that new numbers B and D are generated. During the first data splitting process, the pairing AC may be sent to depository D2. Then during a second data splitting process, the pairing AC may be sent to depository D4).

Regarding Claim 38, Buldas in view of Naccache discloses the method of claim 33,  


Regarding Claim 39, Buldas in view of Naccache discloses the method of claim 33, further comprising using the first partial signature in a verification procedure towards a keyless signature infrastructure (KSI) 

Regarding Claim 40, Buldas in view of Naccache discloses the method of claim 39, wherein the using comprises: 
requesting a second partial signature from the gateway device (Orsini, ¶[0150], the data splitting process places portions of the sensitive data in each of the four data storage facilities so that no single data storage facility includes sufficient encrypted data to recreate the original sensitive data. The data splitting module uses data portions from at least two of the data storage facilities to recreate the sensitive data. The pairings of AC, AD, BC and BD were distributed such that any two provide one of A and B or C and D. Users may advantageously add, edit/update or delete identities as they are needed. ¶[0158], user may appear in person to the trusted third party, produce credentials such as a birth certificate, driver’s license, military ID. ¶[0159], after receiving the enrollment authentication data, the transaction engine forwards the enrollment authentication data to the authentication engine. The authentication engine decrypts the enrollment authentication data using the private key of the authentication engine. The authentication engine employs the data splitting module to mathematically operate on the enrollment authentication data so as to split the data into at least two 
assembling a data signature based on the first partial signature and the received second partial signature (Orsini, ¶[0150], the data splitting process places portions of the sensitive data in each of the four data storage facilities so that no single data storage facility includes sufficient encrypted data to recreate the original sensitive data. The data splitting module uses data portions from at least two of the data storage facilities to recreate the sensitive data. The pairings of AC, AD, BC and BD were distributed such that any two provide one of A and B or C and D. Users may advantageously add, edit/update or delete identities as they are needed. ¶[0158], user may appear in person to the trusted third party, produce credentials such as a birth certificate, driver’s license, military ID. ¶[0159], after receiving the enrollment authentication data, the transaction engine forwards the enrollment authentication data to the 
sending the assembled data signature in a verification request to the gateway device for conveyance to the KSI system (Orsini, ¶[0150], the data splitting process places portions of the sensitive data in each of the four data storage facilities so that no single data storage facility includes sufficient encrypted data to recreate the original sensitive data. The data splitting module uses data portions from at least two of the data storage facilities to recreate the sensitive data. The pairings of AC, AD, BC and BD were distributed such that any two provide one of A and B or 

Regarding Claim 41, Orsini discloses a client device for handling a hash-tree based data signature, the client device comprising:
processing circuitry; 

split the hash-tree based data signature into a first partial signature and a second partial signature (Orsini, ¶[0148], sensitive data is received by data splitting module. The data splitting module then generates a substantially random number, value or string or set of bits. The random number may be generated in a wide number of varying conventional techniques for producing high quality random numbers. ¶[0149], data splitting process generates another random number C. The data splitting module then combines the numbers A and C with the sensitive data S such that new numbers B and D are generated. During the first data splitting process, the pairing AC may be sent to depository D2. Then during a second data splitting process, the pairing AC may be sent to depository D4);
store, in memory of the client device, the first partial signature for sunsequent use in verifying integrity of the data asset (Orsini, ¶[0150], the data splitting process places portions of the sensitive data in each of the four data storage facilities so that no single data storage facility includes sufficient encrypted data to recreate the original sensitive data. The data splitting module uses data portions from at least two of the data storage facilities to recreate the sensitive data. The pairings of AC, AD, BC and BD were distributed such that any two provide one of A and B or C and D. Users may advantageously add, edit/update or delete identities 
delete the second partial signature from the memory of the client device (Orsini, ¶[0150], the data splitting process places portions of the sensitive data in each of the four data storage facilities so that no single data storage facility includes sufficient encrypted data to recreate the original sensitive data. The data splitting module uses data portions from at least two of the data storage facilities to recreate the sensitive data. The pairings of AC, AD, BC and BD were distributed such that any two provide one of A and B or C and D. Users may advantageously add, edit/update or delete identities as they are needed. ¶[0158], user may appear in person to the trusted third party, produce credentials such as a birth certificate, driver’s license, military ID. ¶[0159], after receiving the enrollment authentication data, the transaction engine forwards the enrollment authentication data to the authentication engine. The 
Orsini does not explicitly teach the following limitation that Buldas teaches:
 receive a hash-tree based data signature associated with a data asset from a gateway device (Buldas, ¶[Hash Tree and Hash Calendars], page 2, user sends a hash of a document to the service and receives a signature token-proof that the data existed at the given time and that the request was received through a specific access point. All received requests are aggregated together into a large hash tree and the top of the tree is fixed and retained for each second. Page 5, ¶[Gateway], the gateway works a s a protocol adapter, accepting requests in application specific format and forwarding them to the designated aggregator. The first level of aggregation happens at a gateway host-giving low and predictable communication bandwidth between the aggregator and gateway. ¶[Hash Tree in Action], page 3, in order to irrevocably commit to the ordered sequence of values in calendar database they are linked into a binary hash tree so that the leaves are added to one side only).
Osini in view of Buldas are analogous art because they are from the “same field of endeavor” and are from the same “problem solving 

Regarding Claim 42, Osini in view of Buldas discloses the client device of claim 41, wherein the instructions are such that the client device is operative to, prior to the receiving, send a data signature generation request to the gateway device, the request comprising an indication for a partial data signature (Buldas, ¶[Hash Tree and Hash Calendars], page 2, user sends a hash of a document to the service and receives a signature token-proof that the data existed at the given time and that the request was received through a specific access point. All received requests are aggregated together into a large hash tree and the top of the tree is fixed and retained for each second. Page 5, ¶[Gateway], the gateway works a s a protocol adapter, accepting requests in application specific format and forwarding them to the designated aggregator. The first level of aggregation happens at a gateway host-giving low and 

Regarding Claim 44, Osini discloses a method implemented by a gateway device of handling a hash-tree based data signature, the method comprising: 
splitting the hash-tree based data signature into a first partial signature and a second partial signature (Orsini, ¶[0148], sensitive data is received by data splitting module. The data splitting module then generates a substantially random number, value or string or set of bits. The random number may be generated in a wide number of varying conventional techniques for producing high quality random numbers. ¶[0149], data splitting process generates another random number C. The data splitting module then combines the numbers A and C with the sensitive data S such that new numbers B and D are generated. During the first data splitting process, the pairing AC may be sent to depository D2. Then during a second data splitting process, the pairing AC may be sent to depository D4); and
storing, in memory of the gateway device, the second partial signature for sunsequent use in verifying integrity of the data asset (Orsini, ¶[0150], the data splitting process places portions of the sensitive 
Orsini does not explicitly teach the following limitation that Buldas teaches:
sending a hash-tree based data signature to a client device (Buldas, ¶[Hash Tree and Hash Calendars], page 2, user sends a hash of a document to the service and receives a signature token-proof that the data existed at the given time and that the request was received through a specific access point. All received requests are aggregated 
Osini in view of Buldas are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data management system and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Osini in view of Buldas to include the idea of keyless signature infrastructure. KSI is a globally distributed system for providing time-stamping and server supported digital signatures services. In a keyless signature system, the functions of signer identification and of evidence integrity protection are separated and delegated to cryptographic tools.

Regarding Claim 45, Osini in view of Buldas discloses the method of claim 44, further comprising, prior to the sending, receiving a data 

Regarding Claim 46, Osini in view of Buldas discloses the method of claim 44, wherein the determining the second partial signature comprises splitting the hash-tree based data signature into a first partial signature and the second partial signature (Orsini, ¶[0148], sensitive data is received by data splitting module. The data splitting module then generates a substantially random number, value or string or set of bits. The random number may be generated in a wide number of varying 

Regarding Claim 47, Osini in view of Buldas discloses the method of claim 46, wherein the splitting comprises splitting the hash-tree based data signature using an indication specifying how to split the hash-tree based data signature (Orsini, ¶[0150], the data splitting process places portions of the sensitive data in each of the four data storage facilities so that no single data storage facility includes sufficient encrypted data to recreate the original sensitive data. The data splitting module uses data portions from at least two of the data storage facilities to recreate the sensitive data. The pairings of AC, AD, BC and BD were distributed such that any two provide one of A and B or C and D. Users may advantageously add, edit/update or delete identities as they are needed. ¶[0158], user may appear in person to the trusted third party, produce credentials such as a birth certificate, driver’s license, military ID. ¶[0159], after receiving the enrollment authentication data, the transaction engine forwards the enrollment authentication data to the 

Regarding Claim 49, Osini in view of Buldas discloses the method of claim 44, further comprising: 
receiving a request for the second partial signature from the client device (Orsini, ¶[0150], the data splitting process places portions of the sensitive data in each of the four data storage facilities so that no single data storage facility includes sufficient encrypted data to recreate the original sensitive data. The data splitting module uses data portions from at least two of the data storage facilities to recreate the sensitive data. The pairings of AC, AD, BC and BD were distributed such that any two provide one of A and B or C and D. Users may advantageously add, edit/update or delete identities as they are needed. ¶[0158], user may appear in person to the trusted third party, produce credentials such as a birth certificate, driver’s license, military ID. ¶[0159], after receiving the enrollment authentication data, the transaction engine forwards the enrollment authentication data to the authentication engine. The authentication engine decrypts the enrollment authentication data using 
sending the second partial signature to the client device (Orsini, ¶[0150], the data splitting process places portions of the sensitive data in each of the four data storage facilities so that no single data storage facility includes sufficient encrypted data to recreate the original sensitive data. The data splitting module uses data portions from at least two of the data storage facilities to recreate the sensitive data. The pairings of AC, AD, BC and BD were distributed such that any two provide one of A and B or C and D. Users may advantageously add, edit/update or delete identities as they are needed. ¶[0158], user may appear in person to the trusted third party, produce credentials such as a birth certificate, driver’s 

Regarding Claim 50, Osini discloses a gateway device for handling a hash-tree based data signature, the gateway device comprising: 
processing circuitry; 
memory containing instructions executable by the processing circuitry whereby the gateway device is operative to: 

store, in memory of the gateway device, the second partial signature for subsequent use in verifying integrity of the data asset (Orsini, ¶[0150], the data splitting process places portions of the sensitive data in each of the four data storage facilities so that no single data storage facility includes sufficient encrypted data to recreate the original sensitive data. The data splitting module uses data portions from at least two of the data storage facilities to recreate the sensitive data. The pairings of AC, AD, BC and BD were distributed such that any two provide one of A and B or C and D. Users may advantageously add, edit/update or delete identities as they are needed. ¶[0158], user may appear in person to the trusted third party, produce credentials such as a 
Orsini does not explicitly teach the following limitation that Buldas teaches:
send a hash-tree based data signature to a client device (Buldas, ¶[Hash Tree and Hash Calendars], page 2, user sends a hash of a document to the service and receives a signature token-proof that the data existed at the given time and that the request was received through a specific access point. All received requests are aggregated together into a large hash tree and the top of the tree is fixed and retained for each second. Page 5, ¶[Gateway], the gateway works a s a protocol adapter, accepting requests in application specific format and forwarding them to the designated aggregator. The first level of aggregation happens at a gateway host-giving low and predictable communication bandwidth between the aggregator and gateway. ¶[Hash Tree in Action], page 3, in order to irrevocably commit to the ordered sequence of values 
Osini in view of Buldas are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “data management system and security of data access”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Osini in view of Buldas to include the idea of keyless signature infrastructure. KSI is a globally distributed system for providing time-stamping and server supported digital signatures services. In a keyless signature system, the functions of signer identification and of evidence integrity protection are separated and delegated to cryptographic tools.

Regarding Claim 51, Osini in view of Buldas discloses the gateway device of claim 50, wherein the instructions are such that the gateway device is operative to, prior to the sending, receive a data signature generation request from the client device, the request comprising an indication for a partial data signature (Buldas, ¶[Hash Tree and Hash Calendars], page 2, user sends a hash of a document to the service and receives a signature token-proof that the data existed at the given time and that the request was received through a specific access point. All received requests are aggregated together into a large hash tree and the 

Regarding Claim 52, Osini in view of Buldas discloses the gateway device of claim 50, wherein the instructions are such that the gateway device is operative to determine the second partial signature by splitting the hash-tree based data signature into a first partial signature and the second partial signature (Orsini, ¶[0150], the data splitting process places portions of the sensitive data in each of the four data storage facilities so that no single data storage facility includes sufficient encrypted data to recreate the original sensitive data. The data splitting module uses data portions from at least two of the data storage facilities to recreate the sensitive data. The pairings of AC, AD, BC and BD were distributed such that any two provide one of A and B or C and D. Users may advantageously add, edit/update or delete identities as they are needed. ¶[0158], user may appear in person to the trusted third party, 

Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in office action. Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F (7:30 - 5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JEFFRY PWU can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/WASIKA NIPA/           Primary Examiner, Art Unit 2433