DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Allowable Subject Matter

Claims 3 and 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and all intervening claims.
Examiner’s Note
Examiner proposed claims 1 and 15 be amended like amended claim 8 and move to an allowance. Applicant discussed with client; client declined offer of the proposed Examiner's Amendment. As such, a final office action is being processed.
Response to Amendment
This action is in response to the communications and remarks filed on 11/24/2020. Claims 8 and 15-16 have been amended. Claims 1-20 have been examined and are pending.
Response to Arguments

Applicant arguments regarding Claims 1-6, 8-13, and 15-20 are persuasive however a new rejection is made in view of reference 
Applicant’s arguments: “35 U.S.C. §102 Rejection Claims 1-6, 8-13, and 15-20 are rejected under 35 U.S.C. § 102(a)(2) as being anticipated by U.S. Patent Publication No. 2017/0223008 (“Camenisch”). Reconsideration is requested based on the following. 
A claim is anticipated only if each and every element as set forth in the claim is found, either expressly or inherently described, in a single prior art reference. Verdegaal Bros. v. Union Oil Co. of California, 814 F.2d 628, 631, 2 USPQ2d 1051, 1053 (Fed. Cir. 1987). See, MPEP §2131. Applicant submits that the applied art does not show each and every feature of the claimed invention. 
Claims 1, 5 and 6 are rejected under 35 U.S.C. § 102(a)(2) as being anticipated by U.S. Patent Publication No. 2017/0223008 (“Camenisch”). Claim 1 recites: A computing device configured to implement a key management system (KMS), the computing device comprising: an interface configured to interface and communicate with a communication system; memory that stores operational instructions; and processing circuitry operably coupled to the interface and to the memory, wherein the processing circuitry is configured to execute the operational instructions to: maintain structured key parameters associated with a structured key; maintain a generating procedure associated with the structured key, the generating procedure configured to produce the structured key from an Oblivious Pseudorandom Function (OPRF) output, and the structured key parameters; receive, from a requesting computing device, a blinded value associated with the structured key; process the blinded value using an OPRF secret to generate a blinded OPRF output; and return the blinded OPRF output, the generating procedure, and the structured key parameters to the requesting computing device, for generation of the structured key by the requesting computing device... 
To anticipate, the reference “must not only disclose all elements of the claim within the four corners of the document, but must also disclose those elements ‘arranged as in the claim.’ Examiner appears to have improperly relied on multiple disparate devices of Camenisch as the claimed computing device, and has improperly relied on different embodiments/methods of Camenisch. For example, on page 4 of the Office Action, the Examiner pointed to methods for storing data shown in FIGS. 3 and 4 in Camenisch (e.g., paragraphs 0041 and 0043 of Camenisch), and then pointed to a recovery process of FIG. 6 in Camenisch (e.g., paragraph 82 of Camenisch). Applicant submits that this is clear error.” 
The Examiner respectfully submits that while Camenisch discloses elements of all for corners of the invention as a whole where the client/server configuration is presented; where the recovery process of Fig. 6 is an extension of the storing data as shown in Figs. 3 an 4. Applicant does discloses Information Disclosure Statements (IDS) dated 09/08/2020, as such Examiner has rejected the limitation noted above in claims 1-2, 4-6, 8-13, 15-16, and 18-20 , with the references highlighted in this IDS: Saldamli et al., hereinafter (“Saldamli”), US PG Publication (2014/0041039 A1) was submitted in 09/08/2020 IDS, in view, in view of Bevan, US PG Publication (20130279692 A1) was submitted in 09/08/2020 IDS, in view of Hunter et al., hereinafter (“Hunter”), US PG Publication (2013/0282438 A1) was submitted in 09/08/2020 IDS. Examiner identified claims 3 and 17 has allowable subject matter.
Applicant’s arguments: “Claims 8-13 are rejected under 35 U.S.C. §102(a)(2) as being anticipated by U.S. Patent Publication No. 2017/0223008 (“Camenisch”).Claim 8 recites: A method for use in a key management system (KMS), the method comprising: maintaining, by a server device including a processor and associated memory, structured key parameters associated with a structured key; maintaining, by the server device, a generating procedure associated with the structured key, the generating procedure configured to produce the structured key from an Oblivious Pseudorandom Function (OPRF) output, and the structured key parameters... Moreover, the Examiner has not articulated what the “structured key” associated with the structured key parameters is in Camenisch. It appears the Examiner may be relying on a public key as the claimed structured key. However, if the public key is the claimed structured key, Camenisch does not teach a generating procedure “configured to produce the structured key from an Oblivious Pseudorandom Function (OPRF) output,” as claimed. That is, Camenisch does not teach producing a public key (alleged structured key) from a signature (alleged OPRF output).
		Additionally, the Examiner has not articulated how Camenisch teaches a OPRF secret, and relied on server Si as the claimed server device, without explaining how Camenisch teaches the server Si processing “the blinded value using an OPRF secret to generate a blinded OPRF output,” as claimed.
		Based on the above, the Examiner has not shown that Camenisch teaches every limitation of claim 8, including: “maintaining, by the server device, a generating procedure associated with the structured key, the generating procedure configured to produce the structured key from an Oblivious Pseudorandom Function (OPRF) output, and the structured key parameters; receiving, by the server device from a requesting computing device, a blinded value associated with the structured key, wherein the blinded value is generated at the requesting computer device based on an input value unknown to the server device; processing, by the server device, the blinded value using an OPRF secret to generate a blinded OPRF output, wherein the OPRF secret is unknown to the requesting computing device; and returning, by the server device, the blinded OPRF output, the generating procedure, and the structured key parameters to the requesting computing device, for generation of the structured key by the requesting computing device,” as claimed, such that Camenisch does not anticipate claim 8.”
The Examiner respectfully submits that Camenisch (2017/0223008) does not disclose the claim limitations of claim 8, as such its dependent claims of claims 9-14 are accordingly allowable over prior art and prior art search as noted below.
Applicant’s arguments: “35 U.S.C. §103 Rejection Claims 7 and 14 are rejected under 35 U.S.C. §103 for being unpatentable over U.S. Patent Publication No. 2017/0223008 (“Camenisch”) in view of U.S. Patent Publication No. 6,411,715 (“Fiskov”). Reconsideration is requested in light of the following.
		To establish a prima facie case of obviousness, all claim limitations must be taught or suggested by the prior art. See, In re Royka, 490 F.2d 981, 985, 180 USPQ 580, 583 (CCPA 1974); see also, In re Vaeck, 947 F.2d 488, 20 USPQ2d 1438 (Fed. Cir. 1991).1 If the prior art reference(s) do not teach or suggest all of the claim limitations, Office personnel must explain why the differences between the prior art and the claimed invention would have been obvious to... Applicant submits that no proper combination of the applied art teaches or suggests each and every feature of the claimed invention.
		Claims 7 and 14 depend from claims 1 and 8, and are distinguishable from Camenisch by virtue of their dependence from respective claims 1 and 8. Liskov does not overcome the deficiencies of Camenisch with respect to claim 1. As such, the applied art cannot support a rejection of claims 7 and 14 under §103.”
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, Liskov uses mathematical algorithms of modulo and applying public key cryptography to determine elliptic curves in cryptography (Col 5, lines 50-67).

Information Disclosure Statement

The information disclosure statement (IDS) submitted on 09/08/2020 and 11/24/2020 were filed after the mailing date of the Non-Final on 08/27/2020. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claim(s) 1-2, 4-6 and 15-16, 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Saldamli et al., hereinafter (“Saldamli”), US PG Publication (2014/0041039 A1) was submitted in 09/08/2020 IDS, in view, in view of Bevan, US PG Publication (20130279692 A1) was submitted in 09/08/2020 IDS, in view of Hunter et al., hereinafter (“Hunter”), US PG Publication (2013/0282438 A1) was submitted in 09/08/2020 IDS.
Regarding claim 1, Saldamli teaches a computing device configured to implement a key management system (KMS), the computing device comprising: 
an interface configured to interface and communicate with a communication system; [Saldamli, ¶0087: communication interface 517] 
memory that stores operational instructions; [Saldamli, ¶0087: main memory 513 (e.g., random access memory (RAM)), storage device 514 (e.g., hard disk drive), removable storage device 515] and
processing circuitry operably coupled to the interface and to the memory, wherein the processing circuitry is configured to execute the operational instructions to: [Saldamli, ¶0087 and 0094: processors 511 (e.g., ASIC, CPU, etc.) executes stored] 
maintain structured key parameters associated with a structured key; [Saldamli, ¶¶0003 and 0044: server 200 comprises a server-side vectorial private equality testing (VPET) application module 300 configured to facilitate private equality testing between multiple clients 150 (e.g. Client A and B), as part of homomorphic encryption; preserving location privacy. Fig. 3 and ¶0061: memory unit 302 of server 200 maintains most recent value of counter – ctr (structured key parameters). ¶¶0069 and 0072: The server 200 determines whether the value of the counter ctr included in messages from Client A matches the value of the counter ctr included in messages from Client B. The computation unit 303 is housed as part of the server 200 and performs a dot product (i.e., an inner product) of the obfuscated/blind vectors a and b, wA and wB. The server 200 communicates the dot product <a, s> to Client A when the vectors wA and wB are the same] 
maintain a generating procedure associated with the structured key, the generating procedure configured to produce the structured key from an Oblivious Pseudorandom Function (OPRF) output, and the structured key parameters; [Saldamli ¶0069: The computation unit 303 is housed as part of the server 200 and performs a dot product (i.e., an inner product) (a generating procedure associated with the structured key) of the obfuscated/blind vectors a and b, wA and wB] 
receive, from a requesting computing device, a blinded value associated with the structured key; [Saldamli, ¶¶0064-0065 and 0068: Each Client A, Client B is configured to generate a pseudorandom vector s and a random rotation angle θ using the pseudorandom function E, the encryption key k, and the counter ctr. Server 200 receives a message including an obfuscated/blind vector (i.e., obfuscated data unit) (a blinded value associated with the structured key) and the counter ctr to from the client-side vectorial private equality testing (VPET) application module 250 of each Client A (a requesting computing device); where the server is oblivious to the obfuscated/blind vector, wA] 
While Saldamli teaches an OPRF secret [Saldamli, ¶0085: In process block 652, a pseudorandom vector and a random rotation angle (an OPRF secret) are generated using a pseudorandom function, a shared encryption key, and a shared counter]; however, Saldamli fails to explicitly teach but Bevan teaches process the blinded value using an OPRF secret to generate a blinded OPRF output; [Bevan, Abstract: a method for executing a blinded modular exponentiation, based on a window method with a window size of k bits so using 2k pre-calculated variables (Yi=Xi mod N for i=0 to 2k−1), on input data X of n bits to obtain output data S of n bits, S=Xd mod N, where d is the exponent of size m bits and N is the modulus of n bits, comprising the steps of: •blinding the pre-calculated variables by a blinding value Bi (the blinded value) being a pseudo-random variable of the size of the modulus (n bits) and lower than the modulus (Yj=Yi×B1 mod N for i=0 to 2k−1) •executing the modular exponentiation with the blinded pre-calculated variables (using an OPRF secret), to obtain an intermediate result (A) (generate a blinded OPRF output)] 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of a vectorial private equality testing of Saldamli before him or her by including the teachings for protecting modular exponentiation in cryptographic operations of Bevan. The motivation would have been obvious to try another method for ensuring side channel attack method can be thwarted by obfuscating/masking/blinding an intermediate results of the modular exponentiation [Bevan, ¶¶0033-0034].
While Saldamli teaches return the blinded OPRF output [Abstract, an intermediate result (A)] and the structured key parameters to the requesting computing device, for generation of the structured key by the requesting computing device [Abstract, ¶0061: memory unit 302 of server 200 maintains most recent value of counter – ctr (structured key parameters)]; however, the combination of Saldamli and Bevan fail to explicitly teach but Hunter teaches return the blinded OPRF output, the generating procedure, and the structured key parameters to the requesting computing device, for generation of the structured key by the requesting computing device. [Hunter, ¶0088: Embodiments may utilize double-blind architectures where a first unit (e.g., a server, database, or other computing hub) stores and has access to information related to proximity information or other location-based data of registered users’ device (e.g., merchants, parents, children, etc.) – sighting messages (a blinded value associated with the structured key). However, the first unit may not store uniquely identifying personal information. The first and second units (a requesting computing device) may use anonymous identifiers that connect data stored within the two units without indicating the protected information stored in either unit. ¶0096: The central server 120 may include several components 104-109 to perform various operations to process data, such as received from proximity broadcast receivers 142, 138, third-party systems 101, or other support systems and/or services 102. The central server 120 may also include a rolling identifier (or ID) resolver component that may store factory keys associated with wireless identity transmitters 110 as well as perform operations, software, or routines to match encrypted, encoded, rolling (a generating procedure associated with the structured key), or otherwise obfuscated identification information within received sighting messages with affiliated user data. ¶0196: In block 1320, the central server may validate authentication information, such as in the received message from the mobile device. In particular, the central server may compare the authentication information to information generated in the operations in blocks 1308-1310. In block 1322, the central server may generate a set of rolling identifiers using the device ID and possible counter values (the blinded OPRF output). The central server may compare the encoded identifiers of the set with the rolling identifier received from the mobile device. In an embodiment, the central server may compute a set of encoded data by using a pseudo-random function, such as described above, along with the device ID and a number of counter values. For example, the central server may execute the pseudo-random function with a seed shared with wireless identity transmitters, the device ID indicated by the mobile device, and many counter values, starting with 0]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Saldamli and Bevan before him or her by including the teachings for system for delivering relevant user information based on proximity and privacy controls of Hunter. The motivation would have been obvious to try using the double-blind architectures where the first unit/central server 120 may access information associated with sighting messages, using of anonymous identifiers, as a way to ensure confidence of privacy [Hunter, ¶0088].
Regarding claim 2, the combination of Saldamli, Bevan, and Hunter teaches claim 1 as described above.
However, the combination of Saldamli and Bevan fail to explicitly teach but Hunter teaches wherein the processing circuitry is further configured to execute the operational instructions to: maintain encrypted parameters associated with the structured key; [Hunter, ¶0096: The central server 120 may include several components 104-109 to perform various operations to process data, such as received from proximity broadcast receivers 142, 138, third-party systems 101, or other support systems and/or services 102. The central server 120 may also include a rolling identifier (or ID) resolver component that may store factory keys associated with wireless identity transmitters 110 as well as perform operations, software, or routines to match encrypted (encrypted parameters associated with the structured key), encoded, rolling, or otherwise obfuscated identification information within received sighting messages with affiliated user data. ] and
return the encrypted parameters, the OPRF output, the generating procedure, and the structured key parameters to the requesting computing device for generation of the structured key by the requesting computing device. [Hunter, See ¶0096: encrypted (encrypted parameters associated with the structured key), encoded, rolling (a generating procedure associated with the structured key); in block 1322, the central server may generate a set of rolling identifiers using the device ID and possible counter values (the blinded OPRF output)] 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Saldamli and Bevan before him or her by including the teachings for system for delivering relevant user information based on proximity and privacy controls of Hunter. The motivation would have been obvious to try using the double-blind architectures where the first unit/central server 120 may access information associated with sighting messages, using of anonymous identifiers, as a way to ensure confidence of privacy [Hunter, ¶0088].

Regarding claim 4, the combination of Saldamli, Bevan, and Hunter teaches claim 1 as described above.
However, the combination of Saldamli and Hunter fail to explicitly teach but Bevan teaches wherein: the encrypted parameters include large primes associated with a Rivest, Shamir, and Adelman (RSA) key. [Bevan, ¶0011: Modular exponentiation is involved in some important cryptographic protocols for key exchange or encryption or signature (Diffie-Hellman, ElGamal, RSA, DSS . . . ). It is well known in the art. ¶¶0063-0064: pre-computing e'=g.sup.-1 mod (p-1).times.(q-1) where g equals the concatenation of m/k times the value "1" coded on k bits; where two primes are p and q (large primes associated with a Rivest, Shamir, and Adelman (RSA) key)]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of a vectorial private equality testing of Saldamli before him or her by including the teachings for protecting modular exponentiation in cryptographic operations of Bevan. The motivation would have been obvious to try to use large primes p and q [Bevan, ¶¶0063-0064].
Regarding claims 5 and 20, the combination of Saldamli, Bevan, and Hunter teaches claim 1 as described above.
However, the combination of Saldamli and Hunter fail to explicitly teach but Bevan teaches wherein: the structured key parameters include one or more of a key type, an algorithm associated with a key type, a key size, a modulus, a key generator, or curve parameters. [Bevan, ¶0063:  Those skilled in the art know that the modular exponentiation method is usually used in the context of RSA cryptosystem; with modular exponentiation algorithm used for RSA computation (a key generator) with private key d (which might be relatively large in size)] 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of a vectorial private equality testing of Saldamli before him or her by including the teachings for protecting modular exponentiation in cryptographic operations of Bevan. The motivation would have been obvious to try to use large primes p and q [Bevan, ¶¶0063-0064].
Regarding claim 6, the combination of Saldamli, Bevan, and Hunter teaches of teach claim 1 as described above.
However, the combination of Saldamli and Bevan fail to explicitly teach but Hunter teaches wherein the generating procedure is further configured to: use the OPRF output to seed a deterministic key generator. [Hunter, ¶0192 performs a pseudo-random function (a deterministic key generator) to generate encoded data based on input values of the wireless identity transmitter's device ID, a counter value, and a secret key, seed, or other value known only to the wireless identity transmitter and the central server]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Saldamli and Bevan before him or her by including the teachings for system for delivering relevant user information based on proximity and privacy controls of Hunter. The motivation would have been obvious to try using the double-blind architectures where the first unit/central server 120 may access information associated with sighting messages, using of anonymous identifiers, as a way to ensure confidence of privacy [Hunter, ¶0088].

Regarding currently amended claim 15, Saldamli teaches a method comprising:
receiving, at a key management server configured to implement a key management system (KMS), a blinded value associated with a structured key managed by the key management server, the blinded value received from a requesting device via a communications network; [Saldamli, ¶¶0064-0065 and 0068: Each Client A, Client B is configured to generate a pseudorandom vector s and a random rotation angle θ using the pseudorandom function E, the encryption key k, and the counter ctr. Server 200 (key management server configured to implement a key management system (KMS)) receives a message including an obfuscated/blind vector (i.e., obfuscated data unit) (a blinded value associated with the structured key) and the counter ctr to from the client-side vectorial private equality testing (VPET) application module 250 of each Client A (a requesting computing device); where the server is oblivious to the obfuscated/blind vector, wA] 
obtaining, by the key management server, structured key parameters associated with the structured key; [See Saldamli, ¶0061: memory unit 302 of server 200 maintains most recent value of counter – ctr (structured key parameters)] 
While Saldamli teaches an OPRF secret [Saldamli, ¶0085: In process block 652, a pseudorandom vector and a random rotation angle (an OPRF secret) are generated using a pseudorandom function, a shared encryption key, and a shared counter]; however, Saldamli fails to explicitly teach but Bevan teaches process the blinded value using an OPRF secret to generate a blinded OPRF output; processing, by key management server, the blinded value using an Oblivious Pseudorandom Function (OPRF) secret to generate a blinded OPRF output; [Bevan, Abstract: a method for executing a blinded modular exponentiation, based on a window method with a window size of k bits so using 2k pre-calculated variables (Yi=Xi mod N for i=0 to 2k−1), on input data X of n bits to obtain output data S of n bits, S=Xd mod N, where d is the exponent of size m bits and N is the modulus of n bits, comprising the steps of: •blinding the pre-calculated variables by a blinding value Bi (the blinded value) being a pseudo-random variable of the size of the modulus (n bits) and lower than the modulus (Yj=Yi×B1 mod N for i=0 to 2k−1) •executing the modular exponentiation with the blinded pre-calculated variables (using an OPRF secret), to obtain an intermediate result (A) (generate a blinded OPRF output)] 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of a vectorial private equality testing of Saldamli before him or her by including the teachings for protecting modular exponentiation in cryptographic operations of Bevan. The motivation would have been obvious to try another method for ensuring side channel attack method can be thwarted by obfuscating/masking/blinding an intermediate results of the modular exponentiation [Bevan, ¶¶0033-0034].
While Saldamli teaches return the blinded OPRF output [Saldamli, Abstract, an intermediate result (A)] and the structured key parameters to the requesting computing device, for generation of the structured key by the requesting computing device [Saldamli, Abstract, ¶0061: memory unit 302 of server 200 maintains most recent value of counter – ctr (structured key parameters)]; however, the combination of Saldamli and Bevan fail to explicitly teach but Hunter teaches obtaining, by the key management server, a generating procedure associated with the structured key; [See Hunter, ¶0096: The central server 120...  rolling (a generating procedure associated with the structured key)]; and 
returning the blinded OPRF output, the generating procedure, and the structured key parameters to the requesting device, for generation of the structured key by the requesting device. [Hunter, ¶0088: Embodiments may utilize double-blind architectures where a first unit (e.g., a server, database, or other computing hub) stores and has access to information related to proximity information or other location-based data of registered users’ device (e.g., merchants, parents, children, etc.) – sighting messages (a blinded value associated with the structured key). However, the first unit may not store uniquely identifying personal information. The first and second units (a requesting computing device) may use anonymous identifiers that connect data stored within the two units without indicating the protected information stored in either unit. ¶0096: The central server 120 may include several components 104-109 to perform various operations to process data, such as received from proximity broadcast receivers 142, 138, third-party systems 101, or other support systems and/or services 102. The central server 120 may also include a rolling identifier (or ID) resolver component that may store factory keys associated with wireless identity transmitters 110 as well as perform operations, software, or routines to match encrypted, encoded, rolling (a generating procedure associated with the structured key), or otherwise obfuscated identification information within received sighting messages with affiliated user data. ¶0196: In block 1320, the central server may validate authentication information, such as in the received message from the mobile device. In particular, the central server may compare the authentication information to information generated in the operations in blocks 1308-1310. In block 1322, the central server may generate a set of rolling identifiers using the device ID and possible counter values (the blinded OPRF output). The central server may compare the encoded identifiers of the set with the rolling identifier received from the mobile device. In an embodiment, the central server may compute a set of encoded data by using a pseudo-random function, such as described above, along with the device ID and a number of counter values. For example, the central server may execute the pseudo-random function with a seed shared with wireless identity transmitters, the device ID indicated by the mobile device, and many counter values, starting with 0]
 Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Saldamli and Bevan before him or her by including the teachings for system for delivering relevant user information based on proximity and privacy controls of Hunter. The motivation would have been obvious to try using the double-blind architectures where the first unit/central server 120 may access information associated with sighting messages, using of anonymous identifiers, as a way to ensure confidence of privacy [Hunter, ¶0088].
 
Regarding claim 16, the combination of Saldamli, Bevan, and Hunter teaches claim 15 as described above.
While Saldamli teaches an OPRF secret [Saldamli, ¶0085: In process block 652, a pseudorandom vector and a random rotation angle (an OPRF secret) are generated using a pseudorandom function, a shared encryption key, and a shared counter] wherein the blinding value is generated at the requesting device based on an input value unknown to the key management server, [Saldamli, ¶0068: The computation unit 255 of Client A generates an obfuscated/blind vector for the random basis vector u (an input value unknown to the key management server) using relation (3) below: a=R(u,θ)(3) wherein R(u,θ) is a vector representing the rotation of the random basis vector u by the random rotation angle θ. The computation unit 255 of Client A implements and generates obfuscated/blind vector a, wA]; however, Saldamli fail to explicitly teach but and the OPRF secret is unknown to the requesting device. 
the method further comprising: obtaining, by the key management server, encrypted parameters associated with the structured key; [See Hunter, ¶0096: The central server 120 ... a rolling identifier (or ID) resolver component that may store factory keys associated with wireless identity transmitters 110 as well as perform operations, software, or routines to match encrypted (encrypted parameters associated with the structured key)] and 6280-400755Appl. No. 16/109,856P201800259US01 
returning the encrypted parameters, the OPRF output, the generating procedure, and the structured key parameters to the requesting device for generation of the structured key by the requesting device, [Hunter, ¶¶0088 and 0096]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Saldamli and Bevan before him or her by including the teachings for system for delivering relevant user information based on proximity and privacy controls of Hunter. The motivation would have been obvious to try using the factory keys as well as other operations of the first unit/central server 120 to return encrypted parameters associated with the structured key [Hunter, ¶¶0088 and 0095-0096].
 Regarding claim 18, the combination of Saldamli, Bevan, and Hunter teaches claim 15 as described above.
Saldamli teaches wherein obtaining at least one of the structured key parameters or the generating procedure includes:  selecting at least one of the structured key parameters or the generating procedure based, at least in part, on the blinded value. [Saldamli, ¶0070: The computation unit 251 of Client A further computes a dot product <a, s> (i.e., an inner product) representing the dot product of the obfuscated/blind vector a and the pseudorandom vector s (selecting at least one of the structured key parameters or the generating procedure based). Upon receiving the dot product m from the server 200, the computation unit 251 determines whether the dot product <a, s> is equal to the dot product m.]
Regarding claim 19, the combination of Saldamli, Bevan, and Hunter teaches claim 15 as described above.
Saldamli teaches wherein obtaining at least one of the structured key parameters or the generating procedure includes: selecting at least one of the structured key parameters or the generating procedure based, at least in part, on a source of the blinded value. [Saldamli, ¶0069: The server 200 determines whether the value of the counter ctr included in messages from Client A (a source of the blinded value) matches the value of the counter ctr included in messages from Client B. ¶0070: The computation unit 251 of Client A further computes a dot product <a, s> (i.e., an inner product) representing the dot product of the obfuscated/blind vector a and the pseudorandom vector s. Upon receiving the dot product m from the server 200, the computation unit 251 determines whether the dot product <a, s> is equal to the dot product m] 
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Saldamli et al., hereinafter (“Saldamli”), US PG Publication (2014/0041039 A1) was submitted in 09/08/2020 IDS, in view, in view of Bevan, US PG Publication (20130279692 A1) was submitted in 09/08/2020 IDS, in view of Hunter et al., hereinafter (“Hunter”), US PG Publication (2013/0282438 A1) was submitted in 09/08/2020 IDS, in view of Liskov et al., hereinafter (“Liskov”), US Patent (6,411,715 B1).
Regarding claim 7, the combination of Saldamli, Bevan, and Hunter teaches claim 1 as described above.
However, the combination of Saldamli, Bevan, and Hunter does not explicitly teach but Liskov teaches wherein the generating procedure is further configured to: expand the OPRF output to a specific length to produce an expanded result; and take the expanded result modulo a prime modulus specific to one of Diffie-Hellman parameters or Elliptic Curve parameters. [Liskov, Col 11, lines 62-63: demonstrates an elliptic curve discrete logarithm keys; Col 12, lines 40-43: the prover 12 demonstrates that the bit length of N is greater than or equal to the sum of the bit lengths of p and q, and less than the bit length of Q−2]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Saldamli, Bevan, and Hunter before him or her by including the teachings for verifying the cryptographic security of a selected private and public key pair without knowing the private key of Liskov. The motivation/suggestion would have been obvious to try using a Diffie-Hellman protocol parameters for a public key cryptosystem for generating secret numbers [Liskov, Col 4, lines 55-67].

Allowable Subject Matter
3.	Applicant's arguments have been considered and are determined to be persuasive. Accordingly, the previously presented rejections are withdrawn.
4.	Claims 8-14 are allowed.
5.	The following is an examiner's statement of reasons for allowance:
The closest prior art, as previously recited, Camenisch 20170223008 A1, is also generally directed to a method for use in a key management system (KMS), the method comprising [Camenisch 2017/0223008 A1, ¶0020: Systems 100 and 200 are “initializing systems” and “recovery system”, respectively, include: a user 110, client (generating) terminal 120 and severs 130a-130n; all computer based. Servers 1302 are secret holding servers]: maintaining, by a server device including a processor and associated memory, structured key parameters associated with a structured key; [Camenisch et al. 2017/0223008 A1, ¶0040: Figs. 3 and 4 show how system stores data 330 (N, di, id, hi) obtained from generating client 120 during initialization process. ¶0043: Blind signature schemes associated with common public key with RSA and DSA implementations] maintaining, by the server device, a generating procedure associated with the structured key, the generating procedure configured to produce the structured key from an Oblivious Pseudorandom Function (OPRF) output, and the structured key parameters; 6280-400753Appl. No. 16/109,856P201800259US01 [Camenisch 2017/0223008 A1, ¶0041: Each server-side provide services: performing blind functions are blind signatures and oblivious pseudorandom functions (a generating procedure associated with the structured key). ¶0043: Blind signature Schemes can be implemented using a number of common public key signing schemes. Such as for example RSA and DSA. To create such a signature (an Oblivious Pseudorandom Function (OPRF) output), the message is first “blinded”, typically by combining it in some way with a random “blinding factor'. Present invention has a plurality of distributed unique blind signatures can be used because auxiliary information is blindly signed by servers 130 and distribution of RSA-key shares. ¶0080: At the end of step 340, each server 130 has access to its corresponding server secret data (ski, pki, pkt, id, hi) (structured key parameters) and typically will also securely store 345. ¶0082: retrieving a ciphertext may be sampled via a hash-function G that maps into the domains of the ciphertexts. The input of the hash-function G is m=(Uid, X), where X is a URL (uniform resource locator) for a website that uses the high entropy password and where Uid relates to the login name]
However, none of Camenisch teach or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claim, claim 8.  For example, none of the cited prior art teaches or suggest receiving, by the server device from a requesting computing device, a blinded value associated with the structured key, wherein the blinded value is generated at the requesting computer device based on an input value unknown to the server device; processing, by the server device, the blinded value using an OPRF secret to generate a blinded OPRF output, wherein the OPRF secret is unknown to the requesting computing device; and returning, by the server device, the blinded OPRF output, the generating procedure, and the structured key parameters to the requesting computing device, for generation of the structured key by the requesting computing device, in view of other limitations of claim 8.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."
The closest prior art made of record are:
LeSaint et al (20180375663) teaches an embodiments of the invention can establish secure communications using a single non-traceable request message from a first computer and a single non-traceable response message from a second computer. Non-traceability may be provided through the use of blinding factors. The request and response messages can also include signatures that provide for non-repudiation. In addition, the encryption of the request and response message is not based on the static keys pairs, which are used for validation of the signatures. As such, perfect forward secrecy is maintained (¶¶0057-0060).
  Alwen et al (20190356649) teaches a disclosure that describes techniques that allow for a client-side application, located on a first client device, to generate a random encryption key and encrypt locally-stored application data with the random encryption key. The random encryption key is used in lieu of a password-derived encryption key. In order to ensure that the client-device application is unable to decrypt the locally-stored encrypted application data prior to authenticating with an external authentication source (i.e., SSO, IdP), the random encryption key is encrypted with a key-encrypting key derived using a pseudorandom function (PRF). By using a PRF, the first device is able to authenticate to the first server and derive a secure key as part of the authentication process. Accordingly, the present disclosure describes techniques for securing data on a client device when credentials are managed by an external authentication system (Fig. 3 and ¶¶0031-0032, 0035, 0037-0038).
Conclusion
Applicant's submission of an information disclosure statement under 37 CFR 1.97(c) with the fee set forth in 37 CFR 1.17(p) on 09/08/2020 prompted the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 609.04(b).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH W TAYLOR whose telephone number is (571)270-0682.  The examiner can normally be reached on Monday-Friday, 9:45-5:45.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SWT/Examiner, Art Unit 2497                                                                                                                                                                                                        



/ANDREW J STEINLE/Primary Examiner, Art Unit 2497