DETAILED ACTION
Notice of Pre-AIA  or AIA  Status

1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2. This is the initial office action that has been issued in
response to patent application 16/481,215, filed on 07/26/2019.
Claims 1-16 as originally filed, are currently pending and have
been considered below. Claim 1, 11 and 13 are independent claims.
Priority
3. The application is a section 371 national stage application
of International Application No. PCT/CN2018/102358 08/24/2018
filed on 07/26/2019. The certified copy has been file with
China Patent Application No. 201810025965.4. Filed on
01/11/2018.
Claim Analysis 35 USC § 112(f)
4. The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are:  “configured for”, “configured to” in claims 10 and 11.
  	Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.

Claim Rejections - 35 USC § 112
5. The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 9, 11 and 12 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for 
Claim 9, 11 and 12 recites phrases “ configured to perform the multicast communication “,“configured for identity authentication”, “ configured for key distribution means”, ”configured for data encryption”, “configured to perform negotiation on a quantum key” , “configured to, at the client”,  “ configured to, at the server”, and “configured to, at the client” which is limitation that invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. 
Claim 9, 11, and 12 uses the phrases “configured” term coupled with functional language. It is unclear whether the recited structure, material, or acts are sufficient for performing the claimed function since such structure (which includes an algorithm for performing the claimed function), material or acts is/are not clearly present in the drawings (e.g.  flowcharts, block diagrams) and specification. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claim Rejections - 35 USC § 103
6. In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

7. Claims 1-2 and 5-15, are rejected under 35 U.S.C. 103 as being unpatentable over Shuanlin(CN 107404461 A) in view of “An interactive cooperation model for neighboring virtual power plants) by Shabanzadeh. 

8. Regarding Claim 1, Shuanlin discloses , a method for quantum key fusion-based virtual power plant security 5communication, comprising: identity authentication: performing identity authentication between a client and a server (Shuanlin, Pg.3, Performing, by the client and the server, an identity verification operation based on a respective stored same identity key of the client. Server authentication information; sending response information containing at least server authentication information to the client.)
Shuanlin does not explicitly discloses the following limitations that Shabanzadeh teaches: 
in a virtual power plant based on a communication requirement, to acquire a root key, wherein the server comprises a commercial virtual power plant, an electricity market service system or a technical virtual power plant, and the client 10comprises a distributed energy resource, a commercial virtual power plant or a technical virtual power plant (Shabanzadeh, Abstract, Future distribution systems will accommodate an increasing share of distributed energy resources(DERs). Facing with this new reality, virtual power plants (VPPs) play a key role to aggregate DERs with the aim of facilitating their involvement in wholesale electricity markets. In this paper, the trading strate-gies of a VPP in cooperation with its neighboring VPPs are addressed, Pg. 277, the VPP coalition is assumed to be centrally con-trolled and for the simplicity, a commercial VPP type [31] is consid-ered.) ; key distribution: generating a key encryption key and a message authentication key based on the acquired root key, and performing negotiation on a data encryption key to obtain the data encryption key (Shuanlin, Pg. 12, According to the method for secure data transmission provided by the present application, a client sends an access request to a server. After receiving the access request, the server obtains the same access sequence from the same key sequence generated by both parties performing a quantum key distribution operation A key, as their respective data encryption key;  Pg. 14, After receiving the access request, the server may generally perform a key negotiation operation for both parties to obtain the same data encryption key in order to ensure the secure transmission of data.); and 15data encryption: encrypting to-be-encrypted data using the data encryption key, and implementing communication of the data, wherein during at least one of the identity authentication or the key distribution, negotiation on a quantum key is performed by a quantum key server, and the quantum key obtained by the negotiation is used for implementing the identity authentication or 20used as the data encryption key (Shuanlin, Pg. 15, The asymmetric key exchange algorithm is usually used to negotiate the data encryption key, the client and the server execute the quantum key distribution operation Which is based on the basic principle of quantum mechanics, ensures the security of the data encryption key negotiation process. Moreover, since the asymmetric decryption process does not need to be performed, the calculation time-consuming can be greatly reduced, To enhance the efficiency of the negotiation data encryption key. Pg. 16, in the method for secure data transmission provided in this embodiment, a quantum key distribution technology is used to complete the data encryption key agreement process, and a preferred embodiment for identity verification based on the client's identity key is also provided, Both parties then obtain their own data encryption keys based on quantum key distribution technology). 
It would have been obvious for one of ordinary skill
in the art before the effective filing date of the claimed invention to have modified Shuanlin to incorporate the teachings of Shabanzadeh. One of ordinary skill in the art would have been to make this modification in order to include a virtual power plant that’s based on communication and that will obtain a root key and wherein the power plant comprises of a distributed energy resource or a commercial or virtual power plant to enhance security. 

9. Regarding Claim 2, Shuanlin and Shabanzadeh disclose, the method of claim 1, wherein the identity authentication is implemented in a certificate authentication manner, and a certificate is issued to both the client and the server by a trusted third party (Shuanlin, Pg. 15, In order to implement the key agreement process based on the asymmetric key exchange algorithm, the existing transmission technology based on the client / server architecture generally adopts a digital certificate. On the one hand, it can carry the public key information in the digital certificate sent by the server and the other Aspects can also use digital certificates for authentication.);  25the identity authentication comprises: at the client, sending information containing identity information, a client certificate, a client hash value and a random number to the server (Shuanlin, Pg. 3, Searching, by the server, for a corresponding identity key in the identity key mapping relationship table according to the client identifier included in the access request; and calculating a hash value based at least on the obtained identity key to obtain a server identity Server authentication information; sending response information containing at least the server authentication information to the client; Pg. 21, The existing data security transmission technology based on a client/server architecture usually performs digital certificate-based authentication when performing authentication. Pg. 33, A first client hash value comparison and result determining subunit configured to compare the calculated hash value with the server authentication information contained in the response information. Pg. 19, the generating a dynamic value r using a preset manner may be that a random number r is generated in a random manner.); at the server, receiving the information sent by the client and verifying the information, and if the verification is successful, providing the root key, and 30encrypting the root key using a public key in the certificate and sending the encrypted root key to the client (Shuanlin, Pg. 39, As client authentication information for verifying the identity of the client; The content of the access request sent by the client further includes: the client authentication information. After finding the corresponding identity key in the identity key mapping table, the server further includes: in the same manner that the client calculates the client authentication information. Pg. 41, the calculated hash value with the client verification information contained in the access request, and determines that the result of the identity verification operation is successful when the comparison result is consistent, Pg. 16, in the method for secure data transmission provided in this embodiment, a quantum key distribution technology is used to complete the data encryption key agreement process, and a preferred embodiment for identity verification based on the client's identity key is also provided. The client and the server may perform an authentication operation based on their respective stored same identities of the clients, and when the result of the authentication operation is passed, Both parties then obtain their own data encryption keys based on quantum key distribution technology.); and at the client, decrypting the encrypted root key using a private key corresponding to the public key to obtain an identical root key, to complete the identity authentication (Shuanlin, Pg. 26, decrypting the ciphertext included in the access request for verifying the identity of the server by using the obtained identity key to obtain a decrypted dynamic value; and based at least on the server identifier of the server and the decrypted As a server authentication information for verifying server identity; sending a response message containing the server identifier of the server and the server authentication information to the client, After the client verifies, it is determined that the result of the identity verification operation is passed. Pg. 2, The server uses the private
key to obtain a random password string, and then both sides use the same algorithm to generate the session key based on the obtained random password string.)

10. Regarding Claim 5, Shuanlin and Shabanzadeh disclose, the method of claim 1, wherein the key distribution comprises: at the client, sending a key request to the server, wherein the key request comprises a random number Nh (Shuanlin, Pg. 4, before the client sends the access request to the server, the method includes: reading, by the client, a stored identity key; and using the identity key as a symmetric key, performing dynamic value generation in a preset manner Encrypt to obtain a ciphertext for verifying the identity of the server; Sending, by the client, an access request to a server refers to sending an access request that includes at least the client identifier of the client and the ciphertext ); at the server, after receiving the key request, generating a key encryption key KEK, an uplink message authentication key HMACkey1 and a downlink message authentication key HMACkey2 based on the root key AK and the random number Nh, wherein the key encryption key KEK is calculated according to the following formula: KEK=truncate_128{SHA1[(AKI0^44)ONh]}, wherein 0^44 denotes a digit "0" repeated for 44 times, and Nh denotes a 64-bit random number, the uplink message authentication key is calculated according to the following formula:  
    PNG
    media_image1.png
    26
    516
    media_image1.png
    Greyscale
 the downlink message authentication key is calculated according to the following formula:  
    PNG
    media_image2.png
    26
    475
    media_image2.png
    Greyscale
 wherein 3644 represents that the 128-bit root key AK is followed by a digit "0X36" repeated for 44 times to form a 352-bit string, and a hash operation is performed on the 480-bit string, an exclusive or operation is performed on the 480-bit string obtained after the hash operation and the random number Nh (Shuanlin, Pg. 30, The first key may be obtained by performing the following operations: performing a quantum key distribution operation with the server, and generating a key sequence that is the same as that of the server; and obtaining, from the server using
a predetermined acquisition manner with the server, Key sequence to obtain the first key as a data encryption key. Pg. 20, After receiving the response information returned by the server, the client uses the server identifier contained in the response information in the same manner as the server verifying the server authentication information, and generates the response
message before generating the access request The dynamic value r calculates a hash value hash (ID_S, r), and then compares the calculated hash value with the server verification information contained in the response information . Pg. 21, the client obtains a locally stored seed value n which is stored and updated synchronously with the server according to the server identifier contained in the response information, and then determines, according to the response Server ID included in the message, the generated r, and the seed number n to calculate a hash value hash (ID_S, r + n), and compares the calculated hash value with the received server authentication information Correct. Pg. 8, The two parties generate the same operation process of the random key sequence; the key sequence refers to a sequence formed by several key bits; and the data encryption key refers to a symmetric key used for encrypting and decrypting the data.); at the client and the server, performing the negotiation on the data encryption key TEK, which comprises: at the client, sending a message for a negotiation request to the server, wherein the message for the negotiation request is encrypted using the KEK, and HMAC_key1 is taken as a key for a message digest of the message for the negotiation request (Shuanlin,  Pg. 14, in this embodiment, after the server receives the access request, both parties may start a quantum key distribution process, and by using the quantum channel transmission quantum state and using classical channel interaction and negotiation, the two parties finally obtain the same secret Key sequence, and acquire the same first key from the key sequence by adopting a pre-determined acquisition manner of both parties); and at the server, after receiving the request, encrypting a TEK parameter list using the KEK and sending the encrypted TEK parameter list to the client, wherein -5-Docket No. 1903160PCT-US-BJGDT HMACkey2 is taken as a key for a message digest of the sent encrypted TEK parameter list (Shuanlin , Pg. 14, After receiving the access request, the server obtains the same first key as the respective data encryption keys from the same key sequence respectively generated by the two parties by performing the quantum key distribution operation.).

11. Regarding 6, The method of claim 1, wherein the data encryption comprises: encrypting each piece of service data in an application layer using one or a combination of algorithms of an SM4-CBC, a DES, an AES and an SM1 in the data encryption, wherein a hash operation is performed on all pieces of the data using the message authentication key, and a hash value obtained by the hash operation is attached to the tail of the data, an uplink message authentication key HMACkey1 is taken as a hash key in uplink, and a downlink message authentication key HMAC_key2 is taken as a hash key in downlink (Shuanlin, Pg. 17-18, In other embodiments, the server may also calculate, as a service, other service parameters based on the other preset parameters and the IDC_Key End hash value of the authentication information, and the sent response information includes not only the server authentication information but also the parameters involved in the calculation. After receiving the response information, the client may use the same hash value as the server The hash value is calculated, that is, the hash value is calculated according to the parameter contained in the response information and the stored IDC_Key. For example, the server calculates Hash (ID_S, IDC_Key) as server authentication information and sends a response message {ID_S, hash (ID_S, IDC_Key)} to the client, and the client includes, according to the response message, The parameters and stored IDC_Key calculate the hash value and compare.) .

12. Regarding Claim 7, Shuanlin and Shabanzadeh disclose, the method of claim 1, wherein in a case that the negotiation on the quantum key is performed by the quantum key server during the identity authentication, the client and the server is provided with a first quantum key server and a second quantum key server respectively, and the client is provided with a quantum key management device, wherein before the client communicates with the server, the quantum key management device of the client is bound and registered at the first quantum key server in advance, and the first quantum key server instructs a quantum random number generator to generate a large number of random numbers, to be stored as keys in the first quantum key server and the quantum key management device of the client (Shuanlin, Pg. 14, After receiving the access request, the server may generally perform a key negotiation operation for both parties to obtain the same data encryption key in order to ensure the secure transmission of data. In this embodiment, instead of adopting a conventional asymmetric key exchange algorithm, the client and the server obtain the same first secret from the same key sequence generated by both of the two parties executing the quantum key distribution operation Key, as their own data encryption key. Pg. 16, the client and the server may perform an authentication operation based on their respective stored same identities of the clients, and when the result of the authentication operation is passed, Both parties then obtain their own data encryption keys based on quantum key distribution technology. Pg. 19, the generating a dynamic value r using a preset manner may be that a random number r is generated in a random manner, or a preset function may also be adopted Or algorithm to generate r, as long as the value of r generated each time you can dynamically change. Due to the introduction of the dynamic value r,
replay attacks can be prevented, thereby guaranteeing the accuracy of the server side authentication.); the quantum key management device of the client and the first quantum key server share the quantum random numbers as the keys, and the server is directly connected with the second quantum key server, the identity authentication comprises: at the client, sending a data transmission request to the server (Shuanlin, Pg. 5, the information acquired by the server and the client respectively from the same key sequence generated by the two parties performing the quantum key distribution operation further includes: a same second key;The method further includes: respectively updating, by the client and the server, the identities of the clients that are stored by using the second key respectively. Pg. 6, The server and the client respectively acquire the first key from the key sequences respectively generated according to a predetermined acquisition manner. Optionally, the client and the server use their respective data encryption keys for data security transmission); at the server, after receiving the request, generating a random number Nb and sending the random number Nb and a quantum identity authentication requirement to the client (Shuanlin, Pg. 19, sending an access request, the client first reads a locally stored identity key IDC_Key, and according to the client identifier of the client and the identity (ID_C, IDC_Key) as a client authentication information for verifying the identity
of the client, and then uses the identity key as a symmetric key to calculate a dynamic value r To obtain a ciphertext EnIDC_Key (r) for verifying the identity of the server. Here, the generating a dynamic value r using a preset manner may be
that a random number r is generated in a random manner );  -6-Docket No. 1903160PCT-US-BJGDTat the client, after receiving the quantum identity authentication requirement, sending service information to the bound first quantum key server through the quantum key management device of the client, wherein the service information comprises information about that the server requests performing quantum identity authentication on the client (Shuanlin, Pg. 31, the identity key as a symmetric key, a dynamic numerical value generated in a preset manner to obtain a verification value used for verifying Server-side ciphertext. The sending an access request to a server refers to sending an access request that includes at least the client identifier of the client and the ciphertext. The performing an identity verification operation based on a locally stored identity key comprises: receiving response information returned by the server; and in the same manner as the server computing the server verification information, at least according to a service included in the response information); at the first quantum key server, after receiving the service information of the client, performing negotiation on a quantum key between the second quantum key server of the server and the first quantum key server of the client, and acquiring a key K_QU1 agreed by the client and the server if the negotiation on the quantum key is completed (Shuanlin, Pg. 12, The client and the server select the same key from the same key sequence generated by performing the quantum key distribution operation as the data encryption key, Effectively avoids the distribution security risks posed by the asymmetric key exchange algorithm and the problem of time consuming and inefficient decryption, and can safely and
efficiently implement the data encryption key negotiation process, thereby providing a strong guarantee for data security transmission.); at the server, generating a random number as a root key AK, calculating a signal E=AKOK_QU1 and sending the signal E to the first quantum key server through a classical channel (Shuanlin, Pg. 14, in this embodiment, after the server receives the access request, both parties may start a quantum key distribution process, and by using the quantum channel transmission quantum state and using classical channel interaction and negotiation, the two parties finally obtain the same secret Key sequence, and acquire the same first key from the key sequence by adopting a pre-determined acquisition manner of both parties.); at the first quantum key server, after receiving the signal E, calculating AK'=EOK_QU1, selecting a quantum random number Ni pre-stored between the client and the first quantum key server of the client, and calculating ST=AK'ONi, and sending a message containing ST, a pointer ptr of the random number Ni, a length long and hash (AK') to the client (Shuanlin, Pg. 26, As a server authentication information for verifying server identity; sending a response message containing the server identifier of the server and the server authentication information to the client. Pg. 30, The performing an identity verification operation based on a locally stored identity key includes: receiving response information returned by the server; calculating, in the same manner as the server computing server verification information, at least according to a locally stored identity key Hash value; comparing the calculated hash value with the server verification information contained in the response); at the client, after receiving the message, extracting the random number Ni based on the pointer ptr of the random number and the length long, calculating AK"=STONi and sending a message digest HMAC(AK")Nb to the server (Shuanlin, Pg. 19, The access request sent by the client to the server includes the client identifier ID_C, the client verification information hash (ID_C, IDC_Key), and the ciphertext EnIDC_Key (r) of the client, that is, The server sends {ID_C, hash (ID_C, IDC_Key), EnIDC_Key (r)}; Pg. 20, the client uses the server identifier contained in the response information in the same manner as the server verifying the server authentication information, and generates the response message before generating the access request The dynamic value r calculates a hash value hash (ID_S, r)); and at the server, after receiving the message digest, calculating HMAC(AK)Nb and determining whether HMAC(AK)Nb is consistent with HMAC(AK")Nb, and confirming the identity of the client and taking AK as the root key if HMAC(AK)Nb is consistent with HMAC(AK")Nb, and determining that the authentication is failed and ending the communication if HMAC(AK)Nb is not consistent with HMAC(AK")Nb (Shuanlin, Pg. 17-18, the server authentication information but also the parameters involved in the calculation. After receiving the response information, the client may use the same hash value as the server The hash value is calculated, that is, the hash value is calculated according to the parameter contained in the response information and the stored IDC_Key. For example, the server calculates Hash (ID_S, IDC_Key) as server authentication information and sends a response message {ID_S, hash (ID_S, IDC_Key)} to the client, and the client includes, according to the response message,).

13. Regarding Claim 8, Shuanlin and Shabanzadeh disclose, the method of claim 1, wherein in a case that the negotiation on the quantum key is performed by the quantum key server during both the identity -7-Docket No. 1903160PCT-US-BJGDT authentication and the key distribution, the client and the server have a first quantum key server and a second quantum key server, respectively, the identity authentication comprises: at the client, sending an identity authentication request to the server through a classical channel (Shuanlin, Pg. 38, by the client and the server, an identity authentication operation based on the same identity key stored by each client respectively, comprises: determining, by the server according to the client identifier included in the access request pg. 14, after the server receives the access request, both parties may start a quantum key distribution process, and by using the quantum channel transmission quantum state and using classical channel interaction and negotiation, the two parties finally obtain the same secret Key sequence, and acquire the same first key from the key sequence); at the server, after receiving the identity authentication request, generating a group of random numbers as the root key AK through a quantum random number generator, and instructing to perform negotiation on a quantum key between the first quantum key server and a second quantum key server( Shuanlin, Pg. 24, The client and the server select the same key from the same key sequence generated by performing the quantum key distribution operation As a data encryption key, it effectively avoids the distribution security risks posed by the asymmetric key exchange algorithm, as well as the problem that the decryption takes a long time and is inefficient, so that the data encryption key negotiation process can be implemented safely and efficiently);performing the negotiation on the quantum key between the first quantum key server and the second quantum key server according to a predetermined protocol, to obtain a key K_QU2 (Shuanlin, Pg. 14, The quantum key distribution operation refers to the process that both parties involved in the key distribution operation generate the same key sequence following the quantum key distribution protocol, and the quantum key distribution protocol); at the server, acquiring the key KQU2, calculating E=AK®K_QU2 and sending E to the client; at the client, calculating AK'=EOK_QU2 and hash(AK'), and sending AK' and hash (AK') to the server (Shuanlin, Pg. 33, A first client authentication information calculating unit configured to calculate a hash value based at least on the stored identity key as client authentication information for verifying the identity of the client and trigger the access request sending unit to work); and at the server, determining whether hash(AK') is consistent with hash(AK), and determining that the identity authentication for the client is completed if hash(AK') is consistent with hash(AK), and determining that identity authentication is failed and interrupting the communication if hash(AK') is not consistent with hash(AK), the key distribution comprises: at the client and the server, generating a message authentication key and a key encryption key KEK corresponding to the root key with taking AK as the root key (Shuanlin, Pg. 17, the hash values calculated by both parties are the same, then the following conclusions can be reached on the client side: the server stores, in its identity key mapping table, the hash value corresponding to the client The identity key, which is consistent with the identity key stored by the client, indicates that the identity of the server is valid, and
therefore the result of the identity verification operation performed in this step is passed. During specific implementation, the client may send the result of the
identity verification operation to the server, so that the server may also obtain the result of the identity verification operation in this step.); at the client, instructing to perform negotiation on a quantum key between the second quantum key server and the first quantum key server (Shaunlin. Pg. 26, the identity verification operation is passed, the key sequence generated in the quantum key distribution operation with the client is acquired A key, as a data encryption key. Preferably, the information acquired from the key sequence generated by performing the quantum key distribution operation with the client further includes: a second key; and the server updates,
using the second key, a locally stored key corresponding to the the client's identity key.); performing the negotiation on the quantum key between the first quantum key server and the second quantum key server according to a predetermined protocol, to obtain a key K_QU3 (Shaunlin, Pg. 30, performing a quantum key distribution operation with the server, and generating a key
sequence that is the same as that of the server; and obtaining, from the server using a predetermined acquisition manner with the server, Key sequence to obtain the first key as a data encryption key.); and -8-Docket No. 1903160PCT-US-BJGDTat the client and the server, acquiring the key KQU3 and determining the key K_QU3 as the data encryption key (Shaunlin, Pg. 25, performing a quantum key distribution operation with the client to generate a key sequence that is the same as that of the client; acquiring, from the secret using the acquisition manner determined in advance by the client Key sequence to obtain the first key as a data encryption key.).

14. Regarding Claim 9, Shuanlin and Shabanzadeh disclose, the method of claim 1, wherein if the communication is multicast communication, a server is configured to perform the multicast communication with a plurality of clients, the method further comprises group key initialization, new client authentication and group key updating, wherein the group key initialization comprises: at the plurality of clients, registering with the server, and obtaining registration values, each for a respective one of the plurality of clients (Shuanlin, Pg 16, In this step 102, the client and the server may perform an authentication operation based on their respective stored same identities of the clients, and when the result of the
authentication operation is passed, Both parties then obtain their own data encryption keys based on quantum key distribution technology.); at the plurality of clients, sending the respective registration values and the respective selected random numbers B1, B2, ..., and Bn to the server (Shuanlin, Pg. 17, calculating the hash value hash(IDC_Key) according to the obtained identity key, As server verification information for verifying the identity of the server, finally sending response
information containing the server verification information to the client, that is, sending {hash (IDC_Key)} to the client.); at the server, after receiving the random numbers, calculating B1*B2*...*Bn[G] as a group key, wherein G denotes a base point of an elliptic cryptography(Shuanlin, Pg. 2, The client encrypts the random password string (also called PreMasterKey) generated by the client using the public key of the server and transmits it to the server); at the server, for each of the plurality of clients, when sending the group key to the respective client, sending data to the respective client based on a product of the random numbers of the clients other than the respective client and the basic point and parameters of an elliptic curve of the elliptic cryptography, wherein the data is represented as follows: Ci=B1*... *Bi-1*Bi+1*... *Bn[G], wherein Ci denotes data for the i- th client (Shuanlin, Pg. 2, The client encrypts the random password string (also called PreMasterKey) generated by the client using the public key of the server and transmits it to the server. ); and at each of the clients, after receiving the data, calculating a group key based on the data and the random numbers, wherein the new client authentication comprises: when a new client wishes to join a multicast group of the server, and the elliptic curve for multicast encryption, the basic point G and a public key P of the server are known to the new client, the new client acquires a group key by the following steps: at the new client, calculating h(1)=SM3(NmIID_M1) and sending a request for joining the multicast group to the server, wherein the request contains a random number -9-Docket No. 1903160PCT-US-BJGDT Nm, identity information ID_M1 of the new client, a public key PM of the new client and h(1), wherein SM3 denotes a hash algorithm, a message for the request is encrypted using the public key P of the server according to an encryption formula SM2[Nm|ID_M1IPMlh(1)]p, wherein SM2 denotes elliptic curve cryptography (Shuanlin, Pg. 13, In the technical solution of the present application, the quantum key distribution operation refers to that after both parties participating in the quantum key distribution operation follow the quantum key distribution protocol and undergo processing flows such as original key agreement, key screening and error correction, and privacy amplification , The two parties generate the same operation process of the random key sequence; the key sequence refers to a sequence formed by several key bits; and the data encryption key refers to a symmetric key used for encrypting and decrypting the data.); at the server, after receiving the message for the request, decrypting the message using a private key and sending to the new client a message for instructing the new client to send an identity authentication material (Shuanlin, Pg. 2, The client encrypts the random password string (also called PreMasterKey) generated by the client using the public key of the server and transmits it to the server , The server uses the private key to obtain a random password string, and then both sides use the same algorithm to generate the session key based on the obtained random password string. Both parties use the session key for subsequent data security transmission.); at the new client, after receiving the message sent by the server, sending a registration value KM1 of the new client along with a hash value h2=SM3(KM1) to the server if the new client has the registration value, and sending a certificate to the server if the new client has no registration value( Shuanlin, Pg. 15, In specific implementation, in order to meet the different requirements for secure transmission in different application scenarios, it is usually possible to verify the identity of the client and / or the server and transmit the data securely when the identity is legal. In order to implement the key agreement process based on the asymmetric key exchange algorithm, the existing transmission technology based on the client / server architecture generally adopts a digital certificate. On the one
hand, it can carry the public key information in the digital certificate sent by the server and the other Aspects can also use digital certificates for authentication); at the server, performing message authentication according to the hash value h2, to verify the registration value or the certificate (Shuanlin, Pg. 33, configured to calculate a hash value from at least a locally stored identity key in the same manner as the server computing the server authentication information. Pg. 21, the authentication method based on the client's identity key given in this embodiment does not require the use of a digital certificate, thereby reducing maintenance costs such as application and management of digital certificates.); generating a key encryption key KEK, sending an encrypted key encryption key KEK encrypted using the public key PM of the new client to the new client and allocating a new registration value KM2, if the verification is successful(Shuanlin, Pg. 23, the client and the server have obtained the same data encryption key, so that data can be securely transmitted. Specifically, the server adopts a symmetric encryption algorithm, encrypts data by using a data encryption key, and then sends the encrypted ciphertext to the client. Pg. 41, the calculated hash value with the client verification information contained in the access request, and determines that the result of the identity verification operation is successful); and determining that the authentication is failed and interrupting the communication, if the verification is failed (Shuanlin, Pg. 3, Searching, by the server, for a corresponding identity key in the identity keymapping relationship table according to the client identifier included in the access request; and calculating a hash value based at least on the obtained identity key to obtain a server identity Server authentication information; sending response information containing at least the server authentication information to the client); at the server, calculating T1, KE_down and X with the following formulas:  
    PNG
    media_image3.png
    56
    428
    media_image3.png
    Greyscale
 X={s*hash(x)}[G], wherein x denotes a group key being used, t1 denotes current time and s denotes a private key of the server( Shuanlin, Pg. 3, Searching, by the server, for a corresponding identity key in the identity keymapping relationship table according to the client identifier included in the access request; and calculating a hash value based at least on the obtained identity key to obtain a server identity Server authentication information; sending response information containing at least the server authentication information to the client); at the server, calculating a hash value h(3)=SM3(KM2IT1IKEdowniX), and attaching the hash value h(3) for message authentication in a message containing T1 and X to the new client (Shaunlin, Pg. 5, after the client reads the stored identity key, the method further includes: calculating a hash value according to the client identifier of the client and the identity key, as a client for verifying the identity of the client verify message ); and at the new client, receiving T1 and X, calculating KE_down'=T1+[hash(KM2)]P+X using the known public key P and the registration value KM2, and verifying whether hash(KM2IT1 IKE_down'IX) is consistent with h(3)(Shuanlin, Pg. 2, before data transmission is secured, the client and the server usually perform key agreement. The client encrypts the random password string (also called PreMasterKey) generated by the client using the public key of the server and transmits it to the server);-10-Docket No. 1903160PCT-US-BJGDT at the new client, if the verification is successful, generating KEup, and sending a message containing the KE_up encrypted using the KEK attached with a hash value h(4)=SM3(KEup) to the server(Shuanlin, Pg. 7, the calculated hash value with the client verification information contained in the access request, and determines that the result of the identity verification operation is successful when the comparison result is consistent); at the server, after receiving the message, calculating (KEup*KEdown')[G] as a new group key( Shuanlin, Pg. 17, After receiving the response information returned by the server, the client uses the same method as that used by the server to calculate the server authentication
information (for example, both parties may preset the manner of calculating the server authentication information) (IDC_Key),); and if the verification is failed, interrupting the communication (Shuanlin, Pg. 17-18, the server authentication information but also the parameters involved in the calculation. After receiving the response information, the client may use the same hash value as the server The hash value is calculated, that is, the hash value is calculated according to the parameter contained in the response information and the stored IDC_Key. For example, the server calculates Hash (ID_S, IDC_Key) as server authentication information and sends a response message {ID_S, hash (ID_S, IDC_Key)} to the client, and the client includes, according to the response message).

15. Regarding Claim 10, Shuanlin and Shabanzadeh disclose, the method of claim 9, wherein the new client authentication is implemented in a quantum key negotiation manner, wherein the new client is connected with a first quantum key server, and the server is connected with a second quantum key server, a process of new client authentication comprises: at the new client, initiating an authentication request to the server (Shuanlin, Pg. 22, The client identifier of the client corresponding to the stored identity key; and updating, by the client, the
stored identity key by using the obtained second key, so that both parties simultaneously update their stored identity keys of the client, So that both parties can use the updated client key for authentication in the next round of interaction between both parties (that is, the interaction process after the client initiates the access request to the server again). Since both parties update their respective stored client keys with the second key obtained from the key sequence generated
by performing the quantum key distribution operation); at the server, after receiving the authentication request, instructing to perform identity authentication in a quantum manner (Shuanlin, Pg. 14, When a user or an application needs to use a service provided by a server, the client may send an instruction to the client and provide related information of the server to be accessed, for example, address information of the server and the like, so that the client sends, according to the received instruction, Visit the request. Step 102: After receiving the access request, the server obtains the same first key as the respective data encryption keys from the same key sequence respectively generated by the two parties by performing the quantum key distribution operation.); performing the new client authentication at the new client (Shuanlin, Pg. 5, The content of the access request sent by the client further includes: the client authentication information); at the new client, after the authentication is completed, requesting to perform negotiation on a quantum key between the quantum key server and the second quantum key server according to a predetermined protocol to obtain a quantum key K_QU5, wherein (KQU5*KEdown')[G] is calculated as a new group key by the new client and the server (Shuanlin, Pg. 24, The client and the server select the same key from the same key sequence generated by performing the quantum key distribution operation As a data encryption key, it effectively avoids the distribution security risks posed by the
asymmetric key exchange algorithm, as well as the problem that the decryption takes a long time and is inefficient, so that the data encryption key negotiation process can be implemented safely and efficiently ).

16. Regarding Claim 11, Shuanlin discloses, a device for quantum key fusion-based virtual power plant security communication, comprising: an identity authentication module configured for identity authentication, which comprises performing identity authentication between a client and a server (Shuanlin, Pg.3, Performing, by the client and the server, an identity verification operation based on a respective stored same identity key of the client. Server authentication information; sending response information containing at least server authentication information to the client.)in a virtual power plant based on a communication requirement, to acquire a root key, wherein the server comprises a commercial virtual power plant, an electricity market service system or a technical virtual power plant, and the client comprises a distributed energy resource, a commercial virtual power plant or a technical virtual power plant corresponding to the server (Shabanzadeh, Abstract, Future distribution systems will accommodate an increasing share of distributed energy resources(DERs). Facing with this new reality, virtual power plants (VPPs) play a key role to aggregate DERs with the aim of facilitating their involvement in wholesale electricity markets. In this paper, the trading strate-gies of a VPP in cooperation with its neighboring VPPs are addressed, Pg. 277, the VPP coalition is assumed to be centrally con-trolled and for the simplicity, a commercial VPP type [31] is consid-ered.); a distribution module configured for key distribution, which comprises generating a key encryption key and a message authentication key based on the acquired root key, and performing negotiation on a data encryption key to obtain the data encryption key (Shuanlin, Pg. 12, According to the method for secure data transmission provided by the present application, a client sends an access request to a server. After receiving the access request, the server obtains the same access sequence from the same key sequence generated by both parties performing a quantum key distribution operation A key, as their respective data encryption key;  Pg. 14, After receiving the access request, the server may generally perform a key negotiation operation for both parties to obtain the same data encryption key in order to ensure the secure transmission of data.); and an encryption module configured for data encryption, which comprises encrypting to-be-encrypted data using the data encryption key, and implementing communication of the data, wherein during at least one of the identity authentication or the key distribution, a quantum key server is further configured to perform negotiation on a quantum key, and the quantum key obtained by the negotiation is used for implementing the identity authentication or used as the data encryption key (Shuanlin, Pg. 15, The asymmetric key exchange algorithm is usually used to negotiate the data encryption key, the client and the server execute the quantum key distribution operation Which is based on the basic principle of quantum mechanics, ensures the security of the data encryption key negotiation process. Moreover, since the asymmetric decryption process does not need to be performed, the calculation time-consuming can be greatly reduced, To enhance the efficiency of the negotiation data encryption key. Pg. 16, in the method for secure data transmission provided in this embodiment, a quantum key distribution technology is used to complete the data encryption key agreement process, and a preferred embodiment for identity verification based on the client's identity key is also provided, Both parties then obtain their own data encryption keys based on quantum key distribution technology).

17. Regarding Claim 12, Shuanlin and Shabanzadeh disclose, the device of claim 11, wherein -13-Docket No. 1903160PCT-US-BJGDT the identity authentication module is configured to, at the client, send information containing identity information, a client certificate, a client hash value and a random number to the server (Shuanlin, Pg. 3, Searching, by the server, for a corresponding identity key in the identity key mapping relationship table according to the client identifier included in the access request; and calculating a hash value based at least on the obtained identity key to obtain a server identity Server authentication information; sending response information containing at least the server authentication information to the client; Pg. 21, The existing data security transmission technology based on a client/server architecture usually performs digital certificate-based authentication when performing authentication. Pg. 33, A first client hash value comparison and result determining subunit configured to compare the calculated hash value with the server authentication information contained in the response information. Pg. 19, the generating a dynamic value r using a preset manner may be that a random number r is generated in a random manner.); the device further comprises: a receiving module, configured to, at the server, receive the information sent by the client and verify the information, and if the verification is successful, provide the root key, encrypt the root key using a public key in a certificate and send the encrypted root key to the client (Shuanlin, Pg. 39, As client authentication information for verifying the identity of the client; The content of the access request sent by the client further includes: the client authentication information. After finding the corresponding identity key in the identity key mapping table, the server further includes: in the same manner that the client calculates the client authentication information. Pg. 41, the calculated hash value with the client verification information contained in the access request, and determines that the result of the identity verification operation is successful when the comparison result is consistent, Pg. 16, in the method for secure data transmission provided in this embodiment, a quantum key distribution technology is used to complete the data encryption key agreement process, and a preferred embodiment for identity verification based on the client's identity key is also provided. The client and the server may perform an authentication operation based on their respective stored same identities of the clients, and when the result of the authentication operation is passed, Both parties then obtain their own data encryption keys based on quantum key distribution technology.), and wherein the identity authentication module is further configured to, at the client, decrypt the encrypted root key using a private key corresponding to the public key to obtain an identical root key, to complete the identity authentication (Shuanlin, Pg. 26, decrypting the ciphertext included in the access request for verifying the identity of the server by using the obtained identity key to obtain a decrypted dynamic value; and based at least on the server identifier of the server and the decrypted As a server authentication information for verifying server identity; sending a response message containing the server identifier of the server and the server authentication information to the client, After the client verifies, it is determined that the result of the identity verification operation is passed. Pg. 2, The server uses the private key to obtain a random password string, and then both sides use the same algorithm to generate the session key based on the obtained random password string.).

18. Regarding Claim 13, Shuanlin discloses, a non-transitory computer storage medium in which computer-executable instructions are stored, wherein the computer-executable instructions, when being executed, implement a method for quantum key fusion- based virtual power plant security communication, the method comprising: identity authentication: performing identity authentication between a client and a server (Shuanlin, Pg.3, Performing, by the client and the server, an identity verification operation based on a respective stored same identity key of the client. Server authentication information, sending response information containing at least server authentication information to the client.) in a virtual power plant based on a communication requirement, to acquire a root key, wherein the server comprises a commercial virtual power plant, an electricity market service system or a technical virtual power plant, and the client comprises a distributed energy resource, a commercial virtual power plant or a technical virtual power plant (Shabanzadeh, Abstract, Future distribution systems will accommodate an increasing share of distributed energy resources(DERs). Facing with this new reality, virtual power plants (VPPs) play a key role to aggregate DERs with the aim of facilitating their involvement in wholesale electricity markets. In this paper, the trading strate-gies of a VPP in cooperation with its neighboring VPPs are addressed, Pg. 277, the VPP coalition is assumed to be centrally con-trolled and for the simplicity, a commercial VPP type [31] is consid-ered.); key distribution: generating a key encryption key and a message authentication key based on the acquired root key, and performing negotiation on a data encryption key to obtain the data encryption key (Shuanlin, Pg. 12, According to the method for secure data transmission provided by the present application, a client sends an access request to a server. After receiving the access request, the server obtains the same access sequence from the same key sequence generated by both parties performing a quantum key distribution operation A key, as their respective data encryption key;  Pg. 14, After receiving the access request, the server may generally perform a key negotiation operation for both parties to obtain the same data encryption key in order to ensure the secure transmission of data.); and data encryption: encrypting to-be-encrypted data using the data encryption key, and implementing communication of the data, -14-Docket No. 1903160PCT-US-BJGDTwherein during at least one of the identity authentication or the key distribution, negotiation on a quantum key is performed by a quantum key server, and the quantum key obtained by the negotiation is used for implementing the identity authentication or used as the data encryption key (Shuanlin, Pg. 15, The asymmetric key exchange algorithm is usually used to negotiate the data encryption key, the client and the server execute the quantum key distribution operation Which is based on the basic principle of quantum mechanics, ensures the security of the data encryption key negotiation process. Moreover, since the asymmetric decryption process does not need to be performed, the calculation time-consuming can be greatly reduced, To enhance the efficiency of the negotiation data encryption key. Pg. 16, in the method for secure data transmission provided in this embodiment, a quantum key distribution technology is used to complete the data encryption key agreement process, and a preferred embodiment for identity verification based on the client's identity key is also provided, Both parties then obtain their own data encryption keys based on quantum key distribution technology).

19. Regarding Claim 14, Shuanlin and Shabanzadeh disclose, the method of claim 9, wherein the group key updating comprises: if a new client desires to join into the group, after bidirectional identity authentication between the new client and the server is completed, directly taking K group=(KEup*KEdown)[G] as a new multicast key at the new client (Shuanlin, Pg. 38, Performing, by the client and the server, an identity authentication operation based on the same identity key stored by each client respectively, comprises: determining, by the server according to the client identifier included in the access request, in an identity key mapping Searching for a corresponding identity key in the relation table. Pg. 21, As long as the identity authentication is performed according to whether the client has the correct client identity key, it is also within the protection scope of the present application.); at the server, encrypting {KEup, t1, SM3(KM1)} using an original multicast key, and sending a message containing the encrypted {KEup, t1, SM3(KM1)} attached with a hash value h(5)=SM3(KEdown) to the client other than the new client in the multicast group, wherein an encryption formula for {KEup, t1, SM3(KM1)}is represented as follows: SM4[KEupIt1ISM3(KM1)]x  (Shuanlin, Pg. 23, the server adopts a symmetric encryption algorithm, encrypts data by using a data encryption key, and then sends the encrypted ciphertext to the client, and the client uses a decryption corresponding to the server An algorithm that uses a data encryption); and at the client other than the new client in the multicast group, after receiving the message, calculating KE_down"=t1[G]+[SM3(KM1)]P+SM3(x)P based on KEup, t1 and SM3(KM1) in combination with the known P and x, verifying whether SM3(KEdown") is consistent with h(5), and calculating K group=(KEup*KEdown")[G] as a new multicast key if SM3(KEdown") is consistent with h(5) (Shaunlin, Pg. 37, Receiving, by the client, response information returned by the server; calculating a hash value according to at least the stored identity key in the same manner as the server verifying the server verification information; and comparing the calculated hash value with the received To the response information contained in the server
authentication information is compared, and when the comparison result is consistent, it is determined that the result of the authentication operation is passed.).

20. Regarding Claim 15, Shuanlin and Shabanzadeh disclose, the method of claim 9, wherein the group key updating comprises: if a client exits from the group or time for updating the key arrives, at the server, sending a message containing a selected random number Nj and a hash value SM3(Nj) of the selected random number Nj to all of the clients in the multicast group, wherein the message is encrypted using the original multicast key (Shuanlin, Pg. 19, sending an access request, the client first reads a locally stored identity key IDC_Key, and according to the client identifier of the client and the identity (ID_C, IDC_Key) as a client authentication information for verifying the identity of the client, and then uses the identity key as a symmetric key to calculate a dynamic value r To obtain a ciphertext EnIDC_Key (r) for verifying the identity of the server. Here, the generating a dynamic value r using a preset manner may be that a random number r is generated in a random manner. Pg. 23, Specifically, the server adopts a symmetric encryption algorithm, encrypts data by using a data encryption key, and then sends the encrypted ciphertext to the client); and  -15-Docket No. 1903160PCT-US-BJGDTat the clients in the multicast group, after receiving the message, calculating K group=Nj[G]+SM3(Nj)]P+SM3(x)P as a new multicast key (Shuanlin, Pg. 37, before the client sends an access request to the server, the method comprises: calculating, by the client, a hash value according to at least the stored identity key, Client authentication information about client identity).

Claims 3-4 and 16, are rejected under 35 U.S.C. 103 as being unpatentable over Shuanlin(CN 107404461 A) and  “An interactive cooperation model for neighboring virtual power plants” by Shabanzadeh in view of Chen (CN 107493169 A) 

21. Regarding Claim 3, Shuanlin and Shabanzadeh in view of Chen disclose, the method of claim 1, 
Shuanlin and Shabanzadeh does not explicitly disclose the following limitation that Chen teaches:
wherein the identity authentication is implemented with a fast authentication approach, wherein each of the client and the server has a historical data index table, the historical data index table containing items of time, identity information, a historical key and a historical hash value, and the fast authentication approach comprises: for each session between the client and the server, generating a key k recorded as ko, k1, k2.., or kn, and generating a historical key hash value recorded as h1, h2, h3...or hn (Chen, Pg. 4, The invention proposes an identity authentication method based on quantum key and national secret algorithm, which increases the security of quantum encryption communication and realizes the independent control of core encryption algorithm technology.); 
Shuanlin and Shabanzadeh does not explicitly disclose the following limitation that Chen teaches:
performing an exclusive or operation on a hash value of k and the hash value h to obtain a new historical key hash value, wherein hn is calculated according to formulae as follows:   

    PNG
    media_image4.png
    56
    292
    media_image4.png
    Greyscale
wherein n denotes a natural number larger than 1 and SHA1 denotes a hash algorithm ( Chen, Pg. 3, The national encryption algorithm is a domestic commercial encryption algorithm recognized by the National Cryptographic Bureau, including symmetric algorithms SM1 and SM4, asymmetric algorithms SM2, and cryptographic hash algorithm SM3, which are used to replace AES/3DES, RSA, and SHA-1 proposed by the United States in international standards /MD5 and other algorithms); performing the authentication on the client and the server based on the historical data index table(Shuanlin, Pg. 9, Perform an authentication operation based on a locally stored identity key, and perform a step of obtaining a data encryption key ); and providing the root key if the authentication is successful (Shuanlin,  Pg. 8-9, The server authentication unit is configured to perform an authentication operation based on a locally stored identity key corresponding to the client after the access request receiving unit receives an access request, and when the result of the authentication operation is passed).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Shuanlin and Shabanzadeh to incorporate the teachings of Chen. One of ordinary skill in the art would have been to make this modification in order to include the authentication is implemented using a server which has a historical data and hash value and to make sure that the authentication has a session between the client and server. Also to perform a hash value using a formula which represents a hash algoritm.

22. Regarding Claim 4, Shuanlin and Shabanzadeh in view of Chen disclose, the method of claim 3, wherein the step of performing the authentication on the client and the server based on the historical data index table further comprises: at the client, extracting a previous key value k, previous time Ti and an index value ind from the historical data index table (Wei Pg. 16, Each block of the power supply index blockchain is: the power consumption information of the power consumption unit acquired by the EBN energy blockchain within a set time interval t); -3-Docket No. 1903160PCT-US-BJGDTat the client, calculating a hash value based on the previous key value, the previous time and the index value, and sending the hash value along with the identity information of the client and a random number to the server as a message, wherein the message is encrypted using the previous key value and is attached with the index value, and the message is represented as ESM4[SHA1(klTilNilind)IIDDERINi]klind, wherein ESM4 denotes a commercial cryptographic algorithm, k denotes an encryption key, Ti denotes the previous time, Ni denotes the random number, ind denotes the index value and IDDER denotes the identity information of the client (Shuanlin, Pg. 3, Searching, by the server, for a corresponding identity key in the identity keymapping relationship table according to the client identifier included in the access request; and calculating a hash value based at least on the obtained identity key to obtain a server identity Server authentication information; sending response
information containing at least the server authentication information to the client); at the server, after receiving the message, retrieving and extracting information corresponding to the index value in the message from the historical data index table based on the index value, decrypting the message using the encryption key, comparing the decrypted identity information of the client with identity information corresponding to the index value to acquire an identity of the client, calculating a hash value using a previous time, an encryption key, an index value and a random number corresponding to the index value in the index table, and comparing the calculated hash value with the hash value sent by the client (Shuanlin, Pg. 5, after the client reads the stored identity key, the method further includes: calculating a hash value according to the client identifier of the client and the identity key, as a client for verifying the identity of the client verify message;. After finding the corresponding identity key in the identity key mapping table, the server further includes: in the same manner that the client calculates the client authentication information, according to the client identifier included in the received access request and Searching the obtained identity key to calculate the
hash value; comparing the calculated hash value with the client authentication information contained in the received access request, and when the comparison result is consistent, executing the identification key Decrypt the ciphertext included in the access request, and acquire the decrypted dynamic value. Pg. 9, the server data encryption key acquiring unit is specifically configured to acquire, from a key sequence generated by performing a quantum key distribution operation with the client using an acquisition manner determined in advance by the client); confirming that the identity of the client is real and effective, passing the authentication of the client, and updating items of the historical hash value, the historical key and the time information in the historical data index table, if the calculated hash value is consistent with the hash value sent by the client (Shuanlin, Pg. 31, Before sending an access request to a server, a hash value is calculated at least according to the stored identity key as client authentication information for confirming the identity of the client; and the sending an access request to a server refers to: Sending an access request including the client identifier of the client and
the client verification information. Determining whether the
client verification information generated based on a locally stored identity key passes the verification of the server, and if yes, determining a result of the identity verification operation To pass.); 
Shuanlin and Shabanzadeh does not explicitly disclose the following limitation that Chen teaches:
and determining that the identity authentication is failed, and interrupting the communication, if the calculated hash value is not consistent with the hash value sent by the client(Chen, Abstract, The method comprises following steps of using a quantum key machine to distribute quantum passwords; generating key exchange load by use of an SM2elliptic curve public key algorithm; obtaining a public key according to an elliptic curve calculation rule; and carrying out identity discrimination by using the quantum key as a key element for the identity discrimination and combining the state encryption algorithm. According to the invention, the disadvantage of failure to use the quantum key to carry out identity discrimination during encryption by use of the quantum key can be avoided; and by use of the state encryption algorithm); at the server, generating a new random number Nj, and sending information about the confirmation along with new time T to the client as a message, wherein the message is encrypted using k according to an encryption formula Encrypt(NjIT)k (Shuanlin, Pg. 18, In a specific example adopting this embodiment, referring to FIG. 3, before sending an access request, the client may calculate a hash value hash (ID_C,IDC_Key) according to the stored identity key as a parameter for confirming that Client authentication information for client authentication. The access request sent
by the client to the server includes a client identifier of the client and the client verification information, that is, sending {ID_C, hash (ID_C, IDC_Key)} to the server ; ); at the client, after receiving the message, decrypting the message to obtain the new random number Nj and the new time T (Shuanlin, Pg. 26, decrypting the ciphertext included in the access request for verifying the identity of the server by using the obtained identity key to obtain a decrypted dynamic value); and at the server and the client, calculating a new root key AK based on the random numbers Ni and Nj, the new time T and the new historical hash value h according to a calculation formula as follows:-4-Docket No. 1903160PCT-US-BJGDT AK=Truncate_128[SHA1(Nil NjITIh)], wherein Truncate_128 represents extracting first 128 bits of a digit (Shuanlin, Pg. 38, Receiving, by the client, response information returned by the server; calculating a hash at least according to the server identifier included in the response information and the generated dynamic numerical value in the same manner as the server computing the server verification information Value; compares the calculated hash value with server-side verification information contained in the response information).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Shuanlin and Shabanzadeh to incorporate the teachings of Chen. One of ordinary skill in the art would have been to make this modification in order to determine the identity authentication has failed and that authentication interrupted the communication when being calculated using a hash value and that the value is sent to the client.

23. Regarding Claim 16, Shuanlin and Shabanzadeh in view of Chen disclose, the method of claim 9, wherein the new client authentication is implemented in a quantum key negotiation manner, wherein the new client is provided with a quantum key management device, and the quantum key management device is bound with a first quantum key server, wherein the quantum key management device and the quantum key server share a quantum random number, and the server is directly connected with a second quantum key server, a process of new client authentication comprises: at the new client, initiating an authentication request to the server (Shuanlin, Pg. 17, by the server, the corresponding identity key IDC_Key in the identity
key mapping relationship table according to the client identification ID_C contained in the received access request, and then calculating the hash value hash (IDC_Key) according to the obtained identity key, As server verification information for verifying the identity of the server, finally sending response information containing the server verification information to the client, that is, sending {hash (IDC_Key)} to the client.); at the server, after receiving the authentication request, performing the new client authentication on the new client (Shuanlin, Pg. 38, the client sends an access request to a server means that the client sends an access request that includes the client identifier of the client and the client verification information; Performing, by the client and the server, an identity authentication operation based on the same identity key stored by each client respectively ); 
Shuanlin does not explicitly disclose the following limitations that Chen teaches: 
at the second quantum key server and the first quantum key server, performing negotiation on a quantum key, to obtain a quantum key KQU6 (Chen, Pg. 4, the first phase of IKE negotiation uses quantum key identity authentication based on the national secret algorithm, and then the second phase of negotiation is carried out in accordance with the steps
specified in the national secret algorithm standard.); at the first quantum key server, selecting a quantum random number Nc pre- stored between the quantum key management device and the first quantum key server, and calculating E=Nc®K_QU6 and sending the calculated E to the new client (Shuanlin, Pg. 9, the server data encryption key acquiring unit is specifically configured
to acquire, from a key sequence generated by performing a quantum key distribution operation with the client using an acquisition manner determined in advance by the client, A first key of the data encryption key, and a second key; The device further includes: a server identity key updating unit, configured to update the locally stored identity key corresponding to the client with the second key. Pg. 11, calculating a hash value according to the client identifier of the client and the identity key, Client authentication information about client identity ); and at the new client, calculating KQU6 using EONc, and encrypting KEup using K_QU6 to implement the identity authentication (Shuanlin, Pg. 17, by the server, the corresponding identity key IDC_Key in the identity
key mapping relationship table according to the client identification ID_C contained in the received access request, and then calculating the hash value hash (IDC_Key) according to the obtained identity key, As server verification information for verifying the identity of the server, finally sending response information containing the server verification information to the client, that is, sending {hash (IDC_Key)} to the client.).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Shuanlin to incorporate the teachings of Chen. One of ordinary skill in the art would have been to make this modification in order to perform negotiations on a quantum key using a server containing a first and second quantum key to obtain a quantum key to enhance security.

Conclusion
24. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAYASA SHAAWAT whose telephone number is (571)272-3939.  The examiner can normally be reached on M-F, 8 AM TO 5 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, JEFFREY PWU can be reached on (571)272-6789. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MAYASA SHAAWAT/
Examiner Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433