DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the application filed on 01/11/2019. Claims 1-22 are cancelled. Claims 23-41 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

                                   EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given via phone conversation with James Walton (Reg. No. 47245) on 03/24/2021. 
 The application has been amended as follows:
Please replace claim 40 with:
40. (Currently amended) A computer program product comprising computer readable code embedded in a non-transitory computer readable medium, which when run on a computer, causes the computer, for digitally signing data using a cryptographic key in a communication 
Please replace claim 41 with:
41. (Currently amended) A computer systemcomprising computer readable code embedded in a non-transitory computer readable medium for carrying out computer system comprising: (a) generating a cryptographic public key/private key pair using a cryptographic key generator, wherein said key pair is not associated with any Subject's identity; (b) at the server node, storing said public key in a public key store, and (c) storing said private key in a private key store, access to which is granted using a predetermined associated primary authentication factor and at least one yet undefined supplementary authentication factor; (d) subsequently providing an unidentified user, the Subscriber, with said primary authentication factor, said Subscriber being associated with an identifiable Subject yet unknown to the server node; (e) defining the at least one yet undefined supplementary authentication factor in association with said private key store with data chosen by, and proprietary to, said Subscriber, thereby uniquely associating said private key store and said key pair to the Subject associated with said Subscriber;  Preliminary Amendment Attorney Docket No. 1204JW-62392 Page 6(f) subsequently receiving, at the server node from at least one network node, data identifying said Subscriber and the associated Subject, said data being cryptographically signed with said private key using a digital signature creator; (g) at the server node, validating said received data, and associating the so- identified Subject with said key pair; (h) at any one of said network nodes, causing data to be cryptographically signed with said private key using the digital signature creator, said signed data being certifiable to have been signed by said Subject, based on the corresponding public key and the Subject associated therewith
Allowable Subject Matter
Claims 23-41 are allowed.
The following is an examiner’s statement of reasons for allowance:


The closest prior art made of record are:
Buer (US2007/0118745) teaches Methods and systems are provided for non-cryptographic capabilities of a token such as a smartcard to be used as an additional authentication factor when multi-factor authentication is required.  Smartcards are configured to generate a transaction code each time a transaction is attempted by the smartcard.  The transaction code is dynamic, changing with each transaction, and therefore is used as a one-time password.  When a user attempts to access a service or application requiring at least two authentication factors, a secure processor is used to read transaction code from the smartcard.  The secure processor establishes a secure communication with the remote computer hosting the service or application.  The transaction code can then be encrypted prior to transmission over the public Internet, providing an additional layer of security.
Landrock et al. (U2005/0010758) teaches an apparatus and method for signing electronic data with a digital signature in which a central server comprises a signature server (110) and an authentication server (120).  The signature server (110) securely stores the private cryptographic keys of a number of users (102).  The user (102) contacts the central server using a workstation (101) through a secure tunnel which is setup for the purpose.  The user (102) supplies a password or other token (190), based on information previously supplied to the user by the authentication server (120) through a separate authentication channel.  The authentication server provides the signature server with a derived version of the same information through a permanent see tunnel between the servers, which is 

Oberheide et al. (US2016/0217280) teaches A system and method for providing secondary-factor authentication with a third party application that can include enrolling a device application instance of an account into a secondary-factor authentication service on behalf of a service provider that includes at the secondary-factor authentication service, receiving a secondary factor of authentication enrollment request of an account, the request received from the service provider, transmitting an activation code, and pairing the device application instance with the account through the activation code; receiving an authentication request identifying the account; transmitting an authentication request to the device application instance paired with the account; validating a response to the application request; and transmitting an assessment to the service provider.
Talati (US9, 088,568) teaches Secure communication is a major concern for individuals and businesses.  Electronic digital signatures are employed to provide secure communication by using cryptography enable a user to authenticate the identity of the originator, the originator's document and digital certificate.  Digital certificates, however, are static, vulnerable and subject to fraud and theft.  Recent advances using dynamic key cryptography allow improved security wherein the originator can restrict access to a digitally signed document by one or more entities by providing additional data to the system that manages the digitally signed documents.  Nevertheless, existing secure systems have to overcome the vulnerability of digital certificates.  With many existing systems, the lack of access control and privacy are still a concern since a third party can gain access to a secure message.  As such new technology is necessary to provide improved security for communicating electronically.

Toth (US2015/0095999) teaches Multi-factor authentication technologies have been emerging and being increasingly advocated.  Multiple authentication factors can be applied jointly to reduce the probability of failed authentication due to the compromise or fallibility of any given factor or factors.  MFA typically addresses "What the user knows" (PIN, password, responses to questions), "What the user has or holds" (smart card, smart phone, FOB), and "What the user is" (iris, fingerprint, facial and other biometrics).  Geo-location and behavioral authentication schemes are also factors that can be incorporated.

Wilkinson et al. (US2011/0107409) teaches Smart cards provide a way to authenticate a user that is different than normal password authentication.  With smart card authentication, a user inserts a smart card into a smart card reader and enters a personal identification number (PIN).  When a correct PIN is entered, one or more certificates that are on stored in the smart card are used to authenticate the user.  This type of authentication provides two-factor authentication by 

Carter (US2011/0202466) teaches an electronic device with radio and GNSS receiving capabilities is used to provide a second or further authentication factor to current and future transaction systems.  The device's embedded characteristics are combined with GNSS data into a unique identifiable device code.  The device can be used initially to put a bank or credit card into a "transaction enabled" mode.  The location of the electronic device can be compared to the location from which a request to use the enabled card originates.

Farnham et al. (US2003/0210789) teaches This invention generally relates to secure communications links for data transmission and more particularly relates to data communications links in which asymmetric cryptographic techniques are used to establish a secure link using symmetric cryptography. A method of establishing a secure communications link between a mobile terminal of a mobile communications system and a server, the method comprising: retrieving from storage, in the mobile terminal a prime number, p, and generator, g, for a Diffie-Hillman key exchange protocol; generating a positive integer b at the terminal; sending a message including the value of (g.sup.bmod p) from the terminal to the server; determining a shared secret number for the terminal and the server by calculating the value of (g.sup.ab mod p), where a is a positive integer, at both the terminal and the server, using b and a public value for the server y=g.sup.a mod p at the terminal, and using a, b, g and p at the server; and using the shared secret number to establish said secure communications between the terminal and the server.  Corresponding software is also provided.

However, none of closest prior arts mentioned above teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims 23, 40, and 41. For example, none of the cited prior art, alone or in combination, teaches or suggest the steps of “(c) storing said private key in a private key store, access to which is granted using a predetermined associated primary authentication factor and at least one yet undefined supplementary authentication factor; (d) subsequently providing an unidentified user, the Subscriber, with said primary authentication factor, said Subscriber being associated with an identifiable Subject yet unknown to the server node; (e) defining the at least one yet undefined supplementary authentication factor in association with said private key store with data chosen by, and proprietary to, said Subscriber, thereby uniquely associating said private key store and said key pair to the Subject associated with said Subscriber; (f) subsequently receiving, at the server node from at least one network node, data identifying said Subscriber and the associated Subject, said data being cryptographically signed with said private key using a digital signature creator; (g) at the server node, validating said received data, and associating the so- identified Subject with said key pair; (h) at any one of said network nodes, causing data to be cryptographically signed with said private key using the digital signature creator, said signed data being Preliminary Amendment Attorney Docket No. 1204JW-62392 Page 2certifiable to have been signed by said Subject, based on the corresponding public key and the Subject associated therewith” in view of other limitations of claims 23, 40, and 41.   Therefore the claims are allowable over the cited prior arts.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207.  The examiner can normally be reached on Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-






/SHAHRIAR ZARRINEH/Examiner, Art Unit 2497