Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This Action is in response to the claims filed 7/19/2019.  Claims 1-20 are pending. Claims 1 (a method), 10 (a non-transitory CRM), and 19 (a machine) are independent.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7, 9-16, and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Beimel et al., “Non-Interactive Secure Multiparty Computation” (published 2014), in view of Zhang et al., US 2019/0394175 (priority date 2018-06), and Liu et al., “How to build time-lock encryption” (published 2018-02).
As to claims 1, 10, and 19 Beimel discloses a method/CRM/machine comprising:
… a correlated randomness component specific to the party and associated with (“a function h 2 H generates n correlated random inputs R1; : : : ;Rn,” Beimel § 2) …; 

computing, using an input from the party (“a local encoding function Enci (where 1 < i < n), which takes an input xi and a random input Ri and outputs a message” Biemel § 2, input Xi with correlated randomness Ri to output an NIMPC encrypted input), the correlated randomness component (“given a description of a function h 2 H generates n correlated random inputs R1, … ,Rn,” Biemel § 2), and the party-generated randomized mask (“For each possible value v of xi …. To make it ;-robust without compromising fig-robustness, we apply the following masking technique.” Biemel § 4.2.  Conditioning the input xi to be robust using the randomized masking technique.  See also Biemel § 4.2 generally.) in a non-interactive multi-party computation (NIMPC), an NIMPC-encrypted input associated with the party (“a local encoding function Enci (where 1 < i < n), which takes an input xi and a random input Ri and outputs a message” Biemel § 2) …; 
….

	Biemel does not disclose:
	(non-transitory CRM/processor of claims 10 and 19)
receiving, from a first trusted authority, a secret key specific to a party for use in posting to a blockchain; 
receiving, from a second trusted authority, … a given temporal segment
…
… for the given temporal segment; 
encrypting the …-encrypted input according to a blockchain encryption algorithm to yield a ciphertext; and 
submitting the ciphertext to a block associated with the given temporal segment in a blockchain.

Zhang discloses:
(regarding the non-transitory CRM/processor of claims 10 and 19, see Zhang ¶¶ 162 and 164)
receiving, from a first trusted authority (“a multitude of options for generating keys. One such option is to utilize a trusted dealer to set up the keys for these schemes.” Zhang ¶ 85), 
receiving, from a second trusted authority (“a multitude of options for generating keys. One such option is to utilize a trusted dealer to set up the keys for these schemes.” Zhang ¶ 85), …; 
…
encrypting the …-encrypted input according to a blockchain encryption algorithm to yield a ciphertext; and (“FIG. 3, in some embodiments, a publisher cid takes as input ts, op, o, hr, p, and access control rules ac, and computes a threshold encryption 
submitting the ciphertext to a block (“The publisher sends (broadcasts) (L, c) as write transaction to be executed by servers.” Zhang § 116) … in a blockchain. (“attribute-based access control in a BFT system or a BFT-based permissioned blockchain.” Zhang ¶ 24)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Biemel with Zhang by utilizing a blockchain system (Zhang ¶ 24) and key servers (Zhang ¶ 85) to obtain keying material and store NIMPC data generated by Biemel.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Biemel with Zhang by using a blockchain infrastructure and storage to for storing the NIMPC generated data of Biemel in order to utilize a storage system with fault tolerance (Zhang ¶ 3 that provides confidentiality preserving messaging for the users (Zhang ¶¶ 18-19).

Biemel in view of Zhang does not disclose
a secret key specific to a party for use in posting to a blockchain;
… a given temporal segment;
… for the given temporal segment;
associated with the given temporal segment

Liu discloses:

 (“Intuitively, one may think of a statement x as a “public key”, such that any witness w with (x,w) ∈ R can be used as a corresponding “secret key”.” Liu § 1.1.1)
… a given temporal segment; (“The key idea behind our construction of time-lock encryption is to combine a computational reference clock with witness encryption.” Liu § 1.1.1.  Liu Abstract describes time-lock encryption as preventing decryption before a set time. )
… for the given temporal segment; (Liu § 1.1.1)
associated with the given temporal segment (Liu § 5.3 discussing deriving an appropriate “witness” from the Bitcoin “time”.)
	A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Biemel in view of Zhang with Liu by providing for the blockchain data of Biemel in view of Zhang to be time-locked, as described in Liu.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Biemel in view of Zhang to allow the data to be time-locked in order to allow senders to keep information secret until a set later date, thereby complying with contractual secrecy obligations, legal disclosure requirements, or desired marketing dates.

As to claims 2, 11, and 20, Biemel in view of Zhang and Liu discloses the method/CRM/machine of claims 1, 10, and 19, and further discloses:	associated with the given temporal segment (“The key idea behind our 

Biemel in view of Zhang and Liu does not disclose: further comprising decrypting an output from the block of the blockchain.

Zhang further discloses:
further comprising decrypting (“In hybrid encryption, clients use labeled threshold encryption to encrypt a random session key and put the ciphertext into the servers. According to subscriptions, access control rules, and server installed rules, the decryption shares of the ciphertext of the random session key will be sent to authorized subscribers. Later, the publications will be encrypted and decrypted using the session key.” Zhang ¶ 125. “one or more server 320 sends its decryption share to the client 310. Upon receiving a calculable number of matching transactions with valid decryption shares, the client 310 obtains the transaction in plaintext.” Zhang ¶ 94. “threshold encryption” Zhang ¶ 92. Decryption using a session key obtained via threshold cryptography of the decryption shares) an output from the block of the blockchain. 
 (“attribute-based access control in a BFT system or a BFT-based permissioned blockchain.” Zhang ¶ 24)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have further combined Biemel in view of Zhang and Liu with Zhang by utilizing a blockchain system (Zhang ¶ 24) and key servers (Zhang ¶ 85) to obtain 

As to claims 3 and 12, Biemel in view of Zhang and Liu discloses the method/CRM of claims 2 and 11, and further discloses:
wherein decrypting the output comprises: 
collecting a threshold number (“a threshold encryption ciphertext as follows….” Zhang § 116) of key shares submitted to the block associated with the given temporal segment; (“decryption shares,” Zhang ¶ 94)
deriving a blockchain decryption key based on the collected threshold number of key shares; (“In hybrid encryption, clients use labeled threshold encryption to encrypt a random session key and put the ciphertext into the servers. According to subscriptions, access control rules, and server installed rules, the decryption shares of the ciphertext of the random session key will be sent to authorized subscribers. Later, the publications will be encrypted and decrypted using the session key.” Zhang ¶ 125. “one or more server 320 sends its decryption share to the client 310. Upon receiving a calculable number of matching transactions with valid decryption shares, the client 310 obtains the transaction in plaintext.” Zhang ¶ 94. “threshold encryption” Zhang ¶ 92)

deriving a vector of output values masked by party-generated randomized masks, including the party-generated randomized mask specific to the party, using an NIMPC decryption process; and 

    PNG
    media_image1.png
    119
    1019
    media_image1.png
    Greyscale

	(Biemel § 4.2.2. where the vector of output values is H(x1, …. ,xn) and the party generated, or selected, random mask is Rx.  Biemel describing NIMPC and decryption using masks.)
unmasking an output value of the party from the vector of output values based on the party- generated randomized mask. (“Party P0, which knows rx1 and s +Pn i=2 xi, can, therefore, reconstruct h(x1; : : : ; xn).” Biemel § 4.2.2)


As to claims 4 and 13, Biemel in view of Zhang and Liu discloses the method/CRM of claims 3 and 12, and discloses a decryption key obtained from decryption shares as noted in Zhang ¶ 125, discussed above.
Biebel in view of Zhang and Liu does not disclose:


Zhang further discloses:
wherein deriving the blockchain decryption key is further based on a public key and a verification key associated with the blockchain.
 (A probabilistic encryption algorithm TEnc takes as inputs a public key pk, a message m, and a label L, and outputs a decryption share τ. A deterministic share verification algorithm Vrf takes as input the verification key vk, a ciphertext c, a label L, and a decryption share τ, and outputs b∈{0,1}. In some embodiments, a deterministic combining algorithm Comb takes as input the verification key vk, a ciphertext c, a label L, a set of t decryption shares” Zhang ¶ 52)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have further combined Biemel in view of Zhang and Liu with Zhang by utilizing a blockchain system (Zhang ¶ 24) and key servers (Zhang ¶ 85) to obtain keying material and store/retrieve the NIMPC data stored by Biemel in view of Zhang and Liu.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Biemel in view of Zhang and Liu with Zhang by decrypting the encrypted data in order to utilize a storage system with fault tolerance (Zhang ¶ 3 that provides confidentiality preserving messaging for the users (Zhang ¶¶ 18-19).


the threshold number of key shares (Zhang ¶¶ 92 and 125, see claim 3 discussion) based on the public key and the verification key associated with the blockchain (Zhang ¶ 52, see claim 4 discussion)

Biemel in view of Zhang and Liu does not further disclose:
further comprising verifying, prior to deriving the blockchain decryption key, integrity of the threshold number of key shares.

Zhang further discloses: further comprising verifying, prior to deriving the blockchain decryption key, integrity of the threshold number of key shares.
 (“Upon receiving f+1 matching transactions with valid decryption shares from the servers with the same sequence number sn, each client runs Comb to obtain the transaction in plaintext. A decryption share τ is valid if Vrf(vk, τ, c, L)=1.” Zhang ¶ 95.  The comb function is run “upon” receiving valid decryption shares. Hence the shares are validated prior to decryption using the comb function.)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have further combined Biemel in view of Zhang and Liu with Zhang by utilizing a blockchain system (Zhang ¶ 24) and key servers (Zhang ¶ 85) to obtain keying material and store/retrieve the NIMPC data stored by Biemel in view of Zhang and Liu.  It would have been obvious to a person of ordinary skill in the art before the 

As to claims 6 and 15, Biemel in view of Zhang and Liu discloses the method/CRM of claims 1 and 10, and further discloses:
wherein the first trusted authority and the second trusted authority are the same entity. (“a multitude of options for generating keys. One such option is to utilize a trusted dealer to set up the keys for these schemes.” Zhang ¶ 85. As cited in claim 1, the trusted authority is used to set up the cryptographic material of the system).

As to claims 7 and 16, Biemel in view of Zhang and Liu discloses the method/CRM of claims 1 and 10, and further discloses:
wherein the block of the given temporal segment is unavailable for decryption until a designated point in time selected when encrypting the NIMPC-encrypted input. (“The key idea behind our construction of time-lock encryption is to combine a computational reference clock with witness encryption.” Liu § 1.1.1.  Liu Abstract describes time-lock encryption as preventing decryption before a set time. )

As to claims 9 and 18, Biemel in view of Zhang and Liu discloses the method/CRM of claims 1 and 10, and further discloses:


Claims 8 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Beimel et al., “Non-Interactive Secure Multiparty Computation” (published 2014), in view of Zhang et al., US 2019/0394175 (priority date 2018-06), Liu et al., “How to build time-lock encryption” (published 2018-02), and Rentschler et al., US 2020/0134743 (filed 2017-07).
As to claims 8 and 17, Biemel in view of Zhang and Liu discloses the method/CRM of claims 1 and 10, and further discloses:
wherein the block of the given temporal segment (Liu § 1.1.1.)

Biemel in view of Zhang and Liu does not disclose:
is associated with energy trading for a specific segment of time.

Rentschler discloses:
is associated with energy trading for a specific segment of time.
(“The users linked by means of this invention are referred to as "prospects" in the remainder of this document. Said prospects can participate in the energy trade via a central platform ("server"), and via a decentralized network (for example by means of blockchain).” Rentschler ¶ 9).

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Beimel in view of Zhang and Liu with Rentschler by utilizing the blockchain to trade energy, as is done in Rentschler.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Beimel in view of Zhang and Liu with Rentschler in order to allow energy to be traded by small energy producers (solar panels) without involvement of the regional transmission system operator (Rengschler ¶ 7), thereby providing an unhindered market for efficient pricing.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Toth, US 10127378, discloses the use of a public key and verification key for decrypting data.
Linne, US 20180322587, discloses a public key that is termed a verification key.

Cella, US 20190340013, discloses a blockchain based trading system for "forward markets" including energy trading.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165.  The examiner can normally be reached on M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 






/MICHAEL W CHAO/           Examiner, Art Unit 2492