DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on June 15, 2021
Status of claims in the instant application:
Claims 1 – 18 are pending.
Claims 1, 3, 5 – 7, 9, 11 – 13, 15, and 17 – 18 are amended.
No claims have been canceled.
No new claims have been added.

Response to Amendment
Applicant’s argument, see page [7] of Applicant’s remarks on June 15, 2021, with respect claims 5, 6, 11, 12, and 17 – 18 that were reject under 35 U.S.C. 112 (b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a join inventor, have been fully considered in view of the filed claim amendments. Therefore, the claims rejections are withdrawn.
Applicant’s argument, see page [8 – 12] of Applicant’s remarks on June 15, 2021, with respect claims 1 – 2, 7 – 8, and 13 – 14 that were rejected under 35 U.S.C. 103 as being unpatentable over US 20180183587 A1 to Won et al., (hereafter, "Won") in view of WO 2018100578 A1 to Mishli et al., (hereafter, "Mishli"), have been fully considered in view of the filed claim amendments, but there are not persuasive. Therefore, the application is directed to the response below:
In response, examiner notes that the applicant’s argues that Won in view of Mishli does not teach “one or more multi-party computation (MPC) nodes in communication with both the one or more blockchain nodes and the IoT device”. Examiner notes that Won does disclose communication between an IoT device and a public blockchain wallet [para. 17 discloses the IoT device and installation device are further in communication over a wide area network (WAN), such as the Internet, with a public blockchain wallet, a data analytics server, and another IoT device], but Won does not use an MPC in communication with both the one or more blockchain nodes and the IoT device. For that reason, the combination of Won and Mishli is used to teach the usage of the MPC being in communication with a credential database and an IoT device [Page 5 lines 6 - 11 discloses the security server runs an MPC process using MPC module. The MPC module of the physical device cooperates with the MPC module of the security server to output two shares of the credential. The two shares are never stored in a single device during or after the credential creation process. At the end of the MPC process, one share is stored at the memory module of the physical device and the other share is stored in the credential database of the security server]. This explains how Mishli is using MPC module in communication with the memory module of the physical device and with the credential database which Mishli also discloses that the credential database could be stored in the cloud or in a physical server [Col. 3 lines 39 - 40]. Therefore the combination of Won and Mishli discloses “one or more multi-party computation (MPC) nodes in communication with both the one or more blockchain nodes and the IoT device”.  Applicant argues that there is no motivation for Won within the combination of Mishli and Won. Since Won is the primary reference, the motivation is only needed for the secondary reference and there is a motivation to 
	Applicant also argues that Won does not generate a symmetric key. Examiner notes that paragraph 71 and 78 of Won both discloses generating a symmetric key. The challenge-response protocol is run by the server to generate the symmetric key to pass onto the IoT device. Won also discloses “assuming the public blockchain wallet returns the hash of the value, the state, and the expiration time (otherwise, IoT device 150 may abort the authentication process), and that the state is not “revoked” and the expiration time has not passed, then, at step 612, IoT device 150 checks whether the hash of the public key received from the public blockchain wallet is the same as the hash of the public key computed by IoT device 150 at step 608, i.e., whether h=h′.”[Para. 77]. This teaches that the blockchain wallet generates the symmetric key being used by the IoT device. Therefore, the amendment to claims 1 – 2, 7 – 8, and 13 – 14 did not overcome the 35 U.S.C. 103 as being unpatentable over US 20180183587 A1 to Won et al., (hereafter, "Won") in view of WO 2018100578 A1 to Mishli et al., (hereafter, "Mishli").

Applicant’s argument, see page [12 – 13] of Applicant’s remarks on June 15, 2021, with respect claims 3 – 6, 9 – 12, and 15 – 18 that were rejected under 35 U.S.C. 103 as being unpatentable over US 20180183587 A1 to Won et al., (hereafter, "Won") in view of WO 2018100578 A1 to Mishli et al., (hereafter, "Mishli") in further view of US 20200005296 A1 to Green, have been fully considered in view of the filed claim amendments, but there are not persuasive. Therefore, the application is directed to the response below:
In response, examiner notes that since applicant’s argument did not provide specific reasoning for claims 3 – 6, 9 – 12, and 15 – 18, the responses of the independent claims applies. 

Drawings
The drawings filed on June 18, 2019 are accepted.

Specification
The specification filed on June 18, 2019 is accepted.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 - 2, 7 - 8, and 13 - 14 are rejected under 35 U.S.C. 103 as being unpatentable over US 20180183587 A1 to Won et al., (hereafter, "Won") in view of WO 2018100578 A1 to Mishli et al., (hereafter, "Mishli").
[Won, para. 18 discloses IoT device 100 may be any type of electronic device or object with processing capability and network connectivity, such as a sensor, a camera, an actuator, a battery, a smart meter, a smart lock, a light, a parking sensor, a light, and the like. Often, IoT devices are embedded devices with limited CPU power, memory, storage and network bandwidth]; one or more blockchain nodes in communication with the IoT device [Won, para. 17 discloses  the IoT device and installation device are further in communication over a wide area network (WAN), such as the Internet, with a public blockchain wallet, a data analytics server, and another IoT device], wherein the data is encrypted based on symmetric-key encryption using the one or more blockchain nodes [Won, para. 71 discloses IoT device 100 would only be able to decrypt the encrypted symmetric key if it has the necessary private key, in which case IoT device 100 may decrypt the encrypted symmetric key using the private key and send a “success” message encrypted using the symmetric key, i.e., ENC.sub.k(“success”)] but Won does not teach one or more multi-party computation (MPC) nodes in communication with the one or more blockchain nodes and the IoT device, and wherein a symmetric key for the encrypted data is securely distributed via a MPC process to a data recipient.
However, Won in view of Mishli does teach one or more multi-party computation (MPC) nodes in communication with both the one or more blockchain nodes and the IoT device, [Mishli, page 4 lines 7 – 12 discloses a secret associated with a physical device, for example an encryption key or a password, can be generated, used etc. without ever being unified, even during the provisioning process. Specifically, as part of the provisioning process, the key is generated in a distributed manner using Multi-Party Computation (MPC), in which one share is stored on the security server and another share is stored on the physical device. Page 5 lines 6 - 11 discloses the security server runs an MPC process using MPC module. The MPC module of the physical device cooperates with the MPC module of the security server to output two shares of the credential. The two shares are never stored in a single device during or after the credential creation process. At the end of the MPC process, one share is stored at the memory module of the physical device and the other share is stored in the credential database of the security server] and wherein a symmetric key for the encrypted data is securely distributed via a MPC process to a data recipient. [Mishli, page 2 lines 12 – 17 discloses the system also comprises a multi-party computation (MPC) module configured to compute two or more shares of the credential, send one share to the physical device and store another share associated with the device identifier in a credential database. This way, the physical device receives only a portion of the credential and the manufacturer or personnel associated with manufacturing the physical device cannot compromise the credential. Such credential may be an encryption key.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Mishli’s system with Won’s system, with a motivation to divide a credential into shares that are stored in different entities, for example one share is stored in the physical device and the other share is stored in a security server, while no entity has access to a share not stored therein. [Mishli, page 4 lines 4 - 7]

Regarding claim 2, modified Won teaches the system as set forth in Claim 1, wherein the one or more blockchain nodes generates the symmetric key for a data type i for a time t, [Won, para. 77 discloses the public blockchain wallet returns the hash of the value, the state, and the expiration time, and that the state is not “revoked” and the expiration time has not passed, then IoT device 150 checks whether the hash of the public key received from the public blockchain wallet is the same as the hash of the public key computed by IoT device. Para. 78 discloses if the hash of the public key received from the public blockchain wallet equals the hash of the public key computed by IoT device 150, then IoT device 150 runs a challenge-response protocol to verify that IoT device 100 has a valid private key. The challenge-response protocol may include, e.g., generating a symmetric key (k), encrypting the symmetric key using the public key, and sending the encrypted key to IoT device. If IoT device 100 has the necessary private key, then IoT device 100 decrypts the encrypted symmetric key using the private key and sends a “success” message encrypted using the symmetric key, i.e., ENC.sub.k(“success”)] but Won does not teach shares the symmetric key with the one or more MPC nodes and the IoT device. 
	However, Won in view of Mishli does teach shares the symmetric key with the one or more MPC nodes and the IoT device. [Mishli, page 4 lines 2 – 7 discloses securely distributing credentials and encryption keys for physical devices, for example IoT devices. The credentials may be distributed during the manufacture process of the physical device or after, for example by a person using the device or a person who purchased the device. The credential is divided into shares that are stored in different entities, for example one share is stored in the physical device and the other share is stored in a security server, while no entity has access to a share not stored therein.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Mishli’s system with Won’s system, with a motivation to [Mishli, page 4 lines 7 - 12]

Regarding claims 7 - 8, they recite features similar to features in claims 1 – 2, respectively, and therefore are rejected in a similar manner. 

Regarding claim 13. A computer program product for improved data privacy in Internet of Things (IoT) devices, the computer program product comprising: computer-readable instructions stored on a non-transitory computer-readable medium that are executable by a computer having one or more processors for causing the processor to perform operations of [Won, para. 7 discloses a non-transitory computer-readable medium that includes instructions that, when executed, enable a computer to implement one or more aspects of the above methods, and a computer system programmed to implement one or more aspects of the above methods. Para. 91 discloses the term computer readable medium refers to any data storage device that can store data which can thereafter be input to a computer system computer readable media may be based on any existing or subsequently developed technology for embodying computer programs in a manner that enables them to be read by a computer] claim 13 recites features similar to features in claims 1 and therefore are rejected in a similar manner.

Regarding claim 14, they recite features similar to features in claim 2, respectively, and therefore are rejected in a similar manner.

Claims 3 - 6, 9 - 12, and 15 - 18 are rejected under 35 U.S.C. 103 as being unpatentable over US 20180183587 A1 to Won et al., (hereafter, "Won") in view of WO 2018100578 A1 to Mishli et al., (hereafter, "Mishli") in further view of US 20200005296 A1 to Green.
Regarding claim 3, modified Won teaches the system as set forth in Claim 2, but modified Won does not teach wherein the IoT device generates a data block of data type i at time t and encrypts the data block along with a message authentication code using the symmetric key, and wherein the IoT forwards encrypted data blocks of various data types to the one or more blockchain nodes. 
However, Green does teach wherein the IoT device generates a data block of data type i at time t and encrypts the data block along with a message authentication code using the symmetric key, and wherein the IoT forwards encrypted data blocks of various data types to the one or more blockchain nodes. [Green, para. 32 discloses in order to create a blockchain transaction based on the communication between the user device and the IoT device, the IoT device may create a virtual shopping cart of all the groceries to order via an online merchant site, such as ABC store, and request a verifiable hash ID to confirm the order information. A verifiable hash ID could be created by hashing the time, the IDs associated with the parties, and the contents of the purchase order. The details of the order and the various contents may be included in the transaction details. For example, the user's refrigerator may add items to the list of order details and to the transaction details. The proposal for the purchase order may then be sent to the user device for confirmation of the order and confirmation of the purchase. To confirm the order, the user device may transfer an OTP to the refrigerator by proximity communication via a NFC and/or RFID enabled OTP hardware token that is sent from the user device and received by the IoT device. The OTP is wirelessly transferred from a smartphone or other communication device, such as a wearable device. Another option would be to identify the OTP, such as a time changing microcontroller display device and reading the OTP details aloud via voice and having the IoT device identify the words and enter the data for authorization. A user may also enter the OTP on a screen via a touchpad interface. The IoT device may submit the blockchain transaction and sign the transaction with a private key before distributing the transaction to the blockchain. When the transaction is added to the blockchain, the retail site can confirm the transaction is valid and process the order accordingly.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Green’s system with Won’s system, with a motivation to have an approach of the IoT device receive OTP confirmation and conduct transactions reduces the overall risk when private keys are lost. [Green, para. 32]

Regarding claim 4, modified Won teaches the system as set forth in Claim 3, but Won does not teach wherein the one or more blockchain nodes ensures that all received encrypted data blocks are generated by the IoT device by verifying the message authentication code.
 However, Green does teach wherein the one or more blockchain nodes ensures that all received encrypted data blocks are generated by the IoT device by verifying the message authentication code. [Green, para. 51 discloses the transaction is immutable the asynchronous OTP cannot be modified and permits parties to verify the transaction has a valid OTP. The use of public key cryptography permits signatures to be shared without exposing sensitive information and private keys, this also permits asynchronous OTPs to be shared. By using asynchronous OTPs with the blockchain, users may authorize transactions in a distributed decentralized manner. A traditional database cannot support this type of configuration since the requirements to verify that an asynchronous OTP is valid requires that the transaction be immutable, and that the OTP is not reused.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Green’s system with Won’s system, with a motivation to ensure, by the blockchain, that all transactions are immutable and cryptographically secure, which insures the transactions are not susceptible to a replay attack or a double play attack, where a malicious 3.sup.rd party attempts to reuses the OTP to authorize a malicious transaction. [Green, para. 51]

Regarding claim 5, modified Won teaches the system as set forth in Claim 4, but Won does not teach wherein upon verifying that the data recipient is allowed to access the encrypted data block of data type i from the IoT from time t, the one or more MPC nodes distributes the symmetric key to the data recipient. 
However, Green does teach wherein upon verifying that the data recipient is allowed to access the encrypted data block of data type i from the IoT from time t, the one or more MPC nodes distributes the symmetric key to the data recipient. [Green, para. 28 discloses The device may transmit inquiries to a user device and/or user via a voice recognition interface that inquires to the user/user device if he or she would like to order some groceries via online grocery services. The refrigerator device is authorized to place orders from the online grocery store but may not have authorization to make a purchase or confirm an order without additional permissions. The authorization for the order is received from the user device by one of many different approaches. In one example, the user may wave a one-time password (OTP) token device against the refrigerator device, and via near-field communication (NFC), Bluetooth, radio frequency identification (RFID), etc., the authentication may be authorized. The refrigerator device receives the OTP and is now able to place the order on the blockchain network as a blockchain transaction by listing the user's OTP in the transaction as data that will be encrypted but is otherwise susceptible to audits. The one-time password (OTP) data is written to the transaction and maintained in the immutable ledger. The OTP may be a symmetric OTP which requires users of the blockchain to have the shared private key to verity the OTP when used. However, asymmetric OTPs may also be used since the peers may use a public key to verity the asymmetric OTP. Para. 29 discloses a multiparty blockchain transaction may use a one-time password for secondary parties as well. An example of multiparty transactions is an IoT refrigerator that attempts to order groceries via an online service market. The refrigerator is authorized to create a shopping cart for a specific grocery store, but authorization of the notification requires the purchaser to provide their OTP.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Green’s system with Won’s system, with a motivation to ensure, by the blockchain, that all transactions are immutable and cryptographically secure, which insures the transactions are not susceptible to a replay attack or a double play attack, where a malicious 3.sup.rd party attempts to reuses the OTP to authorize a malicious transaction. [Green, para. 51]

Regarding claim 6, modified Won teaches the system as set forth in Claim 5, but modified Won does not teach wherein the data recipient accesses encrypted data block of data type i generated by the IoT device from the blockchain and decrypts the encrypted data block of data type i. 
However, Green does teach wherein the data recipient accesses encrypted data block of data type i generated by the IoT device from the blockchain and decrypts the encrypted data block of data type i. [Green, para. 22 discloses to ensure security, IoT transactions should not require a user device to forgo private keys simply just to conduct a transaction. A one-time password may be used to authorize transactions on a blockchain. For example, considering IoT devices are communicating via wireless communication protocols, a one-time password that uses RFID/NFC communication protocol technology may be a secure way to securely access resources outside the network. Para. 36 discloses the blockchain base or platform may include various layers of blockchain data, services (e.g., cryptographic trust services, virtual execution environment, etc.), and underpinning physical computer infrastructure that may be used to receive and store new transactions and provide access to auditors which are seeking to access data entries. The blockchain layer may expose an interface that provides access to the virtual execution environment necessary to process the program code and engage the physical infrastructure. Cryptographic trust services may be used to verify transactions such as asset exchange transactions and keep information private.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Green’s system with Won’s system, with a motivation to [Green, para. 51]

	Regarding claims 9 - 12, they recite features similar to features in claims 3 – 6, respectively, and therefore are rejected in a similar manner. 

Regarding claims 15 - 18, they recite features similar to features in claims 3 – 6, respectively, and therefore are rejected in a similar manner.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893.  The 
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/P.P./Patent Examiner, Art Unit 2434     

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434