Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments and Amendments
	Applicants arguments and amendments have been fully considered and were persuasive of the standing rejections however after further search and consideration new grounds of rejection have been set forth in further view of Tree Signature Variations using Commutative Hash Trees (Stone).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-2, 4-7, 9-15, and 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over United States Patent Application Publication No.: US 2010/0185847 A1 (Shasha et al.) in view of Tree Signature Variations using Commutative Hash Trees (Stone).

As Per Claim 1: Shasha et al. teaches: A system, comprising:
- at least one processor; and
- a memory comprising instructions that, in response to execution by the at least one processor, cause the system to at least:


- store an entry in a journal, wherein the journal, upon storage of the entry, comprises a hierarchy of nodes, wherein a node of the hierarchy of nodes comprises a hash value computed by a symmetric hash operator applied to a first hash value of a first child node and a second hash value of a second child node; and
	(Shasha et al., Paragraph [0125], “A client-encrypted description of a transaction update Ci contains the following information, encrypted and signed with a symmetric key K shared by all clients 14: desc=a transaction description, e.g., a sequence of SQL statements. In addition, there is a hashchain not contained in the description of the transaction, where the hashchain consist of a number of entries HC1, . . . HCi-1 Element HCi-1 verifies the sequence of transactions C1 . . . Ci-1. Note that HCi is calculated as H(HCi-1||Ci), and HC0=H(initial). Here the value "initial" is some value known to all clients. H is a secure collision-free hash function. Also, the symbol || means concatenation (i.e. x||y means x followed by y). Also, the hash chain element for HCi may also include the transaction number i.”).
	(Shasha et al., Paragraph [0126], “A client c applies transaction Ci (using RunAndCommitLocalTransaction) to its database once all the following conditions hold: (i) the contents 

- provide a list of hash values of nodes of the hierarchy, wherein the list of hash values is sufficient for a cryptographic proof that the entry was stored in the journal. 
	(Shasha et al., Paragraph [0053], “Preferably, the timing mechanism 32 includes an encrypted transaction log of information about modifying transactions (i.e. transactions that change the database in any way). The clients 14 hold a copy of the database. They perform read-only transactions (transactions that do not modify the database) locally. The timing mechanism 32 preferably includes a serializability mechanism 34 which makes it appear as if each transaction occurs one at a time and in an order consistent with the encrypted transaction log. Preferably, the serializability mechanism 34 utilizes a hash chain. Thus, the desired copy is the copy that would result from a timing mechanism that includes a serializability mechanism. See FIGS. 1, 2 and 3 and the associated discussion below.”).

Shasha et al. does not explicitly teach the following limitation however Stone in analogous art does teach the following limitation:
- wherein output of the symmetric hash operator is the same irrespective of an order of the first and second hash values
	(Stone, Page 3, Section: Commutative Hash Trees, Paragraph 1, “But the order of the leaves in this merkle signature tree is not relevant information in this application. So instead of a merkle tree, let us use a new hash tree formulation that is permutable. We can accomplish this by changing how we combine the tree siblings prior to SHA256 — let’s add them rather than using concatenation because addition is a 
	It would have been an obvious interchangeable variation to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Stone in to the method of Shasha et al. as Stone present a variation that efficiently verifies continent ignoring the order of elements.

As Per Claim 2: The rejection of claim 1 is incorporated and further Shasha et al. teaches:
- the list of hash values is sufficient when a digest value can be computed by one more applications of the symmetric hash operator to hash values of the list. 
	(Shasha et al., Paragraph [0101], “Several cryptographic primitives are required with all the associated semantic security [37] properties: (i) a secure, collision-free hash function which builds a distribution from its input that is indistinguishable from a uniform random distribution (the notation H(x)) is used as described for example in Bakhtiari, S.; Safavi-Naini, R.; and Pieprzyk, J. Cryptographic Hash Functions: A Survey. Technical Report 95-09, Department of Computer Science, University of Wollongong, July 1995, (ii) an encryption function that generates unique ciphertexts over multiple encryptions of the same item, such that a computationally bounded adversary has no non-negligible advantage at determining whether a pair of encrypted items of the same length represent the same or unique items (one way to construct such a function is by using a standard private key encryption function E, but then on each application of E to some message m, append to m a large randomly chosen number used only once (sometimes called a nonce)), (iii) a pseudo random number generator whose output is indistinguishable from a uniform random distribution over the output space, and (iv) a recursive hash chain construction used to incrementally build a secure hash value over a sequence of items, illustrated in FIG. 5.”).

As Per Claim 4: The rejection of claim 3 is incorporated and further Shasha et al. teaches:
- output of the symmetric hash operator is based at least in part on a sorting and concatenation of the first and second operands. 
	(Shasha et al., Paragraph [0106], “In regard to FIG. 5, 501 . . . 503 are entries in the hash chain. Entry hk corresponds to the application of the hash function H on the result of the previous hash as well as information about transaction k.”).
	(Shasha et al., Paragraph [0125], “A client-encrypted description of a transaction update Ci contains the following information, encrypted and signed with a symmetric key K shared by all clients 14: desc=a transaction description, e.g., a sequence of SQL statements. In addition, there is a hashchain not contained in the description of the transaction, where the hashchain consist of a number of entries HC1, . . . HCi-1 Element HCi-1 verifies the sequence of transactions C1 . . . Ci-1. Note that HCi is calculated as H(HCi-1||Ci), and HC0=H(initial). Here the value "initial" is some value known to all clients. H is a secure collision-free hash function. Also, the symbol || means concatenation (i.e. x||y means x followed by y). Also, the hash chain element for HCi may also include the transaction number i.”).
	(Shasha et al., Paragraph [0126], “A client c applies transaction Ci (using RunAndCommitLocalTransaction) to its database once all the following conditions hold: (i) the contents of Ci have a valid signature from a valid client 14 (using client-shared symmetric key K), (ii) the client has applied transactions C1 . . . Ci-1, and (iii) the hash chain link corresponding to Ci-1.hashchain matches the client's own computation of link HCi-1.”).
	Also taught by the Swap operations in Stone.

As Per Claim 5: The rejection of claim 3 is incorporated and further Shasha et al. does not explicitly teach the following limitation however Stone in analogous art does teach the following limitation:
- the output of the symmetric hash operator is equivalent to when the first operand is mot null and the second operand is null. 
	(Stone, Page 3, Section: Commutative Hash Trees, Paragraph 1, “But the order of the leaves in this merkle signature tree is not relevant information in this application. So instead of a merkle tree, let us use a new hash tree formulation that is permutable. We can accomplish this by changing how we combine the tree siblings prior to SHA256 — let’s add them rather than using concatenation because addition is a commutative operation. So now Y1 = SHA256(X1 + X2). A quick google search turns up nothing, so let’s tentatively call this a “commutative hash tree”.”).
	Aside from the tendency to ignore null operands in verification the method presented by stone will inherently result in this as x + 0(null value) = X.
	It would have been an obvious interchangeable variation to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Stone in to the method of Shasha et al. as Stone present a variation that efficiently verifies continent ignoring the order of elements.

As Per Claim 6: Claim 6 is substantially a restatement of the system of claim 1 as a method and is rejected under substantially the same reasoning.

As Per Claim 7: The rejection of claim 6 is incorporated and further claim 7 is substantially a restatement of the system of claim 2 as a method and is rejected under substantially the same reasoning.

As Per Claim 9: The rejection of claim 8 is incorporated and further claim 9 is substantially a restatement of the system of claim 4 as a method and is rejected under substantially the same reasoning.

As Per Claim 10: The rejection of claim 9 is incorporated and further Shasha et al. teaches:
- a hash is computed from the concatenation of the first and second operands. 
	(Shasha et al., Paragraph [0125], “A client-encrypted description of a transaction update Ci contains the following information, encrypted and signed with a symmetric key K shared by all clients 14: desc=a transaction description, e.g., a sequence of SQL statements. In addition, there is a hashchain not contained in the description of the transaction, where the hashchain consist of a number of entries HC1, . . . HCi-1 Element HCi-1 verifies the sequence of transactions C1 . . . Ci-1. Note that HCi is calculated as H(HCi-1||Ci), and HC0=H(initial). Here the value "initial" is some value known to all clients. H is a secure collision-free hash function. Also, the symbol || means concatenation (i.e. x||y means x followed by y). Also, the hash chain element for HCi may also include the transaction number i.”).

As Per Claim 11: The rejection of claim 8 is incorporated and further claim 11 is substantially a restatement of the system of claim 5 as a method and is rejected under substantially the same reasoning.

As Per Claim 12: The rejection of claim 6 is incorporated and further Shasha et al. teaches:
- the hierarchy of nodes comprises a leaf node, wherein the leaf node comprises a reference to the entry and a hash value based at least in part on application of the symmetric hash operator to an entry hash and a hash value of a second leaf node. 
	(Shasha et al., Paragraph [0019], “In [45] Merkle tree and cryptographic hashing constructs are deployed to authenticate the result of simple range queries in a publishing scenario in which data owners delegate the role of satisfying user queries to a third-party un-trusted publisher (a very special form of a database). Additionally, in [55] virtually identical mechanisms are deployed in database outsourcing scenarios.”).
	Merkle tree.

As Per Claim 13: The rejection of claim 6 is incorporated and further Shasha et al. teaches:
- the cryptographic proof is based at least in part on application of the symmetric hash operator to one or more hash values of the list of hash values. 
	(Shasha et al., Paragraph [0053], “Preferably, the timing mechanism 32 includes an encrypted transaction log of information about modifying transactions (i.e. transactions that change the database in any way). The clients 14 hold a copy of the database. They perform read-only transactions (transactions that do not modify the database) locally. The timing mechanism 32 preferably includes a serializability mechanism 34 which makes it appear as if each transaction occurs one at a time and in an order consistent with the encrypted transaction log. Preferably, the serializability mechanism 34 utilizes a hash chain. Thus, the desired copy is the copy that would result from a timing mechanism that includes a serializability mechanism. See FIGS. 1, 2 and 3 and the associated discussion below.”).
	(Shasha et al., Paragraph [0126], “A client c applies transaction Ci (using RunAndCommitLocalTransaction) to its database once all the following conditions hold: (i) the contents of Ci have a valid signature from a valid client 14 (using client-shared symmetric key K), (ii) the client has applied transactions C1 . . . Ci-1, and (iii) the hash chain link corresponding to Ci-1.hashchain matches the client's own computation of link HCi-1.”).

As Per Claim 14: Claim 14 is substantially a restatement of the system of claim 1 as a non-transitory computer-readable storage medium and is rejected under substantially the same reasoning.

As Per Claim 15: The rejection of claim 14 is incorporated and further claim 15 is substantially a restatement of the system of claim 2 as a non-transitory computer-readable storage medium and is rejected under substantially the same reasoning.

As Per Claim 17: The rejection of claim 16 is incorporated and further claim 17 is substantially a restatement of the system of claim 4 as a non-transitory computer-readable storage medium and is rejected under substantially the same reasoning.

As Per Claim 18: The rejection of claim 17 is incorporated and further Shasha et al. teaches:
- a hash is computed from the concatenation of the first and second operands. 
	(Shasha et al., Paragraph [0125], “A client-encrypted description of a transaction update Ci contains the following information, encrypted and signed with a symmetric key K shared by all clients 14: desc=a transaction description, e.g., a sequence of SQL statements. In addition, there is a hashchain not contained in the description of the transaction, where the hashchain consist of a number of entries HC1, . . . HCi-1 Element HCi-1 verifies the sequence of transactions C1 . . . Ci-1. Note that HCi is calculated as H(HCi-1||Ci), and HC0=H(initial). Here the value "initial" is some value known to all clients. H is a secure collision-free hash function. Also, the symbol || means concatenation (i.e. x||y means x followed by y). Also, the hash chain element for HCi may also include the transaction number i.”).

As Per Claim 19: The rejection of claim 16 is incorporated and further claim 19 is substantially a restatement of the system of claim 5 as a non-transitory computer-readable storage medium and is rejected under substantially the same reasoning.

As Per Claim 20: The rejection of claim 14 is incorporated and further Shasha et al. teaches:
- the hierarchy of nodes comprises a leaf node, wherein the leaf node comprises a reference to the entry and a hash value.


As Per Claim 21: The rejection of claim 14 is incorporated and further Shasha et al. does not explicitly teach the following limitation however Stone in analogous art does teach the following limitation:
- the hierarchy of nodes comprises a leaf node, wherein the leaf node comprises a reference to the entry and a hash value, the hash value based at least in part on application of the symmetric hash operator.
	(Stone, Page 1 – Page 2 line 2, “To create more efficient multisig and increase privacy, a technology called MAST and a scriptable version of it called “tree signatures” was invented. However, tree signatures has a relatively confusing redeem script, and requires OP_CAT which was removed from the bitcoin scripting language. The problem is best illustrated by an example which I will borrow from here. Given the following tree:

    PNG
    media_image1.png
    209
    381
    media_image1.png
    Greyscale

OP_6 OP_PICK OP_SHA256 OP_SWAP
OP_IF OP_SWAP OP_ENDIF OP_CAT OP_SHA256 OP_SWAP
OP_IF OP_SWAP OP_ENDIF OP_CAT OP_SHA256 OP_SWAP

<R> OP_EQUALVERIFY OP_CHECKSIG”).
	(Stone, Page 3, Section: Commutative Hash Trees, Paragraph 1, “But the order of the leaves in this merkle signature tree is not relevant information in this application. So instead of a merkle tree, let us use a new hash tree formulation that is permutable. We can accomplish this by changing how we combine the tree siblings prior to SHA256 — let’s add them rather than using concatenation because addition is a commutative operation. So now Y1 = SHA256(X1 + X2). A quick google search turns up nothing, so let’s tentatively call this a “commutative hash tree”.”).
	It would have been an obvious interchangeable variation to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Stone in to the method of Shasha et al. as Stone present a variation that efficiently verifies continent ignoring the order of elements.

As Per Claim 22: The rejection of claim 6 is incorporated and further Shasha et al. does not explicitly teach the following limitation however Stone in analogous art does teach the following limitation:
- a leaf node of the journal is usable to provide a proof that validates a set of entries represented in the journal.
	(Stone, Page 1 – Page 2 line 2, “To create more efficient multisig and increase privacy, a technology called MAST and a scriptable version of it called “tree signatures” was invented. However, tree signatures has a relatively confusing redeem script, and requires OP_CAT which was removed from the bitcoin scripting language. The problem is best illustrated by an example which I will borrow from here. Given the following tree:

    PNG
    media_image1.png
    209
    381
    media_image1.png
    Greyscale

OP_6 OP_PICK OP_SHA256 OP_SWAP
OP_IF OP_SWAP OP_ENDIF OP_CAT OP_SHA256 OP_SWAP
OP_IF OP_SWAP OP_ENDIF OP_CAT OP_SHA256 OP_SWAP
OP_IF OP_SWAP OP_ENDIF OP_CAT OP_SHA256
<R> OP_EQUALVERIFY OP_CHECKSIG”).
	(Stone, Page 3, Section: Commutative Hash Trees, Paragraph 1, “But the order of the leaves in this merkle signature tree is not relevant information in this application. So instead of a merkle tree, let us use a new hash tree formulation that is permutable. We can accomplish this by changing how we combine the tree siblings prior to SHA256 — let’s add them rather than using concatenation because addition is a commutative operation. So now Y1 = SHA256(X1 + X2). A quick google search turns up nothing, so let’s tentatively call this a “commutative hash tree”.”).
	The limitation of this claim is sub stanchly a long way of saying “a hash tree”.
	It would have been an obvious interchangeable variation to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Stone in to the method of Shasha et al. as Stone present a variation that efficiently verifies continent ignoring the order of elements.

As Per Claim 23: The rejection of claim 6 is incorporated and further Shasha et al. and Stone do not explicitly teach the following limitation:
- an entry associated with a leaf node of the journal comprises a nested journal, and a hash of the entry corresponds to a digest node of the nested journal.
	However the examiner is giving official notice that the limitation is practically inherent to the point of being obvious common sense before the effective filing date of the claimed invention. This limitation is just how the hash tree functions as you go up the levels of the tree.

Additional Cited Prior Art
	United States Patent 4,309,569 (Merkle) is a teaching of the fundamental Merkle tree relevant to how both the present application and prior art function.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BENJAMIN A KAPLAN/Examiner, Art Unit 2434