Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Respond to Amendment
Applicant amended claims 1-2, 4-8, 10-16 & 18 and has cancelled claims 3, 9, 17 & 19, The armament has been found to have overcome claim objections issued for claims 6-8 & 10-12. Claim objection for these claims has been withdrawn.
Response to Arguments
	The Applicant has argued in the remarks (dated 10/20/2021) in page 07 that in mapping of claim 13 Canard does not teach using private key to sign data (it is obvious to skilled person that this data could be concatenated data). Examiner reviewed this argument but this argument has been found to be moot as Examiner has introduced new reference for mapping.
The Applicant further argues in the same remark in page 08 that Hansen does not teach in the mapping of claim 13 decryption of encrypted signature nonce (it is  obvious to skilled person that it could be any encrypted data used in signature) . Examiner has reviewed this argument but found it to also be moot due to change of ground ( use of new reference)
The Applicant has provided no other additional arguments against issuance of 103 rejections for claims 1 & 15 and other dependent claims..
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1-2, 4-8, 13-16 & 18, are rejected under 35 USC 103 as being unpatentable over Canard (US 20080046310) in view of Hansen (US20030074562) and Abt (US20170301052)
Regarding claim 1, Canard teaches a method for signing data so that a signature can be verified by a verifier while preserving the privacy of a signer, the method comprising: generating a signature nonce by processing the data with a secret function; [0052] The list signature procedure executed by the chip card then comprises the execution of a group signature algorithm. This algorithm for example consists of concatenating the message M to be signed with the obtained (generated) pseudo-random number R.sub.i (a signature nonce) and of applying by the signature function Sign:]
calculating a signature of the data of the signer by signing the data concatenated with the signature nonce using a  key of the signer.  [0052] The list signature procedure executed by the chip card then comprises the execution of a group signature algorithm. This algorithm for example consists of concatenating the message M to be signed with the obtained pseudo-random number R.sub.i and of applying a conventional signature function Sign to the obtained value by using the secret key (private key) of list signature SK.sub.L stored by the chip card. The signature S which is delivered at the output by the chip card comprises the pseudo-random number R.sub.i concatenated with the signature value S.sub.i provided by the signature function Sign:] 
distributing the data and the signature of the data of the signer. [0083] During a first step 41 of the procedure 40, the chip card 7 receives the message M (data) to be signed and a REPSEQ sequence number, and verifies the validity of the latter, for example by means of a signature generated by the certifying authority which is transmitted (distributed) with the sequence number. This verification is carried out with a public key PK.sub.A of the certifying authority, stored by the chip card. If the signature associated with the sequence number is not valid, the chip card emits an error message (step 49) and the procedure terminates 40 without any signature being generated by the card] 
Although, Canard teaches signature nonce, he does not explicitly teach, however, Hansen teaches:
 encrypting the nonce with a public key of the verifier to produce an encrypted nonce; [0047] FIG. 4 shows how the pen provides authentication, integrity, non-repudiation and confidentiality of the pen information data M.sub.DP when transferring data to the paper look-up service. A random number (nonce) R.sub.DP is generated and encrypted with the public key KU.sub.PLS of the paper look-up service, which encryption provides the confidentiality of the random number.]
encrypted signature nonce, [0047] FIG. 4 shows how the pen provides authentication, integrity, non-repudiation and confidentiality of the pen information data M.sub.DP when transferring data to the paper look-up service. A random number R.sub.DP is generated and encrypted with the public key KU.sub.PLS of the paper look-up service, which encryption provides the confidentiality of the random number.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Canard with the disclosure of Hansen. The motivation or suggestion would have been to implement systems that provide efficient techniques to use random numbers for provision of confidentiality, authentication, non-repudiation and integrity of sensitive data that exchanged between parties.(para 0002-0011, Hansen )  
	Although, Canard and Hansen teach signing using symmetric key they do not teach expclitly, however, Abt teaches using a private key of the signer, [0003] A second type of cryptographic function is an asymmetric-key algorithm. Asymmetric key algorithms can be used in a variety of manners. In one instance, a first party can encrypt data using a first (private) key. A second party can then decrypt the data using a second (public) key. This can be useful for verifying the source of the data as only the owner of the private key can encrypt data that will be decrypted using the associated public key. Alternately, the second party could encrypt data using the public key and the first party can then decrypt the data using its private key. This can be helpful to ensure that only the owner of the private key can decrypt the data. The use of two different keys can be useful for a variety of different applications. In some instances, the first party can use the private key to create a digital signature (of the first party – the signer). The second party can then use the public key and digital signature to verify that the contents of the data were sent by the first party and have not been modified]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Canard and Hansen with the disclosure of Abt. The motivation or suggestion would have been to implement systems that provide efficient techniques for provision of confidentiality, authentication, non-repudiation and integrity of sensitive data that exchanged between parties.(abstract, para 0001-0003, Abt)  
[Examiner’s note: Examiner has omitted the limitation within bracket “[..]”.
Regarding claim 2, Canard teaches wherein generating the signature nonce comprises generating a random number for the signature nonce.  [0052] The list signature procedure executed by the chip card then comprises the execution of a group signature algorithm. This algorithm for example consists of concatenating the message M to be signed with the obtained (generated) pseudo-random number R.sub.i (a signature nonce) and of applying by the signature function Sign:]
Regarding claim 4, Canard teaches obtaining the public key of the verifier.  [0060] As compared with the procedure described hereinbefore with reference to FIG. 3, .. actual identity of the member. This encryption uses a public encryption key PK.sub.MO which is related to a private decryption key SK.sub.MO belonging to the authority (universal /group verifier) qualified to lift the anonymity of a signature emitted by a member of the list. The result of this encryption C.sub.i is concatenated with the pseudo -random number R.sub.i obtained in the same way as in the non-openable list signature procedure; with this concatenation a value R.sub.i.parallel.C.sub.i may be obtained, which is concatenated with the message M before its signature, and possibly with the obtained signature S.sub.i.] 
Regarding claim 5, Canard teaches wherein the verifier is a universal verifier who can verify signatures from all signers. [0004] The concept of group signature has also been proposed, which allows each member of a group to produce a signature such that a verifier having an adequate public key may verify that the signature was emitted by a member of the group without being able to determine the identity of the signatory.]
Regarding claim 6, Canard teaches wherein once the encrypted signature nonce is received by the universal verifier as illustrated above but Canard and Abt not teach explicitly, however, Hansen teaches encrypted nonce is decrypted with a private key of the verifier.  [0048] The paper look-up service …. The paper look-up service decrypts the encrypted pen information data with the symmetric key K.sub.S, recreating the pen information data M.sub.DP. The paper look-up service uses the public key of the pen KU.sub.DP and the private key KR.sub.PLS of the paper look-up service to decrypt the random number R.sub.DP.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Canard and Abt with the disclosure of Hansen. The motivation or suggestion would have been to implement systems that provide efficient techniques to use random numbers for provision of confidentiality, authentication, non-repudiation and integrity of sensitive data that exchanged between parties.(para 0002-0011, Hansen )  
Regarding claim 7, Canard teaches wherein once the encrypted signature nonce is received by the universal verifier the data concatenated with the decrypted signature nonce is verified using a public key of the signer.  [0066] In order to verify that the signature was emitted by a member of the list, it is sufficient to know the signature function (number n in the example above) and the public key PK.sub.L of the list. In the example, it is sufficient to compute the following value: M''=S.sub.i.sup.PK.sub.L(mod n) (9) to convert the value M'' by means of the inverse conversion function I2OSP of the PKS#1 v2.1 standard, and to verify the value obtained with the message M. [0067] In order to determine if two signatures were emitted by the same member of the list, it is sufficient to compare the values of the pseudo-random number R.sub.i contained in both signatures. As in the example described earlier with reference to FIG. 3, it is not necessary to emit the pseudo-random number R.sub.i with the signature S, except if it is desired that even persons which do not have the list key allowing verification of the signature S.sub.i, may link two signatures emitted by the same chip card for a same sequence.] 
Regarding claim 8, Canard teaches wherein the verifier verifies  determine whether the data concatenated with the decrypted signature nonce by determining whether it matches the signature of the data of the signer.  [0060: As compared…member. This encryption uses a public encryption key PK.sub.MO which is related to a private decryption key SK.sub.MO belonging to the authority qualified to lift the anonymity of a signature emitted by a member of the list. The result of this encryption C.sub.i is concatenated with the pseudo -random number R.sub.i obtained in the same way as in the non-openable list signature procedure; with this concatenation a value R.sub.i.parallel.C.sub.i may be obtained, which is concatenated with the message M before its signature, and possibly with the obtained signature S.sub.i.]
	Regarding claim 13, Canard teaches a method for a verifier to verify data signed with a signature of the data of a signer, the method comprising: receiving  signature nonce,  [[0017] According to one embodiment of the invention, the pseudo-random number (signature nonce)  generated from the sequence number is emitted with the generated electronic signature.]
receiving the data and the signature of the data, [0083] During a first step 41 of the procedure 40, the chip card 7 receives the message M (data) to be signed and a REPSEQ sequence number, and verifies the validity of the latter, for example by means of a signature generated by the certifying authority which is transmitted (distributed) with the sequence number. This verification is carried out with a public key PK.sub.A of the certifying authority, stored by the chip card. If the signature associated with the sequence number is not valid, the chip card emits an error message (step 49) and the procedure terminates 40 without any signature being generated by the card] 
wherein the signature of the data of signer is calculated by signing the data concatenated with the signature nonce using a key. of the signer; [0052] The list signature procedure executed by the chip card then comprises the execution of a group signature algorithm. This algorithm for example consists of concatenating the message M to be signed with the obtained pseudo-random number R.sub.i and of applying a conventional signature function Sign to the obtained value by using the secret key (private key) of list signature SK.sub.L stored by the chip card. The signature S which is delivered at the output by the chip card comprises the pseudo-random number R.sub.i concatenated with the signature value S.sub.i provided by the signature function Sign:] 
verifying the signature of the data of the signer concatenated with the decrypted signature nonce using a public key of the signer.  [0066] In order to verify that the signature was emitted by a member of the list, it is sufficient to know the signature function (number n in the example above) and the public key PK.sub.L of the list. In the example, it is sufficient to compute the following value: M''=S.sub.i.sup.PK.sub.L(mod n) (9) to convert the value M'' by means of the inverse conversion function I2OSP of the PKS#1 v2.1 standard, and to verify the value obtained with the message M. [0067] In order to determine if two signatures were emitted by the same member of the list, it is sufficient to compare the values of the pseudo-random number R.sub.i contained in both signatures. As in the example described earlier with reference to FIG. 3, it is not necessary to emit the pseudo-random number R.sub.i with the signature S, except if it is desired that even persons which do not have the list key allowing verification of the signature S.sub.i, may link two signatures emitted by the same chip card for a same sequence.] 
However, Hansen teaches:
encrypted signature nonce, [0047] FIG. 4 shows how the pen provides authentication, integrity, non-repudiation and confidentiality of the pen information data M.sub.DP when transferring data to the paper look-up service. A random number R.sub.DP is generated and encrypted with the public key KU.sub.PLS of the paper look-up service, which encryption provides the confidentiality of the random number.]
wherein the signature nonce is encrypted with a public key of the verifier to produce the encrypted signature nonce,[0047] FIG. 4 shows how the pen provides authentication, integrity, non-repudiation and confidentiality of the pen information data M.sub.DP when transferring data to the paper look-up service. A random number R.sub.DP is generated and encrypted with the public key KU.sub.PLS of the paper look-up service, which encryption provides the confidentiality of the random number.]
decrypting the encrypted signature nonce with a key of the verifier; [0048] The paper look-up service …. The paper look-up service decrypts the encrypted pen information data with the symmetric key K.sub.S, recreating the pen information data M.sub.DP. The paper look-up service uses the public key of the pen KU.sub.DP and the private key KR.sub.PLS of the paper look-up service to decrypt the random number R.sub.DP.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Canard with the disclosure of Hansen. The motivation or suggestion would have been to implement systems that provide efficient techniques to use random numbers for provision of confidentiality, authentication, non-repudiation and integrity of sensitive data that exchanged between parties.(para 0002-0011, Hansen )  
Although Canard and Hansen teach signing using symmetric key they do not teach expclitly, however, Abt teaches:
data of the signer, [0003] A second type of cryptographic function is an asymmetric-key algorithm. Asymmetric key algorithms can be used in a variety of manners. In one instance, a first party can encrypt data using a first (private) key. A second party can then decrypt the data using a second (public) key. This can be useful for verifying the source of the data as only the owner of the private key can encrypt data that will be decrypted using the associated public key. Alternately, the second party could encrypt data using the public key and the first party can then decrypt the data using its private key. This can be helpful to ensure that only the owner of the private key can decrypt the data. The use of two different keys can be useful for a variety of different applications. In some instances, the first party can use the private key to create a digital signature (of the first party – the signer- data of the signer). The second party can then use the public key and digital signature to verify that the contents of the data were sent by the first party and have not been modified]
using a private key of the signer, [0003] A second type of cryptographic function is an asymmetric-key algorithm. Asymmetric key algorithms can be used in a variety of manners. In one instance, a first party can encrypt data using a first (private) key. A second party can then decrypt the data using a second (public) key. This can be useful for verifying the source of the data as only the owner of the private key can encrypt data that will be decrypted using the associated public key. Alternately, the second party could encrypt data using the public key and the first party can then decrypt the data using its private key. This can be helpful to ensure that only the owner of the private key can decrypt the data. The use of two different keys can be useful for a variety of different applications. In some instances, the first party can use the private key to create a digital signature (of the first party – the signer). The second party can then use the public key and digital signature to verify that the contents of the data were sent by the first party and have not been modified]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Canard and Hansen with the disclosure of Abt. The motivation or suggestion would have been to implement systems that provide efficient techniques for provision of confidentiality, authentication, non-repudiation and integrity of sensitive data that exchanged between parties.(abstract, para 0001-0003, Abt)  
Regarding  claim 14, Canard teaches wherein the data is processed with a secret function known only to the signer to generate the signature nonce.  [0016] According to one embodiment of the invention, generation of the pseudo -random number is carried out by means of an encryption function using a secret key (secret key used as parameter of the function makes the function secret)stored by the electronic hardware support and specific to the latter ]
Regarding claim 15, the claim is interpreted to be same as clam 1 and rejected for the same reasons as set forth for claim 1.
Regarding claim 16, Canard teaches the data concatenated with the decrypted signature nonce is verified by determining whether it  matches the signature of the data of the signer. [0060: As compared…member. This encryption uses a public encryption key PK.sub.MO which is related to a private decryption key SK.sub.MO belonging to the authority qualified to lift the anonymity of a signature emitted by a member of the list. The result of this encryption C.sub.i is concatenated with the pseudo -random number R.sub.i obtained in the same way as in the non-openable list signature procedure; with this concatenation a value R.sub.i.parallel.C.sub.i may be obtained, which is concatenated with the message M before its signature, and possibly with the obtained signature S.sub.i.]
Although Canard and Abt teach signature nonce, he does not teach expclitly, however, Hansen teaches the encrypted signature nonce is decrypted with a private key of the verifier; [0048] The paper look-up service …. The paper look-up service decrypts the encrypted pen information data with the symmetric key K.sub.S, recreating the pen information data M.sub.DP. The paper look-up service uses the public key of the pen KU.sub.DP and the private key KR.sub.PLS of the paper look-up service to decrypt the random number R.sub.DP.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Canard and Abt with the disclosure of Hansen. The motivation or suggestion would have been to implement systems that provide efficient techniques to use random numbers for provision of confidentiality, authentication, non-repudiation and integrity of sensitive data that exchanged between parties.(para 0002-0011, Hansen )  
Regarding claim 18, Canard teaches the data concatenated with the calculated signature nonce is verified by the verifier using a public key of the signer. [0060: As compared…member. This encryption uses a public encryption key PK.sub.MO which is related to a private decryption key SK.sub.MO belonging to the authority qualified to lift the anonymity of a signature emitted by a member of the list. The result of this encryption C.sub.i is concatenated with the pseudo -random number R.sub.i obtained in the same way as in the non-openable list signature procedure; with this concatenation a value R.sub.i.parallel.C.sub.i may be obtained, which is concatenated with the message M before its signature, and possibly with the obtained signature S.sub.i.], 

Claims 10-12 are rejected under 35 USC 103 as being unpatentable over Canard in view of Hansen, Abt and Nikander (US20080187137) 
Regarding claim 10, although Canard and Hansen and Abt teach signature nonce, they do not teach expclitly, however, Nikander teaches transmitting the secret function to the verifier; [0041] Preferably, said step of making the same pseudo-random sequence of values available (transmitted) to each of the first and second parties (agreed verifier) comprises providing a shared secret to the parties as well as a function capable of generating a pseudo-random sequence of numbers. Each party generates the pseudo-random sequence by using the shared secret and a corresponding sequence of values (e.g. an arithmetic progression or the consecutive outputs of a known finite state machine, an LFSR, or similar) as inputs to the function. The values of the pseudo-random sequence may be generated one at a time, i.e. as and when required, or a set of values may be generated for future use.] 
wherein once the secret function is received  by the verifier the signature nonce is calculated  using the secret function.  [0041] Preferably, said step of making the same pseudo-random sequence of values available (transmitted) to each of the first and second parties (agreed verifier) comprises providing a shared secret to the parties as well as a function capable of generating a pseudo-random sequence of numbers. Each party generates the pseudo-random sequence by using the shared secret and a corresponding sequence of values (e.g. an arithmetic progression or the consecutive outputs of a known finite state machine, an LFSR, or similar) as inputs to the function. The values of the pseudo-random sequence may be generated one at a time, i.e. as and when required, or a set of values may be generated for future use.] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Canard and Hansen and Abt with the disclosure of Nikander. The motivation or suggestion would have been to implement a method for signing data that provides non-traceability of information to individual identity and non-linkability across the data signed by each individual. That is, the method protects the privacy of the signer.(abstract, & para 0001-0005, Nikander)  
Regarding claim 11, Canard teaches the data concatenated with the calculated signature nonce is verified by the verifier using a public key of the signer. [0052] The list signature ….group signature algorithm. This algorithm for example consists of concatenating the message M to be signed with the obtained pseudo-random number R.sub.i and of applying a conventional signature function Sign to the obtained value by using the secret key of list signature SK.sub.L stored by the chip card. The signature S which is delivered at the output by the chip card comprises the pseudo-random number R.sub.i concatenated with the signature value S.sub.i provided by the signature function Sign: [0053] The signature algorithm applied by this procedure may be synthesized by the following formula: R.sub.i=PRNG(SK.sub.i, REPSEQ) (1) S.sub.i=Sign(SK.sub.L, R.sub.i.parallel.M) (2) S=R.sub.i.parallel.S.sub.i (3) .parallel. representing the concatenation operator.] 
Regarding claim 12, Canard teaches determines whether the data concatenated with the calculated signature nonce matches the signature of the data of the signer.  [0056] To check (verify) the signature S, it is sufficient to apply to it the group signature verification procedure consisting in the example hereinbefore of raising the signature S.sub.i to the power of SK.sub.L modulo n, to transform the obtained value in order to convert it into a string of characters (I2OSP function of the PKCS#1 standard) and comparing the obtained transformed value to the signed message M. Of course, the verification of the signature also comprises a verification that the value R.sub.i associated with the signature S.sub.i corresponds to the value R.sub.i associated with the message M in the signature.]

Conclusion
	The following prior arts made of record and not relied upon is considered pertinent to applicant's disclosure. 
1.Joyce (US20130138964) describes authenticity and responsiveness of evidence (e.g., biometric evidence) may be validated without regard for whether there is direct control over a sensor that acquired the evidence. In some implementations, only a data block containing evidence that is (1) appended with a server-generated challenge (e.g., a nonce) and (2) signed or encrypted by the sensor may validate that the evidence is responsive to a current request and belongs to a current session. In some implementations, trust may be established and/or enhanced due to one or more security features (e.g., anti-spoofing, anti-tampering, and/or other security features) being collocated with the sensor at the actual sampling site. 
2. Lerch (US20200106774) teaches a device implementing a trusted device establishment system includes at least one processor configured to receive, via a direct wireless connection and from an other device, a public key associated with the other device and an indication of a data item previously provided to the other device via an out-of-band channel. The at least one processor is further configured to verify that the indication of the data item corresponds to the data item previously provided to the other device, and store, in a secure memory region, the public key in association with an identifier corresponding to the other device when the indication of the data item is verified. The at least one processor is further configured to authorize the public key to access a secure device based at least in part on the public key being stored in the secure memory region. 
3. Yang (US20190372763) discloses system and method for generating private keys for devices participating in a self-certified identity based encryption scheme whereby the private key is used by the devices to establish a common session key for encoding digital communications between devices.

  Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.         
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER A KHAN whose telephone number is (571)272-8574. The examiner can normally be reached M-F 8:00 am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on 571-272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHER A KHAN/           Primary Examiner, Art Unit 2497