DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 01/02/2020.
Claims 1-16 are submitted for examination.
Claims 1-16 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority
This 371 application filed on January 02, 2020 claims priority of Provisional application 62/788,012 filed on January 03, 2019.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 7-12 and 14-16 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. 
a.	Independent Claim 7 recites, “A cold storage system for storing digital assets comprising: a. an integration server coupled to an external network ………”. However, the body of the claim lacks definite structure indicative of a physical product. Therefore, the claim as a whole appears to be nothing more than computer software, and software per se does not fall within a statutory category. Examiner submits that Hardware Security Module is considered as HSM(s) defined in figure 2. A review of specification does not specifically indicates whether HSM is hardware or software. It is not clear that the HSM is hardware platform or a software platform.  Examiner suggest adding a hardware processor and/or memory to the claim elements in order to be patent-eligible under 35 U.S.C. 101.
Claim Analysis - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)      the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)      the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)     the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 

Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) are in claim 13.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
Claim limitation “wherein each of the multiple processing units is configured tor” has/have been interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because it uses/they use a generic placeholder coupled with functional language without reciting sufficient structure to achieve the function.  Furthermore, the generic placeholder is not preceded by a structural modifier.
Since the claim limitation(s) invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, claim(s) 13 has/have been interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.  
A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph limitation: Line 16 of page 8, Figure 2 (2090),  describes a processing unit. It is not clear that the enrollment module is hardware or software.  
Therefore, the claim 13 is rejected under 112 (b) for failing to clearly link or associate the disclosed structure to the claimed function such that one of ordinary skill in the art would recognize what structure is used to perform the claimed function. Please also see the 112 (b) rejection below for further details.
If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 

For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance With 35 U.S.C. 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 13 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim limitation “wherein each of the multiple processing units is configured to send and receive commands only from its associated NFC adapter pair “, invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing 
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, 
The examiner has cited particular examples of 35 U.S.C. 112 rejections above. It is respectfully requested that, in preparing responses, the applicant check the claims for further 35 U.S.C. 112 rejections in the event that it was inadvertently missed by the examiner to advance prosecution. The Examiner has noted significant issues supra as to the pending claims under 35 U.S.C. 112. Presently, the pending claims do not adequately reflect what the disclosed invention is. The following prior art rejections are based upon the examiner’s best interpretation of the claims.  In light of the precedence set forth in In re Steele, 305 F.2d 859, 862 (CCPA 1962) and In re Wilson, 424 F.2d 1382, 1385 (CCPA 1970), the Examiner applies cited art in accordance with a position as best understood in the context of the claims and the invention as a whole to expedite compact prosecution.  Such interpretations of the claims versus the cited art cannot be used as a basis for overcoming the objections or rejections set forth supra. Any claim not objected or rejected in view of art does not ascribe allowable subject matter, but remains pending and rejected under their respective titles supra. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Cheng et al. (US PGPUB. # US 2018/0367316, hereinafter “Cheng”), and further in view of Martin et al. (US PGPUB. # US 2019/0318356, hereinafter “Martin”, priority based on provisional application 62687157 filed on 06/19/2018).

Regarding Claim 1, Cheng teaches,
A method of performing a transaction over a blockchain network, the method comprising:
[receiving instructions for executing a blockchain transaction; 
ensuring that the instructions are authorized;] 
on the basis of the received instruction, generating a command to collect signatures for the blockchain transaction; (Fig. 6A(601), ¶116, “In FIG. 6A, a SFTS API call may be obtained at 601. For example, the SFTS API call may be obtained as a result of a call from a HSM associated with the SFTS component”, i.e. a command is generated to collect signature of blockchain transaction)
transmitting the command using a secure air-gapped process to multiple Data Center Hardware Security Modules (DC HSMs), wherein each DC HSM contains a corresponding private key for signing the blockchain transaction; (Fig. 4A (430, 434, 440), ¶88, “The TSS may forward the transaction signing request to a first HSM 430”, “The second HSM's tamper-proof storage (e.g., the second HSM's firmware) may store a master private key (e.g., an ECDSA private key)”, Fig. 6A (609, 617), ¶131-¶132, Fig. 8, ¶174, “two operators, each holding an encrypted key on a USB memory stick, one after another insert their USB key into an authentication entry device attached to a HSM”)
validating an authenticity of the received command at each of the multiple DC HSMs; securely signing the blockchain transaction inside each of the multiple DC HSMs using a signing technique and transferring signatures back using the secured air-gapped process;  (¶89, “the second HSM may include a split credentials PIN entry device (PED) to provide for multiple-person (e.g., M-of-N) user access rule”, ¶90, “The first HSM may decrypt the master private key using the private key decryption key, may utilize the decrypted master private key and the SFTS module to sign the transaction”, Fig. 6A (633), ¶135, “The transaction may be signed at 633. In one implementation”) 
[building a multi-signed transaction from collected DC HSM signatures]; and
transmitting the multi-signed transaction to a destination. (¶90, “may respond with a signed transaction (e.g., ECDSA signature in DER format)”, Fig. 6A (641), ¶136, “The signed transaction may be returned at 641”). 
Cheng does not teach explicitly,
receiving instructions for executing a blockchain transaction; 
ensuring that the instructions are authorized; 
building a multi-signed transaction from collected DC HSM signatures;
However Martin teaches,
receiving instructions for executing a blockchain transaction; (Fig. 2(S710), ¶103, “ receipt of a transaction request S710”, “The transaction request preferably includes an unsigned transaction, but can be any other suitable request. The transaction request can include: the cryptocurrency address, an endpoint cryptocurrency address, transaction information (e.g., asset quantity to be transferred, asset type, etc.), or any other suitable information”, i.e. a blockchain transaction execution request is received)
ensuring that the instructions are authorized;  (¶105, “after retrieval confirmation receipt from the management account or a key holder account (e.g., wherein a retrieval confirmation query or multi-factor authentication request can be sent to the management account or a key holder account associated with the cryptocurrency address)”, ¶108, “ S730 is preferably performed after the key holder is verified, but can alternatively be performed after receipt of a transaction request, or be performed at any suitable time”, i.e. instruction is verified)
building a multi-signed transaction from collected DC HSM signatures; (¶108, “Multiple instances of S730 (e.g., for each beta shard) can be performed concurrently, serially, based on key holder interface availability, or otherwise performed.”, ¶109, ¶114, ¶118, Fig. 7).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
.
Chen teaches, transmitting a transaction to hardware security modules for signing. Martin teaches, verifying the signature request and collecting multiple private key shares for signing the transaction. Therefore, it would have been obvious to have verifying the signature request and collecting multiple private key shares for signing the transaction of Martin with transmitting a transaction to hardware security modules for signing of Chen to validate the transaction utilizing multiple signatures to utilize a Bitcoin cold storage key vault and fund transfer implementation to protect master private keys from physical and/or software key theft and to enforce M of N (e.g., 2-person rule) security policy with regard to accessing the transaction signing capability on HSM. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 2, rejection of Claim 1 is included and for the same motivation Cheng does not teach explicitly,
The method of claim 1, wherein the destination comprises a blockchain network.
However, Martin teaches,
The method of claim 1, wherein the destination comprises a blockchain network. (Fig. 2(S780), ¶18, “transmitting the signed transaction to the blockchain S780”, i.e. destination comprises a blockchain network).

Regarding Claim 3, rejection of Claim 1 is included and for the same motivation Cheng does not teach explicitly,
The method of claim 1, wherein the secure air-gapped process uses near field communication (NFC) interfaces and NFC RFID tags.
However, Martin teaches,
The method of claim 1, wherein the secure air-gapped process uses near field communication (NFC) interfaces and NFC RFID tags. (¶101, “Physical distribution can include: storing the secondary encryption key(s) (e.g., the private key) on a physical device (e.g., HSM, NFC device, Bluetooth device, etc., Claim 10)”

Regarding Claim 5, rejection of Claim 2 is included and for the same motivation Cheng does not teach explicitly,
The method of claim 2, further comprising ensuring that at least M of N DC HSMs sign the blockchain transaction before transmitting the multi-signed transactions to the blockchain network, where N = a total number of DC HSMs, and M < N, for integers N and M.
However, Martin teaches,
The method of claim 2, further comprising ensuring that at least M of N DC HSMs sign the blockchain transaction before transmitting the multi-signed transactions to the blockchain network, where N = a total number of DC HSMs, and M < N, for integers N and M. (¶17, “The method can optionally function to provide a multisignature blockchain transaction authorization scheme (e.g., M-of-N transactions)”).
Regarding Claim 6, rejection of Claim 5 is included and for the same motivation Cheng teaches,
The method of claim 5, wherein the signing technique comprises Elliptic Curve Digital Signature Algorithm (ECDSA), Edwards-Curve Digital Signature Algorithm (EdDSA), RSA, or any combination thereof. (Fig. 4A, ¶87, “In FIG. 4A, a client application 410 (e.g., utilized by a user via a client device) may send a transaction signing request (e.g., including transaction data to sign and a keychain path to be used for Bip32 key derivation) to a TSS 420”, Fig. 6(641), ¶136, “The signed transaction may be returned at 641. In one implementation, the Elliptic Curve Digital Signature Algorithm (ECDSA) signature in DER format may be returned”).

Claims 4 is rejected under 35 U.S.C. 103 as being unpatentable over Cheng et al. (US PGPUB. # US 2018/0367316, hereinafter “Cheng”), and further in view of Martin et al. (US PGPUB. # US 2019/0318356, hereinafter “Martin”, priority based on provisional application 62687157 filed on 06/19/2018), and further in view of Hueber et al. (US PGPUB. # US 2019/0005284, hereinafter “Hueber”).

Regarding Claim 4 rejection of Claim 3 is included and combination of Cheng and Martin does not teach explicitly,
The method of claim 3, wherein the NFC interfaces are physically shielded to resist side channel attacks.
However, Hueber teaches,
The method of claim 3, wherein the NFC interfaces are physically shielded to resist side channel attacks. (¶36, “As is known in the field of NFC, a secure element is a module that includes embedded security functionality”, “the secure element is resistant against side channel analysis”).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Hueber with the invention of Chen in view of Marting.
Chen in view of Martin teaches, transmitting a transaction to hardware security modules for signing and verifying the signature request and collecting multiple private key shares for signing the transaction. Hueber teaches, near field communication interface which are shielded against side channel attacks. Therefore, it would have been obvious to have near field communication interface which are shielded against side channel attacks of Hueber into the teachings of Chen in view of Martin to secure cryptographic keys from malicious users. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 


Claims 7, 10-12 are rejected under 35 U.S.C. 103 as being unpatentable over, Cheng et al. (US PGPUB. # US 2018/0367316, hereinafter “Cheng”), and further in view of Di Iorio et al. (US PGPUB. # US 2019/0354970, hereinafter “Di Iorio”)
Regarding Claim 7, Cheng teaches,
A cold storage system for storing digital assets comprising: 
b. a central control center comprising a request handler and a command handling Hardware Security Module (HSM); (Fig. 1A(“Transaction Signing Server”), ¶71, “n FIG. 1A, a TSS utilizes a custom transaction signing API via a HSM Access Provider (e.g., a module used to communicate with a HSM) to request transaction signing by a HSM (e.g., Gemalto's SafeNet HSM)”, Fig. 4A(420), ¶87-¶88, “The TSS may forward the transaction signing request to a first HSM 430. For example, the first HSM may be a PCIe HSM (e.g., installed in a TSS (e.g., machine))”, i.e. TSS is considered as a central control center that has a request handler)) and 
c. multiple distributed data centers (¶317, “semiprivate and publically accessible node controllers (e.g., via dispersed data centers) are coordinated to serve requests”) each comprising:  
i. an associated Data Center (DC) HSM for managing cryptographic keys; (Fig. 4A(440), ¶89, “the second HSM may be a portable USB HSM. The second HSM's tamper-proof storage (e.g., the second HSM's firmware) may store a master private key (e.g., an ECDSA private key) 444 and a public key encryption key (e.g., an RSA public key that corresponds to the RSA private key stored in the first HSM's tamper-proof storage) 446”)
ii. a processing unit (Fig. 23(2303)) coupled to the associated DC HSM; (Fig. 23(2328), ¶297, “stored program component that is executed by a CPU 2303, cryptographic processor 2326, cryptographic processor interface 2327, cryptographic processor device 2328”, Examiner submits that HSM is a cryptographic device 2328 and is connected to a cpu 2303). 
Cheng does not teach explicitly,
a. an integration server coupled to an external network; 
iii. a dedicated remote controlled server coupled to the integration server; and 
iv. an NFC adapter pair having an RFID tag forming an air-gapped communication channel between the remote controlled server and the processing unit.
However, Di Iorio teaches,
a. an integration server coupled to an external network; (Fig. 1(104, 108), ¶38, “Intermediate computing device 102, as an intermediary, may communicate with components 104 and 106 via a communication network (108) such as a wide area network (WAN), a public network (e.g. the Internet) “, i.e. examiner submits that computing device 104 is considered as an integration server and is connected to an external network such as the internet). 
iii. a dedicated remote controlled server coupled to the integration server; (Fig. 1(102), ¶38, “Intermediate computing device 102, as an intermediary, may communicate with components 104 and 106 via a communication network (108) such as a wide area network (WAN), a public network (e.g. the Internet) “, i.e. Examiner submits that computing device 102 is a dedicated remote controlled server which is coupled to a computing device 104 (integration server) and 
iv. an NFC adapter pair having an RFID tag forming an air-gapped communication channel between the remote controlled server and the processing unit. (¶4, “The intermediate device transmits unsigned transaction data to an air gapped transaction signing device through optical over the air communication via an optical output device”, Fig. 1(102, 112), ¶39, “Intermediate computing device 102 is shown in communication with a transaction signing device 112. Signing device 112 comprises an “air gapped” computing device having a special configuration as described further herein. Broken lines between device 102 and signing device 112 represent an optical over the air (OTA) communication path”, Fig. 2(202), ¶3, “ The direct connections between hardware wallet and intermediate computing device include, for example, connections via universal serial bus ports, Bluetooth, and/or near-field communication systems”, ¶48, “it may provide cold storage features, storing certain cryptographic transaction data offline, which data is received optically OTA or by (manual) input”).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Di Iorio with the invention of Chen.
Chen teaches, a control center interacting with a hardware security module. Di Iorio teaches, an air-gapped communication between a remote server and a hardware KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 10, rejection of Claim 7 is included and for the same motivation Cheng does not teach explicitly,
The cold storage system of claim 7, wherein the external network comprises the Internet or a virtual private network.
However, Di Iorio teaches,
The cold storage system of claim 7, wherein the external network comprises the Internet or a virtual private network. (Fig. 1(108), ¶38, “(108) such as a wide area network (WAN), a public network (e.g. the Internet) or via a private network or a combination of same”).

Regarding Claim 11, rejection of Claim 7 is included and for the same motivation Cheng teaches,
The cold storage system of claim 7, [wherein the request handler is configured to receive raw instructions to execute blockchain transactions from the integration server and to send the raw instructions] to the command handling HSM (Fig. 4A (430), ¶89, “the second HSM may be a portable USB HSM. The second HSM's tamper-proof storage (e.g., the second HSM's firmware) may store a master private key (e.g., an ECDSA private key) 444 and a public key encryption key (e.g., an RSA public key that corresponds to the RSA private key stored in the first HSM's tamper-proof storage) 4”) [over the air-gapped channel].
Cheng does not teach explicitly,
The cold storage system of claim 7, wherein the request handler is configured to receive raw instructions to execute blockchain transactions from the integration server and to send the raw instructions [to the command handling HSM] over the air-gapped channel.
However, Di Iorio teaches,
The cold storage system of claim 7, wherein the request handler is configured to receive raw instructions to execute blockchain transactions from the integration server and to send the raw instructions [to the command handling HSM] over the air-gapped channel. (Fig. 1, ¶39, “Intermediate computing device 102 is shown in communication with a transaction signing device 112. Signing device 112 comprises an “air gapped” computing device having a special configuration as described further herein”). 

Regarding Claim 12, rejection of Claim 11 is included and for the same motivation Cheng teaches,
The cold storage system of claim 11, wherein the raw instruction is authorized by the command handling HSM through a multiple factor authentication protocol. (¶89, “the second HSM may include a split credentials PIN entry device (PED) to provide for multiple-person (e.g., M-of-N) user access rule for HSM activation and/or operation (e.g., 2-of-3 operation enforcement that allows access to the master private key if at least two out of three people provide their separate credentials to the second HSM)”, Fig. 8, Fig. 9).

Claims 8-9 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over, Cheng et al. (US PGPUB. # US 2018/0367316, hereinafter “Cheng”), and further in view of Di Iorio et al. (US PGPUB. # US 2019/0354970, hereinafter “Di Iorio”), and further in view of Hueber et al. (US PGPUB. # US 2019/0005284, hereinafter “Hueber”).

Regarding Claim 8 rejection of Claim 7 is included and combination of Cheng and Di Iorio does not teach explicitly,
The cold storage system of claim 7, wherein each of the NFC adapter pairs comprises NFC devices and tags physically shielded to avoid side channel attacks, data skimming, or both.
However, Hueber teaches,
The cold storage system of claim 7, wherein each of the NFC adapter pairs comprises NFC devices and tags physically shielded to avoid side channel attacks, data skimming, or both. (¶36, “As is known in the field of NFC, a secure element is a module that includes embedded security functionality”, “the secure element is resistant against side channel analysis”).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Hueber with the invention of Chen in view of Di Iorio.
Chen in view of Di Iorio teaches, a control center interacting with a hardware security module and an air-gapped communication between a remote server and a hardware security module. Hueber teaches, near field communication interface which are shielded against side channel attacks. Therefore, it would have been obvious to have near field communication interface which are shielded against side channel attacks of Hueber into the teachings of Chen in view of Di Iorio to secure cryptographic keys from malicious users. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 9 rejection of Claim 8 is included and for the same motivation combination of Cheng and Di Iorio does not teach explicitly,
The cold storage system of claim 8, wherein each of the NFC adapter pairs comprises NFC devices having both read/write capabilities comprising NFC tags between the NFC devices.
However, Hueber teaches,
The cold storage system of claim 8, wherein each of the NFC adapter pairs comprises NFC devices having both read/write capabilities comprising NFC tags between the NFC devices. (¶41, “The NFC controller 100 may execute a transaction involving communication with the reader 12, which may include exchanging messages using the NFC antenna 102, for example, to read and/or write data from/to the secure element 108”).

Regarding Claim 13 rejection of Claim 7 is included and combination of Cheng and Di Iorio does not teach explicitly,
The cold storage system of claim 7, wherein each of the multiple processing units is configured to send and receive commands only from its associated NFC adapter pair.
However, Hueber teaches,
The cold storage system of claim 7, wherein each of the multiple processing units is configured to send and receive commands only from its associated NFC adapter pair. (¶36, “ A secure element may be embodied as a smart card, an application processor, an SD card, a USB token, secure memory devices (e.g., flash or EEPROM), and UICCs. In an embodiment, a secure element includes a crypto-engine that is able to implement a cryptographic algorithm, such as an Advanced Encryption Standard (AES) algorithm”, ¶49, “The NFC controller interface also includes a bus interface (BI) 242 that provides a physical interface to the bus”, ¶50, “The secure element interface also includes a bus interface (BI) 244 that provides a physical interface to the bus, Bus_SE”, ¶51, “The interface controller 236 of the interface system 220 manages the exchange of data within the interface system and/or between the NFC controller 230 and the secure element 208.”, i.e. an application processor sends and receive commands from NFC controller interface via interface controller).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Hueber with the invention of Chen in view of Di Iorio.
Chen in view of Di Iorio teaches, a control center interacting with a hardware security module and an air-gapped communication between a remote server and a hardware security module. Hueber teaches, near field communication interface which are shielded against side channel attacks. Therefore, it would have been obvious to have near field communication interface which are shielded against side channel attacks of Hueber into the teachings of Chen in view of Di Iorio to secure cryptographic keys from malicious users. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Claims 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over, Cheng et al. (US PGPUB. # US 2018/0367316, hereinafter “Cheng”), and further in view of Di Iorio et al. (US PGPUB. # US 2019/0354970, hereinafter “Di Iorio”), and further in view of Stahlberg et al. (US PGPUB. # US 2018/0367311, hereinafter “Stahlberg”).
Regarding Claim 14 rejection of Claim 7 is included and combination of Cheng and Di Iorio does not teach explicitly,
The cold storage system of claim 7, wherein each of the multiple associated DC HSMs is configured to verify an authenticity of received commands using digital signatures and pre-installed certificates of the command handling HSM.
However Stahlberg teaches,
The cold storage system of claim 7, wherein each of the multiple associated DC HSMs is configured to verify an authenticity of received commands using digital signatures and pre-installed certificates of the command handling HSM. (Fig. 4(4), ¶45, “the HSM 200 validates the at least one authorization token 220 included in the request 250”, “he authorization token 220 may be valid when the authorization token 220 is signed by the authorizer key 118, i.e., the authorization token 220 includes the digital signature 230 (FIG. 2) signed by the authorizer key 118”, Fig. 8(806), ¶68, “At block 806, the method 800 includes validating, by the HSM 200, the at least one authorization token 220. For instance, the authorization token 220 may be valid when at least one of the token 220a is signed by the authorizer key 118 of the owner 10”).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Stahlberg with the invention of Chen in view of Di Iorio.
KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 15 rejection of Claim 7 is included and combination of Cheng and Di Iorio does not teach explicitly,
The cold storage system of claim 7, wherein each of the associated DC HSMs is configured for determining whether an associated one or more command execution constraints are met.
However Stahlberg teaches,
The cold storage system of claim 7, wherein each of the associated DC HSMs is configured for determining whether an associated one or more command execution constraints are met. (Fig. 4(4), “The authorization token 220 may also be valid when the HSM 200 receives the authorization token 220 within the authorization time period 226 (FIG. 2) defined by the authorization token 220. For instance, the HSM 200 may reference the internal clock 211 to determine the time of when the authorization token 220 of the cryptographic operation request 250 was received. Additionally or alternatively, the authorization token 220 may be valid when the HSM 200 receives the authorization token less times than the limit number 228 (FIG. 2) defined by the authorization token 220. For instance, the HSM 200 may reference the counter 213 to determine how many times authorization token 220 has been received by the HSM 200.”, Fig. 8(806), ¶66, “the HSM 200 has received the token 220 within an authorization time period 226 defined by the token 220, or the HSM has received the token 220 less times than a limit number 228 defined by the token 220”, i.e. check for execution constraints are met prior to executing the command). 
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Stahlberg with the invention of Chen in view of Di Iorio.
Chen in view of Di Iorio teaches, a control center interacting with a hardware security module and an air-gapped communication between a remote server and a hardware security module. Stahlberg teaches, validating a token (command) by the Hardware Security Module before performing a cryptographic operation. Therefore, it would have been obvious to have validating a token (command) by the Hardware Security Module before performing a cryptographic operation of Stahlberg into the teachings of Chen in view of Di Iorio to ensure that the token (command) is a valid token KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 16 rejection of Claim 15 is included and for the same motivation combination of Cheng and Di Iorio does not teach explicitly,
The cold storage system of claim 15, wherein the command execution constraints comprise velocity of requests, time bound expiry, or both.
However Stahlberg teaches,
The cold storage system of claim 15, wherein the command execution constraints comprise velocity of requests, time bound expiry, or both. (Fig. 4(4), “The authorization token 220 may also be valid when the HSM 200 receives the authorization token 220 within the authorization time period 226 (FIG. 2) defined by the authorization token 220. For instance, the HSM 200 may reference the internal clock 211 to determine the time of when the authorization token 220 of the cryptographic operation request 250 was received. Additionally or alternatively, the authorization token 220 may be valid when the HSM 200 receives the authorization token less times than the limit number 228 (FIG. 2) defined by the authorization token 220. For instance, the HSM 200 may reference the counter 213 to determine how many times authorization token 220 has been received by the HSM 200.”, Fig. 8(806), ¶66, “the HSM 200 has received the token 220 within an authorization time period 226 defined by the token 220, or the HSM has received the token 220 less times than a limit number 228 defined by the token 220”, i.e. constraints are time bound and number of requests). 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Yaldin et al. (US # 2020/0044863) discloses, techniques for securing digital signatures using multi-party computation. A method includes generating at least one first secret share by a first system, wherein at least one second secret share is generated by one of at least one second system; signing data based on the at least one first secret share when a signing policy is met, wherein the signing is part of an interactive signing process including running a multi-party computation protocol by the first system and the at least one second system, wherein the signed data corresponds to a public key generated based on the plurality of secret shares, wherein the signing policy requires a minimum number of secret shares, wherein shares of one system alone are not sufficient to meet the signing policy, wherein no portion of shares of one system are revealed to the other system during the interactive signing process.
 Gancarz (US # 2020/0028675) discloses, a first module with a communication interface to a public network; and a controller to handle a transaction with a Blockchain network or a transaction server accessible at the public network. The system also includes a second module with a random number generator; and a secure controller to generate seed words and private keys. The system further includes a bridge module with a controller; and a switch to selectively connect the data interface of the bridge module to either the data interface of the first module or the data interface of 
Winklevoss et al. (US # 10,068,228) discloses, methods for securely storing digital assets using a secure portal are disclosed. Using an isolated computer within an electronic isolation chamber, a plurality of digital asset accounts may be generated, and one or more private keys and a digital asset account identifier corresponding to each of the digital asset accounts may be obtained. A respective reference identifier may be associated with each digital asset account. At least one of the one or more private keys corresponding to each digital asset account may be divided into a plurality of private key segments and written to a card along with the respective reference identifier to create sets of collated cards, wherein each set comprises cards corresponding to different private keys.
Shin et al. (US # 2018/0157841) discloses, a method for secure boot of an engine management system, in which the system for secure boot of an engine management system, comprises a memory in which a boot code and at least one application are stored, a host CPU for sending a start-up command to a hardware security module HSM when a start-on or reset event occurs, and transmitting a remaining memory area authentication command to the HSM after executing the boot code when boot code authentication success is received from the HSM, and the HSM for starting up and performing authentication of the boot code stored in the memory as the start-up command is received, sending a boot code authentication result to the host CPU, and performing authentication of the rest of 
Osborne et al. (US # 2012/0324230) discloses, a method for enabling digital signature auditing. The method includes the steps of: receiving at least one signature request issued by at least one application, forwarding a first data corresponding to the received at least one signature request to at least one signing entity for subsequent signature of the first data, storing an updated system state that is computed using a function of: i) a reference system state and ii) a second data corresponding to the received at least one signature request, where the reference system state and the updated system state attest to the at least one signature request, and repeating the above steps, using the updated system state as a new reference system state, where the steps of the method are executed at a server of a computerized system.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/DARSHAN I DHRUV/          Primary Examiner, Art Unit 2498