Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
2. 	The information disclosure statement (IDS) submitted on 11/02/2021 was filed after the mailing date of the notice of allowance on 11/02/2021. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

EXAMINER'S AMENDMENT
2. 	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

3. 	Authorization for this examiner’s amendment was given in an interview with Tim Meagher on 9/9/2021.

The application has been amended as follows:
1. (Currently Amended) A method for generating a composite cryptographic signature, the method comprising:
from a client device over a communication network, a signing request including a message and a first part of a first party signature, the first part of the first party signature derived from the message and a first share of a first private key;
generating, at the computer server, [[a]] the first party signature from the first part of the first party signature and a second share of the first private key;
generating, at the computer server, a second party signature from the message and a second private key; 
verifying, at the computer server, that the first part of the first party signature was generated using the first share of a first private key;
combining, at the computer server, the first party signature and the second party signature to generate a composite cryptographic signature and sending the composite cryptographic signature to the client device;
the client device verifying that the composite cryptographic signature has indeed been created using the second private key and only accepting that a response is from the computer server and not an adversary when the composite cryptographic signature has indeed been created using the second private key.

2. (Previously Presented) The method according to claim 1, wherein the first private key and a public key are a first key pair, and wherein the second private key and the public key form a second key pair.



4. (Previously Presented) The method according to claim 3, wherein the first private modulus is a product of prime numbers; and the second private modulus is a product of prime numbers; and wherein each of the prime numbers is coprime to the public exponent.

5. (Previously Presented) The method according to claim 3, further comprising generating a composite public modulus from the first private modulus and the second private modulus.

6. (Previously Presented) The method according to claim 3, wherein the first share of the first private key comprises a first additive share of the first private exponent; and wherein the second share of the first private key comprises a second additive share of the first private exponent.

7. (Previously Presented) The method according to claim 3, wherein the first share of the first private key comprises a first multiplicative share of the first 
8. (Previously Presented) The method according to claim 2, further comprising: verifying the origin of the first part of the first party signature using the public key and the message.

9. (Currently Amended) The method according to claim 8, 

10. (Cancelled)

11. (Cancelled)

12. (Previously Presented) The method according to claim 1, wherein receiving a message and a first part of a first party signature comprises receiving a message and a first part of a first party signature over a secure channel.

13. (Previously Presented) The method according to claim 1, wherein the message is a hashed message.

14. (Previously Presented) The method according to claim 1, wherein the message is a padded message.

15. (Currently Amended) An apparatus comprising at least one processor and at least one memory, wherein the at least one memory stores computer-executable instructions which, when executed by the at least one processor, cause the apparatus to:
receive from a client device over a communication network, a signing request including a message and a first part of a first party signature, the first part of the first party signature derived from the message and a first share of a first private key;
generate a first party signature from the first part of the first party signature and a second share of the first private key;
generate a second party signature from the message and a second private key;
verify that the first part of the first party signature was generated using the first share of a first private key;
combine the first party signature and the second party signature to generate a composite cryptographic signature and send the composite cryptographic signature to the client device;
the client device verifying that the composite cryptographic signature has indeed been created using the second private key and only accepting that a response is from the apparatus and not an adversary when the composite cryptographic signature has indeed been created using the second private key.

16. (Previously Presented) A non-transitory computer readable medium having computer-executable instructions to cause a computer to perform a method according to claim 1.

17. (Currently Amended) A method for generating a composite cryptographic signature, the method comprising:
at a first device:
generating a first part of a first party signature from a message and a first share of a first private key; and
sending the message and the first part of the first party signature to a second device;
at the second device:
generating a first party signature from the first part of the first party signature and a second share of the first private key;
generating a second party signature from the message and a second private key;
verifying that the first part of the first party signature was generated using the first share of the first private key;
and sending the composite cryptographic signature to the first device;
	the first device verifying that the composite cryptographic signature has indeed been created using the second private key and only accepting that a response is from the second device and not an adversary when the composite cryptographic signature has indeed been created using the second private key.

18. (Currently Amended) The method according to claim 17, further comprising: at the second device, communicating first device; and at the first device, verifying the composite cryptographic signature using the message and the composite public key.

19. (Previously Presented) A system for generating a composite cryptographic signature, the system comprising a first device and a second device, wherein the first device and the second device each comprise a processor and at least one memory, and wherein the at least one memory of the first device and the at least one memory of the second device each store computer-executable instructions which, when executed by the processors of the first device and the second device respectively, cause the first device and the second device to perform a method according to claim 17. 

Reasons for Allowance

4. 	Claims 1-9 and 12-19 including all of the limitations of the base claim and any intervening claims are allowed. 

Closest Prior Art: 
U.S. Publication No. 2006/0184787 hereinafter Sandhu discloses on paragraph 0032 “In accordance with the present invention, a method and a system for user authentication based upon an asymmetric key pair having a public key and split private key are provided. The split private key includes at least a first private portion and another private portion. As desired, the asymmetric crypto-key may include even more private portions. Each of the private portions are applied to an original message to form a transformed message, and the public portion is applied to the transformed message to verify authenticity of the message preferably by recovering the original message, which authenticates the user.” Para 0035 “A challenge is then cryptographically combined with a first one of the multiple factors, forming a first message. This first factor is a factor other than the user's password. Typically, a challenge is a text string, though it could be more sophisticated, as desired.” Para 0036 and 0037 “This first message is transformed with the generated first portion of the split private key to form a second message. Thus, the first portion is applied to the first message to cause the first message to change form. This second 

U.S. Publication No. 2012/0321086 hereinafter D’Souza discloses on paragraph 0031 “In cases where the encrypted data is a cryptographic key, that key may be stored as a plurality of shares 126. The shares are mathematical transformations of the user's private key, and each share is provided to one of the verified third parties 145. Each verified third party publishes his or her own public keys, and encrypts his or her share of the encrypted key using their published public key. The verified third party shares encrypted according to the third party’s' public keys are then stored in the data storage system 115. Because the shares are encrypted according to the verified third parties’ public/private key pair, the data storage system is prevented from accessing the encrypted shares, and is further prevented from accessing the user's data.” 

U.S. Patent No. 9,049,011 hereinafter Agrawal discloses on Col. 13 Lines 24-49 “Upon initiation of the publication security set up, a public/private key pair is established that will be used to encrypt and decrypt data published as part of the publication, as in 704. The generated publication private key is then encrypted with the security system public key. As discussed above, a security system public key is a single public key published by security system for use in encrypting data that is to be securely transmitted to the security system and stored.”

The following is an Examiner’s Statement of Reasons for Allowance:
Claims 1-9 and 12-19 are allowable over prior art references taken individually or in combination fails to particularly disclose, fairly suggests or render obvious are argued by the applicant which examiner considers persuasive as set forth above.
Although the prior art discloses receiving message and a first part of a first party signature, the first part of the first party signature derived from the message and a first share of a first private key, no one or two references anticipates or obviously suggest receiving, at a computer server from a client device over a communication network, a signing request including a message and a first part of a first party signature, the first part of the first party signature derived from the message and a first share of a first private key.
Generating, at the computer server, the first party signature from the first part of the first party signature and a second share of the first private key and generating, at the computer server, a second party signature from the message and a second private key.
Furthermore, verifying, at the computer server, that the first part of the first party signature was generated using the first share of a first private key and combining, at the computer server, the first party signature and the second party signature to generate a composite cryptographic signature and sending the composite cryptographic signature to the client device.
Lastly, the client device verifying that the composite cryptographic signature has indeed been created using the second private key and only accepting that a response is .
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-





/GARY S GRACIA/           Primary Examiner, Art Unit 2491