Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the application 17/057,758 filed on 11/23/2020.
Claims 1-10 have been examined and are pending in this application.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 11/23/2020, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Foreign Priority
The present application claims priority to and is a national phase of Ser. No. PCT/CN2019/119520 filed November 19, 2019, which claims priority to and the benefit of Chinese Patent Application No. 201811487845.2 filed December 06, 2018.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim 10 is rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claim 10, claim 10 is rejected under 35 U.S.C. 101 because the claims is directed to non-statutory subject matter. Claim 14 recites “a computer readable storage medium;” However, there is no further discussion in the specification as to what type of computer readable storage medium is claimed.  Broadly interpreted, “a computer readable storage medium” can be any means that include propagate and transmission signals, which are non-eligible subject matter under 35 U.S.C. 101. Therefore, the claims are directed to non-statutory subject matter. The Examiner respectfully suggests that the claims be amended to either “A non-transitory computer readable storage medium” or “a computer readable storage device” to make the claim statutory under 35 USC 101; (emphasis added). 
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.
Claims 9 and 10 are rejected under 35 U.S.C. 112(d) or 35 U.S.C. 112 (pre-AIA ), fourth paragraph, as failing to incorporate by reference all limitations of the claim to which it/they refer(s).
Regarding claims 9 and 10; claims 9 and 10 are rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  “[A] proper dependent claim must be narrower than the claim upon which it depends and must not be broader in any respect.” D. Chisum, Chisum on Patents § 8.06[5] (2011) (citing Pfizer Inc. v. Ranbaxy Laboratories Ltd., 457 F3d 1284 (Fed. Cir. 2006) (claim held invalid for failing to comply with 35 U.S.C. § 112, fourth paragraph)).   Device claim 9 and a computer readable storage medium claim 10 rely on method claim 1. However, claims 9 and 10 fail to specify a further limitation of the subject matter of the claim 1 to which they refer, because is complete outside the scope of claim 1. Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 
Claim 8 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claim 8, claim 8 rejected under 35 U.S.C. 112, second paragraph because claims element “an initialization module configured to…,” “a key pair generation module configured to…,” “a data authentication module configured to…,” “a proof generation module configured to…,”   and “a proof verification module configured to…,” are the limitations that invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. No association between the structure and the function can be found in the specification Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)  Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)  Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize 
(a)  Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)  Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C.
102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person 
Claims 1-10 are rejected under 35 U.S.C. 103 as being unpatentable over Camenisch (US 2020/0007318) and in view of Camenisch (CN 103493428 A) hereinafter Camenisch (428).
Regarding claim 1, Camenisch discloses a Zero Knowledge Proof (ZKP)-based privacy protection method for authenticated data in a smart contract (Camenisch par. 0032; based on zero-knowledge proof protocols, can be used to allow authentication of secret information embedded in a credential, certificate, etc., by an authority), comprising: 
initialization step: inputting a security parameter to obtain a public parameter, and generating, a public/private key pair (Camenisch par. 0032 and 0048; a user (message recipient) obtains a public-private key pair, denoted by (pk.sub.o, sk.sub.o), referred to below as a recipient key-pair. sk.sub.o is the recipient's secret (private) key, which is secret to that recipient, and pk, is the corresponding public key. This key pair can be generated in known manner via a standard PKI, and the public key pk.sub.o can be certified in the usual way. The recipient key pair (pk.sub.o, sk.sub.o) is then “enhanced” via a setup procedure performed by interaction with KEA computer 6. For this procedure, the user must possess some secret data s which is valuable to the user in the sense that she would not wish it to be disclosed. The security parameter is encoded in unary and given as an input to all algorithms. See also par. 0056 and 0064); 
key pair generation step: generating a key pair by using the public parameter and a verification circuit as inputs, the key pair comprising a proof key and a verification key (Camenisch par. 0056 and 0057;  all public parameters param.sub.e generated by the Setup algorithm, for all pairs of keys (pk, sk) generated by Keygen on input param.sub.e, for any message m in the message space of the random map Enc and any label l in its label space. Keygen(param)=(pk, sk) is an algorithm which, and sets the public key pk to (G, .Math., g.sub.1, g.sub.2, a, b, □.sub.1, H) and the secret key sk to (x.sub.1, x.sub.2, y.sub.1, y.sub.2, z). It then outputs the pair (pk, sk)); 
data authentication step: performing authentication on private data of a Decentralized App (DApp) User (DU) by using the private key of the trusted DA, and generating a signature (Camenisch par. 0033;  as discussed above for authenticating the secret s in the commitment, together with any associated proof required by the authentication scheme to allow the KEA computer to verify that the credential/certificate is genuine and relates to the secret s in the commitment c. Details of this procedure will depend on the particular authentication system employed and are orthogonal to the key-enhancement operation described). In step 32, the KEA computer verifies the proof for the commitment c sent by the receiver computer (including verifying authenticity of the underlying secret s). Assuming the proof is valid, the KEA computer then binds the commitment c to the recipient's public key pk.sub.o in step 33. This binding can be achieved using any desired technique which permits a third party to verify that a public key pk.sub.o is bound to a particular commitment c. For example, standard cryptographic signature or certificate schemes can be used. In this example, the KEA computer generates a cryptographic signature σ on pk.sub.o and c using a secret key sk.sub.KEA of a key pair (sk.sub.KEA, pk.sub.KEA), i.e. σ=Sig(sk.sub.KEA, pk.sub.o, c) where Sig is a signing algorithm of a cryptographic signature scheme); 
proof generation step: inputting, by a DU prover terminal, the private data serving as an input value and a calculation result and a hash value serving as output values of the (Camenisch par. 0057;  Setup(1λ)=param is an algorithm that outputs the description of a group (G, .Math.) of order p in which the decisional Diffie-Hellman problem is assumed to be intractable and of a family of collision-resistant hash functions; Keygen(param)=(pk, sk) is an algorithm which, on input of the parameters, generates uniformly at random g.sub.1, g.sub.2∈G, and x.sub.1, x.sub.2, y.sub.1, y.sub.2, z∈.sub.p, sets a=g.sub.1.sup.x.sup.1g.sub.2.sup.x.sup.2, b=g.sub.1.sup.y.sup.1g.sub.2.sup.y.sup.2, and h.sub.1=g.sub.1.sup.z, chooses uniformly at random H from said family of collision-resistant hash functions, and sets the public key pk to (G, .Math., g.sub.1, g.sub.2, a, b, □.sub.1, H) and the secret key sk to (x.sub.1, x.sub.2, y.sub.1, y.sub.2, z). It then outputs the pair (pk, sk). See also par. 0073); 
proof verification step: verifying, by a validator by using the verification key, whether the ZKP is correct or not, and determining that the calculation result is correct if the verification is passed, or determining that the calculation result is wrong if the verification fails (Camenisch par. 0069 and 0070; Once this event occurs, algorithm Rec runs the knowledge extractor of the proof system (P, V), which can rewind B, to extract a witness that contains a secret s, a commitment of which is c. It can be proved that: ε′ is correct if ε, {tilde over (ε)} and (P, V) are; ε′ satisfies privacy of the owner's data if  is hiding and protocols (ComPf, ComProofVf) and (P, V) are zero-knowledge proof of knowledge systems; ε′ satisfies untraceability of the owner if (P, V) is zero-knowledge and F(c, ω) has a uniform distribution for any commitment c as soon as ω does; ε′ satisfies recoverability of the owner's data with respect to the class of distributions  such that δ−2p() is non-negligible, assuming  to be binding and ε′ to be IND-CCA secure. See also par. 0049). 
 (Camenisch par. 0033, 0056-0057); however, Camenisch does not explicitly teach a trusted Data Authenticator (DA), proof verification step: verifying, by a validator by using the verification key, whether the ZKP is correct or not, and determining that the calculation result is correct if the verification is passed, or determining that the calculation result is wrong if the verification fails; and executing, by the validator, a smart contract based on a result of the verification. 
However, in an analogous field, Camenisch (428) teaches wherein a trusted Data Authenticator (DA) (Camenisch (428) par. 0056; the encryption scheme can be used in various scenes needs to authenticator proving that a secret text), 
executing, by the validator, a smart contract based on a result of the verification (Camenisch (428) par. 0058; Thus, for example, can be the zero-knowledge, without showing the ID itself that ciphertext encrypted by a valid user ID. The step Cf) is properly proved by the user and the authentication computer 4, then in the step (g), the authenticating part 4 for allowing or refusing the user to access service according to the result of the authentication process).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the front end of Camenisch using the details of zero-knowledge-proof protocol taught in Camenisch (428) in order to securely authenticate (Camenisch (428) par. 0032).
Regarding claim 2, Camenisch and Camenisch (428) discloses the method of claim 1, 
(Camenisch par. 0032 and 0048; a user (message recipient) obtains a public-private key pair, denoted by (pk.sub.o, sk.sub.o), referred to below as a recipient key-pair. sk.sub.o is the recipient's secret (private) key, which is secret to that recipient, and pk, is the corresponding public key. This key pair can be generated in known manner via a standard PKI, and the public key pk.sub.o can be certified in the usual way. The recipient key pair (pk.sub.o, sk.sub.o) is then “enhanced” via a setup procedure performed by interaction with KEA computer 6. For this procedure, the user must possess some secret data s which is valuable to the user in the sense that she would not wish it to be disclosed. The security parameter is encoded in unary and given as an input to all algorithms. See also par. 0056 and 0064).  
Regarding claim 3, Camenisch and Camenisch (428) discloses the method of claim 1, 
Camenisch further discloses wherein the generating, by a trusted DA, a public/private key pair comprises: selecting, by the trusted DA, a digital signature mechanism to generate the public/private key pair, and announcing, by the trusted DA, the public key (Camenisch par. 0033;  as discussed above for authenticating the secret s in the commitment, together with any associated proof required by the authentication scheme to allow the KEA computer to verify that the credential/certificate is genuine and relates to the secret s in the commitment c. Details of this procedure will depend on the particular authentication system employed and are orthogonal to the key-enhancement operation described). In step 32, the KEA computer verifies the proof for the commitment c sent by the receiver computer (including verifying authenticity of the underlying secret s). Assuming the proof is valid, the KEA computer then binds the commitment c to the recipient's public key pk.sub.o in step 33. This binding can be achieved using any desired technique which permits a third party to verify that a public key pk.sub.o is bound to a particular commitment c. For example, standard cryptographic signature or certificate schemes can be used. In this example, the KEA computer generates a cryptographic signature σ on pk.sub.o and c using a secret key sk.sub.KEA of a key pair (sk.sub.KEA, pk.sub.KEA), i.e. σ=Sig(sk.sub.KEA, pk.sub.o, c) where Sig is a signing algorithm of a cryptographic signature scheme).  
Camenisch (428) further teaches wherein a trusted Data Authenticator (DA) (Camenisch (428) par. 0056; the encryption scheme can be used in various scenes needs to authenticator proving that a secret text).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the front end of Camenisch using the details of zero-knowledge-proof protocol taught in Camenisch (428) in order to securely authenticate (Camenisch (428) par. 0032).
Regarding claim 4, Camenisch and Camenisch (428) discloses the method of claim 1, 
Camenisch (428) further teaches wherein a plurality of trusted DAs are allowed, that is, private data of a user is authenticated and signed by different DAs (Camenisch (428) par. 0056; the encryption scheme can be used in various scenes needs to authenticator proving that a secret text).
(Camenisch (428) par. 0032).
Regarding claim 5, Camenisch and Camenisch (428) discloses the method of claim 1, 
Camenisch further teaches wherein the generating a key pair by using the public parameter and a verification circuit as inputs specifically comprises: running a ZKP system by using the public parameter and the verification circuit as inputs to generate the key pair (Camenisch par. 0056 and 0057;  all public parameters param.sub.e generated by the Setup algorithm, for all pairs of keys (pk, sk) generated by Keygen on input param.sub.e, for any message m in the message space of the random map Enc and any label l in its label space. Keygen(param)=(pk, sk) is an algorithm which, and sets the public key pk to (G, .Math., g.sub.1, g.sub.2, a, b, □.sub.1, H) and the secret key sk to (x.sub.1, x.sub.2, y.sub.1, y.sub.2, z). It then outputs the pair (pk, sk)).  
Regarding claim 6, Camenisch and Camenisch (428) discloses the method of claim 1, 
Camenisch further teaches wherein a ZKP system is run to generate a key pair, the key pair being allowed to be generated jointly by a plurality of trusted institutions or generated by a trusted process (Camenisch par. 0056 and 0057;  all public parameters param.sub.e generated by the Setup algorithm, for all pairs of keys (pk, sk) generated by Keygen on input param.sub.e, for any message m in the message space of the random map Enc and any label l in its label space. Keygen(param)=(pk, sk) is an algorithm which, and sets the public key pk to (G, .Math., g.sub.1, g.sub.2, a, b, □.sub.1, H) and the secret key sk to (x.sub.1, x.sub.2, y.sub.1, y.sub.2, z). It then outputs the pair (pk, sk)).
Regarding claim 7, Camenisch and Camenisch (428) discloses the method of claim 1, 
Camenisch further teaches wherein the generating, by the DU, a proof comprises: executing, by the DU, a ZKP system to generate a proof (Camenisch par. 0069 and 0070; Once this event occurs, algorithm Rec runs the knowledge extractor of the proof system (P, V), which can rewind B, to extract a witness that contains a secret s, a commitment of which is c. It can be proved that: ε′ is correct if ε, {tilde over (ε)} and (P, V) are; ε′ satisfies privacy of the owner's data if  is hiding and protocols (ComPf, ComProofVf) and (P, V) are zero-knowledge proof of knowledge systems; ε′ satisfies untraceability of the owner if (P, V) is zero-knowledge and F(c, ω) has a uniform distribution for any commitment c as soon as ω does; ε′ satisfies recoverability of the owner's data with respect to the class of distributions  such that δ−2p() is non-negligible, assuming  to be binding and ε′ to be IND-CCA secure. See also par. 0049).
Regarding claims 8-10; claims 8-10 are directed to a system, a device and a computer readable medium associated with the method claimed in claim 1 respectively. Claims 8 and 10 are similar in scope to claim 1 and respectively, and are therefore rejected under similar rationale respectively. 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SANCHIT K SARKER/Examiner, Art Unit 2495