DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 05/07/2020 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly an initialed and dated copy of Applicant's IDS form 1449 filed 05/07/2020 are attached to the instant Office action. 

Acknowledgements
This communication is in response to
Application claims filed on 05/07/2020, and 
Authorization for the below examiner’s claim amendments given by email by Mr. Jeremy Schweigert (Reg. No. 56,244) on 12/21/2021.

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Examiner’s Amendment
Note: Proposed amendments marked manually with underlining and 
Drawing
Figure 1 has been amended to be labeled as “prior Art”. Replacement sheet for Figure 1 is accepted.

Claims
Claim 1. (Currently amended) A method for secure cryptographic keys generation in [[the]] a presence of untrusted units in a cryptographic system, 
the system comprising: 
a first cryptographic station A and a second cryptographic station[[s]] B
where each cryptographic station comprises n raw data generation units, KGUiA, KGUiB, with i=1, 2, ..., n, where n>1, and at least one post-processing unit CLPUA,CLPUB, respectively,
where the method comprises: 
- [[Each]] each pair of raw data generation units, KGUiA, and KGUiB, with i=1, 2, ..., n, generating a pair of data strings which are correlated to each other and sending the generated data string by KGUiA to the at least one post-processing unit of the first cryptographic station and sending the generated data string by KGUiB to the at least one post-processing unit of the second cryptographic station; 
s, CLPUA, CLPUB: 
- applying a post-processing procedure to each received data string for generating a cryptographic key, KAi, KBi or an error symbol for each respective raw data generation unit, 
where the post-processing procedure includes at least one information reconciliation operation between the post-processing units of both cryptographic stations via an authenticated communication channel and a first privacy amplification procedure [[to extract a shorter key]]; 
- concatenating the generated cryptographic keys to form a first concatenated cryptographic key KA'=[KA1, KA2,..., KAM] and a second concatenated cryptographic key KB’ =[ KB1, KB2,..., KBM] where M is [[the]] a number of pairs of generated cryptographic keys in both cryptographic stations which are different from the error symbol; 
- applying an additional privacy amplification procedure operation to the first concatenated cryptographic key and to the second concatenated cryptographic key to extract a first and a second secure cryptographic keys respectively, KA and KB-, 
wherein KA and KB- are shorter in length than KA' and KB’, respectively,
wherein KA and KB- are securely generated in the presence of at least one untrusted raw data generation units, KGUiA, and KGUiB. 

a presence of untrusted units in a cryptographic system, the system comprising: 
a first cryptographic station A and a second cryptographic station[[s]] B A, KGUB AI, CLPUBI’, I= 1,2,..., s, l'=1, 2,..., s', respectively, where the method comprises: 
- KGUA generating s data strings and sending one generated data string to each CLPUAI and 
KGUB generating s' data strings which are correlated to the data strings generated by KGUA and sending one generated data string to each CLPUBI’; 
- [[Each]] each post-processing unit of the first and second cryptographic stations: 
- applying a post-processing procedure to each received data string for generating a cryptographic key or an error symbol for each received data string, 
where the post-processing procedure includes at least one information reconciliation operation between the post-processing units of both cryptographic stations via an authenticated communication channel and a first privacy amplification procedure [[to extract a shorter key]]; 

- generating a share of a secure cryptographic key by applying an error verification procedure and an additional privacy amplification procedure operation to the received cryptographic keys shares to extract keys that are shorter in length than a concatenation of the received cryptographic keys shares, 
wherein the keys are securely generated in the presence of at least one untrusted post-processing units CLPUAi, CLPUBi’, wherein the extracted keys are not accessible to the untrusted post-processing units CLPUAi, CLPUBi’.[[;]]

Claim 3. (Currently amended) A method for secure cryptographic keys generation in [[the]] a presence of untrusted units in a cryptographic system, the system comprising: 
a first cryptographic station A and a second cryptographic station[[s]] B 
where each cryptographic station comprises at least one raw data generation unit, KGUA, KGUB and more than one post-processing units CLPUAi, CLPUBi’, i'= 1, 2, ..., s, i'=1, 2…,s’, respectively,
where the method comprises: 
the at least one raw data generation units in the first and second cryptographic stations generating a data string, RA, RB respectively which are correlated to each other, 
dividing the generated data 4strings into two or more shares and distributing them among the post-processing units of the first and second cryptographic stations respectively where K'Aij is the j-th share of RA received by CLPUAi and K'Bi’j’ is the j'-th share of RB received by CLPUBi’; 
- [[Each]] each post-processing unit of the first and second cryptographic stations: 
- obtaining from each received share of the data strings a key generation sub-string share K'Aij,key, K'Bi'j',key, which is a subset of its respective share; 
- applying a post-processing procedure to the key generation sub-strings shares for generating secure cryptographic key shares, 
where said post-processing procedure includes at least one information reconciliation operation between the post-processing units of both cryptographic stations via an authenticated communication channel and a privacy amplification procedure to extract [[a shorter key]] keys shorter in length than K'Aij and K'Bi’j’,
wherein the extracted keys are securely generated in the presence of at least one untrusted post-processing units CLPUAi, CLPUBi’, 
wherein the extracted keys are not accessible to the untrusted post-processing units CLPUAi, CLPUBi’.

- wherein the information reconciliation operation includes an error correction procedure which comprises: 
- applying in each post-processing unit of the first and second cryptographic stations [[certain]] predefined matrices MEC to the key generation sub-strings shares for obtaining data strings sAij=MEC* K'Aij,key, [[sBj']] sBi’j'=MEEC* K'Bi'j',key respectively; 
- obtaining in each post-processing unit of the first and second cryptographic stations a reconstructed data string sA, sB defined as SA= SA1 ⊕…⊕SAq and SB= SB1 ⊕…⊕SBq’ respectively, 
where SAj, j= 1, 2, ..., q, is obtained from sAij by using majority voting on q shares and SBj’, j’= 1, 2, ..., q’, is obtained from sBi’j' by using majority voting on q’ shares; 
- modifying a value of the key generation sub-strings K'Aij,key, K'Bi'j',key depending on A and sB; 
- repeat [[the three steps of]] the error correction procedure until the error is below a predefined threshold; 
- where the information reconciliation operation includes an error verification procedure which comprises: 
- [[The]] the post-processing units of the first cryptographic station randomly selecting a two-universal hash function, hash, and applying it to the key generation sub-strings shares obtained after the error correction procedure, [[KAij,key]] K'Aij,key, obtaining hAij=hash([[KAij,key]] K'Aij,key), and each 5post-processing unit of the second cryptographic Bij=hash([[KBi'j',key]] K'Bi'j',key) and each post-processing unit sending the shares hAij and hBi’j’ to all the post-processing units in [[his]] its own cryptographic [[unit]] station and to all the post-processing units in the other cryptographic [[unit]] station; 
- obtaining in each post-processing unit a reconstructed data string hA, hB respectively as hA = hA1 ⊕ …⊕ hAq and hB = hB1 ⊕ …⊕ hBq’Aj, j= 1, 2, ..., q, is obtained from hAij by using majority voting -on q shares and hBj’, j’= 1, 2, ..., q’,  is obtained from hBi’j’ by using majority voting -on q’ shares [[.]];
- [[Each]] each of the post-processing units checking whether or not hA= hB and [[if]] when they are equal they proceed to the privacy amplification procedure, otherwise outputting an abort symbol[[.]];
[[Where]] where the privacy amplification procedure comprises:
-[[The]] the post-processing units of the first cryptographic station randomly selecting a two universal hash function hashPA, and then obtaining shares of a secure cryptographic [[unit]] key as KAij=hashPA ([[KAij,key]] K'Aij,key) and each post-processing unit of the second cryptographic station obtaining shares of a secure cryptographic [[unit]] key as KBi’j’=hashPA ([[KBi'j',key]] K'Bi'j',key).

5. (Currently amended) The method according to claim 3 
- [[Each]] each post-processing unit of the first and second cryptographic stations, obtaining from each received share of the data strings, a parameter estimation Aij,est, K'Bi'j',est and sending said parameter estimation sub-strings shares to [[the rest of post-processing units of the cryptographic unit]] -all post-processing units in the first and second cryptographic stations.

Claims 6-7. (Cancelled).

Claim 8. (Currently amended) The method according to claim 1 wherein the pair of data strings generated by each pair of raw data generation units, KGUiA and KGUiB, i=1, 2, ..., n, of the first and second cryptographic stations respectively, are generated using a quantum key distribution mechanism.  

Claim 9. (Currently amended) The method according to claim 2 wherein each pair of data strings generated by each pair of raw data generation units KGUA and KGUB of the first and second cryptographic stations respectively are generated using a quantum key distribution mechanism.
 
Claim 10. (Currently amended) A system for secure cryptographic keys generation in a presence of untrusted units, the system comprising: 
a first cryptographic station A and a second cryptographic station[[s]] BiA, KGUiB, with i=1, 2, ..., n, where n>1, and at least one post-processing unit CLPUA, CLPUB, respectively, wherein KGUiA, KGUiB, CLPUA and CLPUB are physical units or program units executed on physical processors in their respective cryptographic station, wherein: 
- [[Each]] each pair of raw data generation units, KGUiA and KGUiB, comprising means for generating a pair of data strings which are correlated to each other and sending the generated data string by KGUiA, to the at least one post-processing unit of the first cryptographic station and sending the generated data string by KGUiB, to the at least one post-processing unit of the second cryptographic station; 
- [[The]] the at least one post-processing units of the first and second cryptographic stations, CLPUA, CLPUB being configured for: 
- applying a post-processing procedure to each received data string for generating a cryptographic key, KAi,, KBi, or an error symbol for each respective raw data generation unit, 
where the post-processing procedure includes at least one information reconciliation operation between the post-processing units of both cryptographic stations via an authenticated communication channel and a first privacy amplification procedure [[to extract a shorter key]]; 
- concatenating the generated cryptographic keys to form a first concatenated cryptographic key KA'=[KA1, KA2,..., KAM] and a second concatenated cryptographic key KB’ =[ KB1, KB2,..., KBM] where M is [[the]] a number of pairs of generated cryptographic keys in both cryptographic stations which are different from the error symbol; 
- applying an additional privacy amplification procedure operation to the first concatenated cryptographic key and to the second concatenated cryptographic key to extract a first and a second secure cryptographic keys respectively, KA and KB-, 
wherein KA and KB- are shorter in length than KA' and KB’, respectively,
wherein KA and KB- are securely generated in the presence of at least one untrusted raw data generation units, KGUiA, and KGUiB.  

Claim 11. (Currently amended) A system for secure cryptographic keys generation in a presence of untrusted units, the system comprising: 
a first cryptographic station A and a second cryptographic station[[s]] B A, KGUB respectively and more than one post-processing units CLPUAI, CLPUBI’, I= 1, 2, ..., s, I'=1, 2...,s', 
wherein KGUA, KGUB, CLPUAI, and CLPUBI’ are physical units or program units executed on physical processors in their respective cryptographic station, wherein:  
8- KGUA comprising means for generating s data strings and sending one generated data string to each CLPUAI and KGUB comprising means for generating s' data strings which are correlated to the data strings generated by KGUA and sending one generated data string to each CLPUBI’; 
- [[Each]] each post-processing unit of the first and second cryptographic station being configured for: 
- applying a post-processing procedure to each received data string for generating a cryptographic key or an error symbol for each received data string, 
where the post-processing procedure includes at least one information reconciliation operation between the post-processing units of both cryptographic 
- dividing the generated cryptographic keys into two or more shares and distributing them among the rest of post-processing units of the first and second cryptographic stations respectively; 
- generating a share of a secure cryptographic key by applying an error verification procedure and an additional privacy amplification procedure operation to the received cryptographic keys shares to extract keys that are shorter in length than a concatenation of the received cryptographic keys shares, wherein the extracted keys are securely generated in the presence of at least one untrusted post-processing units CLPUAi, CLPUBi’, wherein the extracted keys are not accessible to the untrusted post-processing units CLPUAi, CLPUBi’.[[;]]
  
Claim 12. (Currently amended) A system for secure cryptographic keys generation in a presence of untrusted units, the system comprising: 
a first cryptographic station A and a second cryptographic station[[s]] B A, KGUB and more than one post-processing units CLPUAi, CLPUBi’, i= 1, 2, ..., s, i'=1, 2…,s', respectively, 
wherein KGUA, KGUB, CLPUAi and CLPUBi’ are physical units or program units executed on physical processors in their respective cryptographic station, where: 
- [[The]] the at least one raw data generation units in the first and second cryptographic stations generating a data string, RA, RB respectively which are correlated ij is the j-th share of RA received by CLPUAi and K'Bi’j’ is the j'-th share of RB received by CLPUBi’; 
- [[Each]] each post-processing unit of the first and second cryptographic station being configured for:  
9- obtaining from each received share of the data strings a key generation sub-string share K'Aij,key, K'Bi'j',key, which is a subset of its respective share; 
- applying a post-processing procedure to the key generation sub-strings shares for generating secure cryptographic key shares, 
where said post-processing procedure comprises an information reconciliation operation between the processing units of both cryptographic stations via an authenticated communication channel and a privacy amplification procedure to extract keys shorter in length than K'Aij and K'Bi’j’, wherein the keys are securely generated in the presence of at least one untrusted post-processing units CLPUAi, CLPUBi’, wherein the extracted keys are not accessible to the untrusted post-processing units CLPUAi, CLPUBi’.  
Claim 13. (Cancelled). 

Allowable Subject Matter
Above Claims 1-5 and 8-12 are allowed.
The following is a statement of reasons for indication of allowable subject matter.

Guinnard (US 20160134420 A1),
Bovino (US 20130208894 A1),
Murakami (US 10057058 B2),
Bunandar (US 20160352515 A1),
Jacobs (US 20130315395 A1),
Chen, A practical two-way system of quantum key distribution with untrusted source, 2011 Chinese Phys. B 20 100305.
Guinnard discloses Quantum Key Distribution (QKD) system adapted to carry out a synchronization of quantum communication channel with the help of a service channel, where the system includes two QKD stations, where each station comprises a post processing unit and clock unit, where the receiver station and emitter station in the quantum system perform basis reconciliation, quantum bit error rate estimation and error correction in the privacy amplification. Bovino discloses cryptographic key distribution system, where raw keys generated by devices A and B, after having generated raw keys, the devices A and B carry out two further steps that result in the generation of a single cryptographic key known only by said devices A and B. These further steps of the BB84 protocol are respectively known as information reconciliation and privacy amplification. Murakami discloses a quantum-key distribution apparatus comprising transmitter and receiver and includes a quantum-key sharer, a shifter, a corrector, a privacy amplifier, and an estimator. Bunandar discloses two parties generating shared secret keys, where the two parties sharing a set of correlated Gaussian data, from which they apply error correction and privacy amplification to 
While the above prior arts disclose the aforementioned concepts, however, none of the above prior arts, individually or in combination, discloses all the limitations in the manner recited in the independent claims. Specifically, none of the above prior art discloses the data generation and post-processing of data strings where data strings are processed in the manner recited in the independent claims, to extract keys that are securely generated in the presence of at least one untrusted unit partaking in the generation of the extracted key. Therefore, the above limitations in conjunction with the remaining limitations of the independent claims render the above independent claims allowable.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705.  The examiner can normally be reached on Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BASSAM A NOAMAN/Examiner, Art Unit 2497                                                                                                                                                                                                        /ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497