DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated October 8, 2021.
In the amendment dated on October 8, 2021, claims 1-2 and 5-13 have been amended, and all other claims are previously presented.
Previous claims objections are withdrawn in view of Applicant’s amendments filed on October 8, 2021.
Response to Arguments
Previous claim rejections under U.S.C. 112(b) are withdrawn as Applicant’s amendments, filed on October 8, 2021, are found persuasive.
Previous claim rejection under U.S.C. 101 is withdrawn in view of Applicant’s amendments, filed on October 8, 2021, are found persuasive.
Previous Double Patenting claims rejections is withdrawn as Applicant’s Terminal Disclaimer, filed on October 8, 2021, are found acceptable .

Allowable Subject Matter
Claims 1-13 are allowed.

Reasons For Allowance
The following is an examiner’s statement of reasons for allowance:
Independent Claims 1 and 11-13 are allowable based on the amendment presented in the amendment dated on October 8, 2021.
Specifically, the independent claim 1 now recites limitations as follows:
“A method of secure generation by a client device (A) and a server device (B) of at least a first RSA signature (H(M)^d), called current signature, of a first message to be signed (M) and a second RSA signature (H(M')^d), called next signature, of a second message to be signed (M'), with a private exponent component d of an RSA key (p, q, N, d, e), where e is a public exponent component, N is a RSA modulus, p, q primes such N = p.q and e.d = 1 modulo phi(N) with phi(N) Euler's function, 
wherein said client device (A) stores a client device private key equal to (N, dA) with dA representing a client device private exponent component, a current client value (pvA), a next client value (pvA_next) and a current client dynamic offset (hA), and 
wherein said server device (B) stores a server device private key equal to (N, dB) with dB representing a server device private exponent component, a current server value (pvB), a next server value (pvB_next), where dB = d - dA modulo phi(N), and a current server dynamic offset (hB), 
said method comprising : 
a handshake phase performed by the server device (B) comprising: 
a. receiving from the client device (A) a handshake request comprising a hash of the next client value (pvA_next), 

generating a new value (x) and updating the next server value (pvB_next) with the generated new value, 
sending to the client device (A) the generated new value (x), to be used by the client device as next client value (pvA_next), Page 3 of 18 GMT3426-6_ResponseVl10-100Application #16/469,526 Amendment dated October 7, 2021 
when the next client value (pvA_next) is not equal to said first default value (DUMMY): 
checking the value of the next server value (pvB_next), 
when the next server value (pvB_next) is equal to a second default value (NULL) and the next client value (pvA_next) equals the current server value (pvB): 
sending to the client device (A) a fix request asking the client device (A) to update the current client value (pvA) with the value of the stored next client value (pvA_next), 
generating a new value (x) and updating the next server value (pvB_next) with the generated new value, 
sending to the client device (A) the generated new value (x), to be used by the client device as next client value (pvA_next), when the next server value (pvB_next) is equal to said second 
when the next server value (pvB next) is not equal to said second default value (NULL): 
generating a new value (x) and updating the next server value (pvB_next) with the generated new value, 
sending to the client device (A) the generated new value (x), to be used by the client device as next client value (pvA_next), and 
a signing phase performed by the server device (B) after the handshake phase and generating the current signature; 
said signing phase comprising: 
a. generating a server part of the current signature (HS2) from the server device private exponent component (dB) and from an updated server dynamic offset (hB'), said updated server dynamic offset (hB') being function of the current server dynamic offset (hB) and of a server shift value (cB), said server shiftPage 4 of 18 GMT3426-6_ResponseVl10-100Application #16/469,526Amendment dated October 7, 2021 value (cB) being function of the current server value (pvB), such that the current signature can be generated by combining said server part of the current signature (HS2) and a client part of the current signature (HS1) generated by the client device (A) from the client device private exponent component (dA) and from an updated client dynamic offset (hA'), said updated client dynamic offset 
b. setting the current server dynamic offset (hB) to the updated server dynamic offset (hB') value, the current server value (pvB) to the value of the next server value (pvB_next) and the next server value (pvB_next) to said second default value (NULL), 
the current client dynamic offset (hA) being set to the updated client dynamic offset (hA') value, the current client value being set to the value of the next client value (pvA_next) and the next client value (pvA_next) being set to said first default value (DUMMY), 
performing the handshake phase and the signing phase with the next signature as current signature, for generating the next signature.”
Blaskiewicz et al. “Digital Signatures for e-Government – a Long-term Security Architecture” e-Forensics, Shanghai, 11 Nov. 2010, XP055376941, provided in the submitted IDS, is regarded as pertinent and discloses teaching that is the closest to the subject matter of claim 1. In this reference, a mediated RSA is taught where a private key d is split between the user (client device) and the central server such that d = d1 + d2. The exponents d1 and d2 might float. Additionally, Reference 1 describes a dynamic offset h, of the exponents such that the device holds d1 + h and the server holds d2 - h. During each interaction, a small number c is agreed between the device and the server, and the offset is updated h:= h+c.

In addition, the teaching from this reference describes an invention that is sensitive to device desynchronization, which is unlike claim 1 that aims to achieve a synchronized process. For example, if the client device and the server device get desynchronized, e.g. because of network issues during a signature process leading to increment the dynamic offset on the server side, but not on the client side. As the result, dynamic offsets won’t be equal anymore, and they won’t be able to interact for producing a signature anymore.
Sudia et al. (US 8,364,967), discloses a multi-step signing system and method for using multiple signing devices to affix a single signature which can be verified using a single public verification key. Each signing device possesses a share of the signature key and affixes a partial signature in response to authorization from a plurality of authorizing agents. In a serial embodiment, after a first partial signature has been affixed, a second signing device exponentiates the first partial signature. In a parallel embodiment, each signing device affixes a partial signature, and the plurality of partial signatures are multiplied together to form the final signature. Security of the system is enhanced by distributing capability 
Sudia differs from claim 1 at least based on the steps of creating or generating offsets values for client and server. Additionally, the claimed handshake phase performed by the server disclosed in claim 1 involving current and next client values, and current and next server values, the dynamic offsets (of client and server) being a function of said values, is not described by Sudia.
In addition, Sudia, like Blaskiewicz, describes an invention that is sensitive to device desynchronization, and is unlike claim 1 that aims to achieve a synchronized process.
Hwang (US 2007/0081667) discloses a method for authenticating a user to a computer system, comprising using a first input and a second input in producing a digital signature in response to a challenge. The digital signature is valid when the first input matches a personalized secret and the second input matches a trio comprising a public modulus, a public exponent, and a private-key-dependent exponent. Selection of the personalized secret is discretionary and changeable. A crypto-key generation process uses the personalized secret and two primes as input to produce the trio. The public modulus and public exponent of the trio form a public key used in digital signature validation. Also disclosed is a business method that replaces the conventional public-key certificate with an agreement on the user's public key.
Hwang differs from claim 1, at least, based on the claimed step of creating or generating offsets values for client and server. Additionally, the claimed handshake phase performed by the server disclosed in claim 1 involving current and next client values, and current and next server values, the dynamic offsets (of client and server) being a function of said values, is not described by Hwang.
In addition, similar to the deficiencies of Blaskiewicz and Sudia, Hwang describes an invention that is sensitive to device desynchronization, and is unlike claim 1 that aims to achieve a synchronized process.
None of the previous cited prior-art references or the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 1 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claim 11 is a computer program product claim of above method claim 1, Claim 12 is a server (machine/device) claim of above method claim 1, and Claim 13 is a system claim of above method claim 1; and therefore, they are also allowed.
Claims 2-10 depend on the allowed claim 1, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/A.D.C./Examiner, Art Unit 2498  

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498