DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
MPEP 201.06 states “A later application for an independent or distinct invention, carved out of a nonprovisional application (including a nonprovisional application resulting from an international application or international design application), an international application designating the United States, or an international design application designating the United States and disclosing and claiming only subject matter disclosed in the earlier or parent application, is known as a divisional application. The divisional application should set forth at least the portion of the earlier disclosure that is germane to the invention as claimed in the divisional application. A continuation-in-part application should not be designated as a divisional application. The Court of Appeals for the Federal Circuit has concluded that the protection of the third sentence of 35 U.S.C. 121 (see MPEP § 804.01) does not extend to continuation-in-part applications, stating that "the protection afforded by section 121 to applications (or patents issued therefrom) filed as a result of a restriction requirement is limited to divisional applications." Pfizer, Inc. v. Teva Pharmaceuticals USA, Inc., 518 F.3d 1353, 1362, 86 USPQ2d 1001, 1007-1008 (Fed. Cir. 2008). Thus, the disclosure presented in a divisional application must not include any subject matter which would constitute new matter if submitted as an amendment to the parent application.” (Emphasis added by Examiner).
et seq.
Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date under 35 U.S.C. 121 as follows:
The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original nonprovisional application or provisional application). The disclosure of the invention in the parent application and in the later-filed application must be sufficient to comply with the requirements of 35 U.S.C. 112(a) or the first paragraph of pre-AIA  35 U.S.C. 112, except for the best mode requirement. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994)
15/830,099, fails to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA  35 U.S.C. 112, first paragraph for one or more claims of this application. Newly presented claim 1 recites “encrypting/decrypting the private key with a zero-knowledge encryption function”. At least this subject matter is not found in the prior-filed Application. Therefore, in view of the newly submitted subject matter, the divisional claim from prior filed Application No. 15/830,099 is improper and no benefit of its earlier filing date should be granted for the current Application.

Election/Restrictions
Applicant’s election without traverse of claims 1-12 in the reply filed on 03/09/2022 is acknowledged.

Status of claims
Claims 13-19 were canceled.
Claims 1-12 are pending.
Claims 1-12 were examined.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.


The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-12 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.

Claim 1 recites “a client device comprising a decentralized client application”.The specification as filed is silent regarding the claimed client device. The specification as filed is also silent regarding a "decentralized client application". Specifically, while the specification as filed discloses both decentralized apps (i.e. Fig. 16, Dapp 1054 distinct from the user client) and client applications (i.e. a zkWallet client application 1000). In fact, one of ordinary skill would reasonably convey that the terms “decentralized” and “client” as modifiers for the noun “application” convey, under broadest reasonable interpretation, a meaning not envisioned by the disclosure (i.e. a decentralized application as part of the client”. Therefore, the specification as filed does not provide sufficient written description for the claimed language (see MPEP 2161.01). Dependent claims 2-12 are also rejected since they depend on claim 1.


“[0028] Furthermore, embodiments of the invention are directed to a method of generating zero-knowledge (ZK) wallet or zkWallet that provides a new way of interacting with Decentralized Apps or Dapps. A zkWallet provides the security of a non-custodial wallet and the convenience of a custodial wallet. In this new approach, the keys are generated on client side and Zero Knowledge (ZK) encryption is used on client side to encrypt the keys such that the Dapp or Platform only stores the encrypted private key and only the user knows how to decrypt it. This new ZK approach doesn't need any third-party extension like Metamask and works in both web and mobile apps. The service provider/platform/crypto exchange doesn't have knowledge of the user's private key. This new approach eliminates any third party between the user and the user's crypto assets. The user owns the private key and the linked crypto assets. Zero Knowledge Encryption is used at the client-side, so only the user can access the private key and sign transactions with the private key. The service provider/platform/crypto exchange cannot sign a transaction on user's behalf. When a user has to send a transaction, the encrypted private key stored in the zkWallet Server is sent to user's device where it is decrypted. The user then signs the transaction with the decrypted private key on the device itself and relays the signed transaction to the zkWallet Server. 
[0121] Referring to FIG. 15, an illustration of the process of wallet setup and key generation with zkWallet, according to an embodiment of the present invention is now described in detail. A User with zkWallet client application 1000 sends a request 1004 to sign-up with zkWallet server. At the next step, 1006, the wallet is initialized and a random mnemonic seed is generated. At the next step, 1008, a public-private keypair is generated based on the mnemonic seed. At the next step, 1010, the private key is encrypted with zero knowledge encryption on client side (in zkWallet client). At the next step, 1012, the encrypted private key is uploaded to zkWallet Server. The zkWallet Server stores the encrypted private key with user credentials (email/username/ID) at the next step 1018. The zkWallet Server sends confirmation to the zkWallet client at step 1014. The private is then purged from the zkWallet client at step 1016. ”
not reasonably understand the term as a term of art. Examiner notes that this “encryption” does not follow a known Zero-knowledge protocol since it’s performed locally at the client device. It appears Applicant attempts to define a term without explicitly providing a lexicographic definition and/or detailing the algorithm of the function. Therefore, the specification as filed does not provide sufficient written description for the claimed language (see MPEP 2161.01). In other words, the algorithm or steps/procedure taken to perform the function must be described with sufficient detail so that one of ordinary skill in the art would understand how the inventor intended the function to be performed. For purposes of examination, the term “zero-knowledge encryption function” is being interpreted as (any) “client-side encryption function”. Dependent claims 2-12 are also rejected since they depend on claim 1.

Claim 1 recites “decrypting the encrypted private key on the client application with a zero-knowledge decryption function, defining a decrypted private key;”. The specification as filed recites, inter alia:
“[0028] Furthermore, embodiments of the invention are directed to a method of generating zero-knowledge (ZK) wallet or zkWallet that provides a new way of interacting with Decentralized Apps or Dapps. A zkWallet provides the security of a non-custodial wallet and the convenience of a custodial wallet. In this new approach, the keys are generated on client side and Zero Knowledge (ZK) encryption is used on client side to encrypt the keys such that the Dapp or Platform only stores the encrypted private key and only the user knows how to decrypt it. This new ZK approach doesn't need any third-party extension like Metamask and works in both web and mobile apps. The service provider/platform/crypto exchange doesn't have knowledge of the user's private key. This new approach eliminates any third party between the user and the user's crypto assets. The user owns the private key and the linked crypto assets. Zero Knowledge Encryption is used at the client-side, so only the user can access the private key and sign transactions with the private key. The service provider/platform/crypto exchange cannot sign a transaction on user's behalf. When a user has to send a transaction, the encrypted private key stored in the zkWallet Server is sent to user's device where it is decrypted. The user then signs the transaction with the decrypted private key on the device itself and relays the signed transaction to the zkWallet Server. 
[0123] Referring to FIG. 17, an illustration of the process of signing and sending transactions with zkWallet, according to an embodiment of the present invention is now described in detail. A User with zkWallet client application 1100 sends a request to send a transaction to the Dapp 1104 at step 1108. The Dapp 1104 generates a raw transaction at step 1114. The Dapp 1104 updates a pending transaction sign request in the zkWallet server 1102 at step 1112. The zkWallet server 1102 sends a notification to the zkWallet client 1100 to sign the transaction at step 1110. The zkWallet client 1100 requests the encrypted private key from zkWallet server 1102 at step 1116. The zkWallet server 1102 returns the encrypted private key at step 1118. The zkWallet client 1100 decrypts the private key at step 1120. The user signs the raw transaction with private key in the zkWallet client app 1100 at step 1122. The zkWallet client 1100 sends the signed transaction to the Dapp 1104 at step 1124. The Dapp 1104 relays the signed transaction to the blockchain network 1106 at step 1128. The blockchain network 1106 returns a transaction confirmation to the Dapp 1104 at step 1130. The Dapp 1104 returns the transaction confirmation to the user 1100 at step 1126.”
Therefore, the specification does not disclose a "zero-knowledge decryption function". One of ordinary skill would not reasonably understand the term as a term of art. Examiner notes that this “decryption” function does not follow a known Zero-knowledge protocol, for instance. It appears Applicant attempts to newly define a term without explicitly providing a lexicographic definition and/or detailing the algorithm of the function. Therefore, the specification as filed does not provide sufficient written description for the claimed language (see MPEP 2161.01). In other words, the algorithm or steps/procedure taken to perform the function must be described with sufficient detail 

Claim 5 recites “computing a first authentication output using a function that uses the user ID and the random number as inputs, computing a response value using a function that uses first authentication output as an input”. The specification as filed recites, inter alia:
“[0132] ...The server 1714 may input the UID and RN to the authentication function f1 (1800) and may feed the function f1 output to the authentication function f2 (1802) to compute the RES field which may be used in a later process step…
[0133] … At the client, the UID and RN as given as input to the authentication function f1 (1900) and its output may then be fed to authentication function f2 (1902) to compute the RES field... ”
Therefore, the specification as filed does not recite how the output and the response value are "computed", as claimed. The specification as filed does not detail the algorithm used in performing these claimed functions. The specification as filed merely repeats verbatim applying labeled functions (i.e. f1, f2) to obtain results, omitting, however, the algorithms used to arrive at those values. Figs. 24-26 do not cure this deficiency, as the functions are merely illustrated as boxes labeled as fn(.). Therefore, the specification as filed does not provide sufficient written description for the claimed language (see MPEP 2161.01). In other words, the algorithm or steps/procedure taken to perform the function must be described with sufficient detail so that one of ordinary 

Claim 6 recites “computing an anonymity key using a function that uses first authentication output as an input; computing a sequence number by performing an exclusive-or operation with the zero-knowledge authentication number and the anonymity key; computing a message authentication code using a function that uses the first authentication output, the sequence number, and the client ID number as inputs; ”. The specification as filed recites, inter alia:
“[0133]… Similarly, the output of the authentication function f1 (1900) may be given as input to authentication function f3 (1904), f4 (1906) and f5 (1908) respectively to compute the Cipher Key (CK), Integrity Key (IK) and Anonymity Key (AK). Next, the ZKAN and AK are XORed to get the SN. Next the output of the authentication function f1 (1900), Sequence Number (SN) and Client ID (CID) may be given as input to the authentication function f6 (1912) to compute the Message Authentication Code (MAC)”
Therefore, as the specification as filed does not recite how the key, number and code are "computed", as claimed. The specification as filed does not detail the algorithm used in performing these claimed functions. The specification as filed merely repeats applying functions (i.e. f1, f2, f3, f4, f5, f6) to obtain results, omitting, however, the functions used to arrive at those values. Figs. 24-26 do not cure this deficiency, as the functions are merely illustrated as boxes labeled as fn(.). Therefore, the specification as filed does not provide sufficient written description for the claimed language (see MPEP 2161.01). In other words, the algorithm or steps/procedure taken to perform the function must be described with sufficient detail so that one of ordinary skill in the art would 

Claim 6 recites “computing a sequence number by performing an exclusive-or operation with the zero-knowledge authentication number and the anonymity key”. The specification as filed recites, inter alia:
“[0131]… " Sequence Number (SN) - A new SN may be generated on each connection setup…
[0132] Referring now additionally to FIG. 25 and continuing to refer to FIG. 24, a method aspect of the present invention for deriving authentication vectors at server is described in more detail. The server 1714 may input the UID and RN to the authentication function f1 (1800) and may feed the function f1 output to the authentication function f2 (1802) to compute the RES field which may be used in a later process step. Similarly, the output of the authentication function f1 (1800) may be given as input to authentication function f3 (1804), f4 (1806) and f5 (1810) respectively to compute the Cipher Key (CK), Integrity Key (IK) and Anonymity Key (AK). Next the output of the authentication function f1 (1800), Sequence Number (SN) and Client ID (CID) may be given as input to the authentication function f6 (1812) to compute the Message Authentication Code (MAC). The SN is then XORed with AK and concatenated to CID and MAC to compute the Zero Knowledge Authentication Number (ZKAN). At step 1704, the server 1714 may authenticate to the client 1700 by sending the RN and ZKAN. 
[0133] Referring now additionally to FIG. 26 and continuing to refer to FIG. 24, a method aspect of the present invention for deriving authentication vectors at the client is described in more detail. At the client, the UID and RN as given as input to the authentication function f1 (1900) and its output may then be fed to authentication function f2 (1902) to compute the RES field. Similarly, the output of the authentication function f1 (1900) may be given as input to authentication function f3 (1904), f4 (1906) and f5 (1908) respectively to compute the Cipher Key (CK), Integrity Key (IK) and Anonymity Key (AK). Next, the ZKAN and AK are XORed to get the SN. ”

Therefore, the specification as filed recites the ZKAN generated by the server as "The SN is then XORed with AK and concatenated to CID and MAC to compute the Zero Knowledge Authentication Number (ZKAN)" The specification also recites that "the ZKAN and AK are XORed to get the SN". However, the specification as filed does not describe with sufficient detail in which manner a ZKAN computed by XORing a SN with AK and concatenating to CID and MAC can simply be XORed with the AK to obtain the SN1, the specification as filed does not provide sufficient written description for the claimed language (see MPEP 2161.01). In other words, the algorithm or steps/procedure taken to perform the function must be described with sufficient detail so that one of ordinary skill in the art would understand how the inventor intended the function to be performed. Dependent claim 7 is also rejected since it depends on claim 6.

Claim 7 recites “computing a cypher key using a function that uses first authentication output as an input; computing an integrity key using a function that uses first authentication output as an input”. The specification as filed recites, inter alia:
“[0133]… Similarly, the output of the authentication function f1 (1900) may be given as input to authentication function f3 (1904), f4 (1906) and f5 (1908) respectively to compute the Cipher Key (CK), Integrity Key (IK) and Anonymity Key (AK). ”

Therefore, as the specification as filed does not recite how the cypher key and integrity key are "computed", as claimed. The specification as filed does not detail the algorithm used in performing these claimed functions. The specification as filed merely repeats applying functions (i.e. f1, f2, f3, f4, f5, f6) to obtain results, omitting, however, the functions used to arrive at those values. Figs. 24-26 do not cure this deficiency, as the functions are merely illustrated as boxes labeled as fn(.)., the specification as filed does not provide sufficient written description for the claimed language (see MPEP 2161.01). In other words, the algorithm or steps/procedure taken to perform the function must be described with sufficient detail so that one of ordinary skill in the art would understand how the inventor intended the function to be performed.

Claims 9-12 recite “a further "identity registration and certification procedure", comprising sending… receiving… signing… sending... receiving... sending… and ending with "receiving a session token from the decentralized application"”. The specification as filed recites, inter alia:
“[0067] An embodiment of the invention provides a system and associated methods for securely linking blockchain accounts to real users. Referring to FIG. 2, the user registration and certification process, for securely linking blockchain accounts to real users, is described in more detail. User registration process is done to link a real user 250 to one or more blockchain accounts. For the registration process, the user 250 either uses a registration application either on mobile or a desktop computer. In the registration application, the user provides the identification information (including fields such as name, address, date of birth and other identification information), scanned identification card (such as a driver license, passport or other types of ID cards), fingerprints and other biometric data, user photo, and any other type of data that can be used to identify the user. Each data field provided by the user in the registration application (collectively referred to as the 'UserData' 256) is hashed using a one-way hash function 258, generating hashed data 260. The registration application then creates a new smart contract from this hashed data 260, which is referred to as the 'Seal Contract' 262. The transaction to create this new Seal Contract 262 on the blockchain network is signed by the user's private key. The Seal Contract 262 maintains a record of the hashed user data19 and the user's address on the blockchain network. A separate private and/or permissioned blockchain 254 may be used for user identity management, where the Seal Contract is deployed. When the transaction to create the new Seal Contract is mined, the user gets an address of the contract, which is referred to as the 'Sealed UserRecord Address' 264. This completes the user registration process. 
[0068] The next step is the certification process, in which the user provides the 'UserData', digitally signed and hashed 'UserData', and the 'Sealed UserRecord Address' 266 to a certification authority 252. The data is signed by the user's private key. This data may be shared with the certification authority 252 over an encrypted and secure channel, so that only the certification authority can decrypt and access the data. The certification authority 252 then verifies if the UserRecord has been created and sealed by the user 250 and if the user own's the record and the associated Seal Contract 262 by performing a certification process 268. The steps involved in the certification process 268 may include, as follows: [0069] 1. Get Hash(UserData) from Sealed UserRecord Address [0070] 2. Decrypt Sign(Hash(UserData)) with user's public key [0071] 3. Get user's fingerprints and/or biometric data, user photo and combine with other data fields from UserData to recreate UserData and then generate its hash: Hash(UserData'). 
[0072] 4. If outputs of steps 1,2,3 above are equal then create verification record as follows: 
[0073] VerificationRecord = (Hash(UserData)+Token) [0074] 5. Create a new Seal Contract with Hash(VerificationRecord) 274 as the input data. 
[0075] The transaction to create this new Seal Contract 270 on the blockchain is signed by the certification authority's private key. When the transaction to create the new Seal Contract 270 is mined, the certification authority 252 gets an address of the contract, which is referred to as the 'Sealed VerificationRecord Address' 276. 
[0076] Next the certification authority creates a new smart contract, referred to as the 'Certification Contract' 272 by providing the Sealed UserRecord Address 264, Certification Token and Sealed VerificationRecord Address 276 as the input data 278 to20 the contract. When the transaction to create the Certification Contract 272 is mined, the certification authority gets an address of the contract, which is referred to as the 'CertificationRecord Address' 280, and shares this address with the user. This completes the user certification process. The certification process establishes the ownership of the blockchain account (and its associated public-private key-pairs) to a real user 250 whose identity is verified by the certification authority 252. The certification token can be used to set a validity or a timeout period for a key-pair. After the timeout of the certification of key- pair, the certification process has to be done again. This certification renewal process adds additional security and prevents against any misuse of keys. 
[0077] Referring to FIG. 3, a method aspect of the present invention for user validation is described in more detail. A certified user 250 can then interact with blockchain applications (either smart contracts or decentralized applications). These blockchain applications may be deployed on different blockchain networks 300. When a blockchain application requests the identity of a certified user 250, the user sends the CertificationRecord Address and the signed and hashed UserData 260 to the blockchain application. The blockchain application then carries out the validation process 308. The steps involved in the validation process 308 may include, as follows: 
[0078] 1. Get Sealed UserRecord Address 304 from CertificationRecord Address 302 
[0079] 2. Get Hash(UserData) from Sealed UserRecord Address 304 
[0080] 3. Decrypt Sign(Hash(UserData)) with user's public key 
[0081] 4. Compare outputs of steps 2 and 3. If equal it proves that the UserRecord has been created and sealed by the user and the user own's the record and its seal. 
[0082] 5. Get Sealed VerificationRecord Address 306 from CertificationRecord Address 
[0083] 6. Get Hash(VerificationRecord) from Sealed VerificationRecord Address 306 
[0084] 7. Get Token from CertificationRecord Address and check if it is valid [0085] 8. Recreate verification record: VerificationRecord' = (Hash(UserData)+Token) and generate its hash: Hash(VerificationRecord')
[0086] 9. Compare outputs of steps 6 and 8. If equal, it proves that the user has been authenticated by the certification authority. 
[0087] The above steps complete the user validation process 308. Once a user has been validated, the blockchain application may generate an application specific session token 310 (with a short validity), so that the user can interact 312, 314 further with the application without going through the validation process again for each transaction. A reference implementation of Seal 350 and Certification 352 smart contracts, according to an embodiment of the invention, is shown in FIG. 4. [0088] An embodiment of the invention provides a system and associated methods for key generation and management, where a user can generate a large number of keys in a deterministic manner for use on a single blockchain network or across multiple blockchain networks. ”
Therefore, Fig. 2 displays a user interacting with a certification authority (step 266) and an identity blockchain (steps 260, 264 and 280). Fig. 3 displays a user 250 interacting with Dapps on other blockchains, represented by arrows 260 and 310-314. Paragraph [0087] recites "the blockchain application may generate an application specific session token 310 (with a short validity)". Claim 1 is directed to a "method for implementing zero-knowledge private key management for decentralized applications on a client device comprising a decentralized client application", represented by newly introduced Figs 15-27. It appears there is a severe instance of mixed embodiments recited by claims 9-12. One of ordinary skill in the art would not be able to reasonably convey in which manner the embodiment of claim 1 "further comprises" the steps recited in claim 9. It appears claim 9 attempts to attribute to the client device steps performed by entities 252, 254 and 300, inter alia. Examiner was unable to find in the Examiner is unable to construe the broadest reasonable interpretation of claims 9-12. Examiner cordially requests that Applicant provides a mapping of dependent claims 9-12 in the context of independent claim 1. Therefore, the specification as filed does not provide sufficient written description for the claimed language (see MPEP 2161.01). In other words, the algorithm or steps/procedure taken to perform the function must be described with sufficient detail so that one of ordinary skill in the art would understand how the inventor intended the function to be performed. Dependent claim 9 is also rejected since it depends on claims 10-12, respectively.

Claim 1 recites “a method for implementing zero-knowledge private key management for decentralized applications on a client device comprising a decentralized client application comprising”. This language is unclear as it is unclear by the preamble language which entity performs the recited steps. For instance, are the steps directed to a "decentralized client application", a "client device comprising a decentralized client application" or both? It is also unclear whether "comprising a decentralized application" refers to "client device" or "A method". This duality renders the scope of the claims unclear as one of ordinary skill would not be able to reasonably 

Claim 1 recites: “decrypting the encrypted private key on the client application with a zero- knowledge decryption function, defining a decrypted private key;”. It is unclear by the claim language whether the language “defining a… key” refers to “decrypting” (i.e. “decrypting… key (equals to) defining… key…”), whether it refers to “function” (i.e. “function, defining a decrypted private key”), or whether it refers to “another method step” (i.e. “A. decrypting…, B. defining…”). Given the duality found in the claim one of ordinary skill in the art would be unable to reasonably determine what is encompassed by the "decrypting" step in claim 1. This duality renders the scope of the claims unclear. Dependent claims 2-12 are also rejected since they depend on claim 1.

Claim 1 recites: “signing the raw transaction with the decrypted private key, defining a signed transaction”. It is unclear by the claim language whether the language “defining a… transaction” refers to “signing” (i.e. “signing… transaction (equals to) defining… transaction”), whether it refers to “the decrypted private key” (i.e. “the decrypted private key, defining a signed transaction”), or whether it refers to “another method step” (i.e. “A. signing…, B.defining…”). Given the duality found in the claim one of ordinary skill in the art would be unable to reasonably determine what is encompassed by the "signing" step in claim 1. This duality renders the scope of the claims unclear. Dependent claims 2-12 are also rejected since they depend on claim 1.

Claim 6 recites: “identifying a message authentication code comprised by the zero-knowledge authentication number, defining a received message authentication code”. It is unclear by the claim language whether the language “defining a… code” refers to “identifying” (i.e. “identifying… code… (equals to) defining… code…”), whether it refers to “number” (i.e. “authentication number, defining a received message authentication code”), or whether it refers to “another method step” (i.e. “A. identifying… B. defining…”). Given the duality found in the claim one of ordinary skill in the art would be unable to reasonably determine what is encompassed by the "identifying" step in claim 6. This duality renders the scope of the claims unclear. Dependent claim 7 is also rejected since it depends on claim 6.

Claim 11 recites: “sending a transaction to an identity smart contract on an identity blockchain network comprising a new user function, an identification string, and the hashed user data, defining a user creation transaction”. It is unclear by the claim language whether the language “comprising a new user function…” refers to “transaction” (i.e. “transaction… comprising… function... string…”), or whether it refers to “network” (i.e. “network comprising… function... string... data...”). 

Claim 11 recites: “sending a transaction to an identity smart contract on an identity blockchain network comprising a new user function, an identification string, and the hashed user data, defining a user creation transaction”. It is unclear by the claim language whether the language “defining a user creation transaction” refers to 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5 are rejected under 35 U.S.C. 103 as being unpatentable over Sundaresan (US 10,637,665 B1) in view of Chandrasekhar et al. (US 9,954,828 B1).

With respect to claim 1, Sundaresan teaches a method for implementing zero-knowledge private key management for decentralized applications on a client device 
initializing a wallet on the decentralized client application (see col. 3, lines 34 and 35; Fig. 10, mobile device, col. 9, line 64 to col. 10, line 3); 
generating each of a public key and a private key on the decentralized client application; (see col. 3, lines 38 and 39); 
sending a transaction request to a decentralized application (see registering with the DIM CRL Blockchain contract, col. 4, line 64 to col. 5, line 54); 
receiving a raw transaction at the decentralized client application (see Fig. 8, Transaction T signature request with Hash Value hv, col. 8, lines 1-20); 
signing the raw transaction with the decrypted private key, defining a signed transaction (see col. 3, lines 43 and 44; Fig. 8, Transaction signature sign_hv, col. 8, lines 1-20); transmitting the signed transaction to the decentralized application; and (see Fig. 8, Transaction signature sign_hv, col. 8, lines 1-20); 
Sundaresan does not explicitly disclose a method comprising: registering an account with a verifier server; encrypting the private key with a zero-knowledge encryption function on the decentralized client application, producing an encrypted private key; transmitting the encrypted private key to the verifier server; removing the private key from the decentralized client application; requesting the encrypted private key from the verifier server; receiving the encrypted private key from the verifier server at the decentralized client application; decrypting the encrypted private key on the client application with a zero- knowledge decryption function, defining a decrypted private key; 

However, Chandrasekhar et al. disclose a method (Protection of data stored in the cloud) comprising: 
registering an account with a verifier server (see col. 4, lines 21-40); encrypting the private key with a zero-knowledge encryption function on the decentralized client application, producing an encrypted private key (see Fig. 2, cloud application client 210 and cloud data protection module running on the same client device, col. 3, lines 15-17; module 220 "generates a plaintext (i.e. unencrypted) encrytion key… encrypts the encryption key…", col. 3, lines 58-65; col. 4, lines 41-60; Fig 3, col. 5, lines 51-64); 
transmitting the encrypted private key to the verifier server (see "provides the encrypted encryption key to the key server 260 for storage", col. 3, lines 65-66; col. 4, lines 61-63); 
removing the private key from the decentralized client application (see "While operating with the cloud application client 210, the cloud data protection module 220 keeps the customer's plaintext private key in volatile memory, such as in main random access memory (RAM). This ensures that the plaintext private key is gone when the computing device running the cloud data protection module 220 is rebooted or powered off. The cloud data protection module 220 also deletes the plaintext private key when done, thus requiring retrieval of the encrypted 
requesting the encrypted private key from the verifier server (see Fig. 2, arrow 202, "If the plaintext private key is not locally available ( e.g., the customer just recently logged in to the system), the cloud data protection module 220 obtains the customer's credential (see arrow 201), requests the key server 260 to provide the customer's encrypted private key (see arrow 202), col. 5, lines 39-44); receiving the encrypted private key from the verifier server at the decentralized client application (see Fig. 2, arrow 202, col. 5, lines 39-44); decrypting the encrypted private key on the client application with a zero- knowledge decryption function, defining a decrypted private key (see Fig. 2, "decrypts the encrypted private key back to the plaintext 45 private key using the customer's credential", col. 5, lines 45 and 46); 
removing each of the encrypted private key and the decrypted private key from the decentralized client application (see "While operating with the cloud application client 210, the cloud data protection module 220 keeps the customer's plaintext private key in volatile memory, such as in main random access memory (RAM). This ensures that the plaintext private key is gone when the computing device running the cloud data protection module 220 is rebooted or powered off. The cloud data protection module 220 also deletes the plaintext private key when done, thus requiring retrieval of the encrypted private key from the key server 260 for the next session" col. 4, line 64 to col. 5, line 6; "The first computing device also removes the plaintext encryption key from the first 

Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the private key storage on a cloud server instead of storing the private key on the client itself as disclosed by Chandrasekhar et al. in the method of Sundaresan, the motivation being to allow the user to use the private key on another client device that hosts the cloud application client (see Chandrasekhar et al., col. 1, lines 41-52. See also paragraph [0029] of the current specification which discloses the storage location is a matter of design choice).

With respect to claim 2, the combination of Sundaresan and Chandrasekhar et al. teaches all the subject matter of the method as described above with respect to claim 1. Furthermore, Sundaresan disclose a method wherein the decentralized client application comprises a smart contract (see Fig. 8, smart contract signing, col. 8, lines 8-11). 

With respect to claim 3, the combination of Sundaresan and Chandrasekhar et al. teaches all the subject matter of the method as described above with respect to claim 1. Furthermore, Sundaresan disclose a method wherein the decentralized client application is a cryptocurrency wallet (see signing Bitcoin, Ethereum transactions, col. 7, line 55 to col. 8, line 15). 



With respect to claim 5, the combination of Sundaresan and Chandrasekhar et al. teaches all the subject matter of the method as described above with respect to claim 4. Furthermore, Chandrasekhar et al. disclose a method wherein performing the bidirectional authentication procedure comprises: 
transmitting a user ID and a client ID number to the verifier server (see password, username or both, col. 4, lines 34-40; col. 12, lines 5-12); 
receiving a random number and a zero-knowledge authentication number from the verifier server (see Fig. 1, step 102, random number y, question number generation value, paragraph [0028]); 
computing a first authentication output using a function that uses the user ID and the random number as inputs, computing a response value using a function that uses first authentication output as an input (see Fig. 1, step 103a, computing K', paragraph [0029]); 
transmitting the response value to the verifier server (see Fig. 1, step 103b, witness number B, paragraph [0030]); and 
receiving a session ID from the verifier server upon the verifier server confirming the response value received from the decentralized client application matches a . 

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Sundaresan (US 10,637,665 B1), in view of Chandrasekhar et al. (US 9,954,828 B1), and in view of Nyang et al. (US 2003/0115464 A1)
With respect to claim 6, the combination of Sundaresan and Chandrasekhar et al. teaches all the subject matter of the method as described above with respect to claim 5. The combination of Sundaresan and Chandrasekhar et al. does not explicitly teach a method wherein performing the bidirectional authentication procedure further comprises: identifying a message authentication code comprised by the zero-knowledge authentication number, defining a received message authentication code; computing an anonymity key using a function that uses first authentication output as an input; computing a sequence number by performing an exclusive-or operation with the zero-knowledge authentication number and the anonymity key; computing a message authentication code using a function that uses the first authentication output, the sequence number, and the client ID number as inputs; and comparing the message authentication code computed on the decentralized client application with the received message authentication code; 

 However, Nyang et al. discloses a method (Method of designing password-based authentication and key exchange protocol using zero-knowledge interactive proof) wherein performing the bidirectional authentication procedure further comprises: 

computing an anonymity key using a function that uses first authentication output as an input (see computing K, paragraph [0029]); 
computing a sequence number by performing an exclusive-or operation with the zero-knowledge authentication number and the anonymity key (see computing K, paragraph [0029]); 
computing a message authentication code using a function that uses the first authentication output, the sequence number, and the client ID number as inputs (see computing K', paragraph [0029]); and 
comparing the message authentication code computed on the decentralized client application with the received message authentication code (see confirming whether the server possesses the password verifier V by comparing received Auth=(H(K'|1) with computed Auth=(H(K'|1), paragraph [0029]); 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the authentication mechanisms as disclosed by Nyang et al. in the method of Sundaresan and Chandrasekhar et al., the motivation being to securely perform the general zero-knowledge proof protocol even if the password is used as the key (see Nyang et al., paragraph [0006]).

7 is rejected under 35 U.S.C. 103 as being unpatentable over Sundaresan (US 10,637,665 B1), in view of Chandrasekhar et al. (US 9,954,828 B1), in view of Nyang et al. (US 2003/0115464 A1), in view of Ying et al. (US 2018/0167807 A1).

With respect to claim 7, the combination of Sundaresan Chandrasekhar et al. and Nyang et al. teaches all the subject matter of the method as described above with respect to claim 6. The combination of Sundaresan, Chandrasekhar et al. and Nyang et al. does not explicitly teach a method further comprising: computing a cypher key using a function that uses first authentication output as an input; computing an integrity key using a function that uses first authentication output as an input; generating a message to be transmitted to the verifier server; encrypting the message with the cypher key, producing an encrypted message; concatenating the encrypted message with an output of an integrity algorithm using the integrity key and the message as inputs, defining an integrity value, the concatenation defining an encrypted integrity-protected message; and transmitting the encrypted integrity-protected message to the verifier server. 
 However, Ying et al. discloses a method (Message protection method, and related device, and system) further comprising: 
computing a cypher key using a function that uses first authentication output as an input (see Fig. 2, generate first key 202, paragraphs [0236]-[0238]; first key including a first cyphering key, paragraphs [0247] and [0250]); 
computing an integrity key using a function that uses first authentication output as an input (see Fig. 2, generate first key 202, paragraphs [0236]-[0238]; first key including a first integrity key, paragraph [0250]); 

encrypting the message with the cypher key, producing an encrypted message (see Fig. 2, step 204, paragraph [0241]; using Ktc to cipher/encrypt authentication and key agreement response message, paragraphs [0261] and [0263]); 
concatenating the encrypted message with an output of an integrity algorithm using the integrity key and the message as inputs, defining an integrity value, the concatenation defining an encrypted integrity-protected message (see performing integrity protection for the authentication and key agreement response message, paragraphs [0262] and [0263]); and
transmitting the encrypted integrity-protected message to the verifier server (see Fig. 2, step 205 and paragraph [0244]). 

Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the message ciphering and integrity protection mechanisms as disclosed by Ying et al. in the method of Sundaresan and Chandrasekhar et al., the motivation being to greatly improving security, continuity, and integrity of a transmitted message, and achieving a better practical effect in a specific implementation of the solution (see Ying et al., paragraph [0264]).

 is not completed until a match between hashed events from the decentralized client application and the verifier server is verified by an enforcement node” , language directed to contingent limitations. The broadest reasonable interpretation of a method (or process) claim having contingent limitations requires only those steps that must be performed and does not include steps that are not required to be performed because the condition(s) precedent are not met. See Ex parte Schulhauser, Appeal 2013-007847 (PTAB April 28, 2016) (precedential) for an analysis of contingent claim limitations in the context of both method claims and system claims. See also MPEP 2111.04

With respect to claim 8, the combination of Sundaresan and Chandrasekhar et al. teaches all the subject matter of the method as described above with respect to claim 1. Furthermore, Chandrasekhar et al. disclose a method further comprising: sending at least one of an interaction and a transaction to the verifier server from the decentralized client application (see log in, col. 4, lines 34-49). The combination of Sundaresan and Chandrasekhar et al. does not explicitly disclose: applying a hashing function at the decentralized client application to the at least one of interaction or transaction sent to the verifier server, defining a hashed event; and recording the hashed event to a smart contract deployed on a blockchain network, wherein a hashed event generated by the verifier server is also recorded to the smart contract; wherein the at least one of an interaction or transaction is not completed until a match between 

However, Smith et al. disclose a method (Methods and systems of providing verification of the identity of a digital entity using a centralized or distributed ledger) comprising:
applying a hashing function at the decentralized client application to the at least one of interaction or transaction sent to the verifier server, defining a hashed event (see a first hash function is applied to the user's personal information to create a hash, paragraphs [0110] and [0127]; Fig. 3, step 306 and paragraph [0193]); and 
recording the hashed event to a smart contract deployed on a blockchain network, wherein a hashed event generated by the verifier server is also recorded to the smart contract (see Fig. 3, recording signed transaction in distributed ledger, paragraph [0193]); 
wherein the at least one of an interaction or transaction is not completed until a match between hashed events from the decentralized client application and the verifier server is verified by an enforcement node. (see Fig. 3, the signed transaction may be checked by a verifier for verification purpose using a verification protocol, paragraph [0193]; Fig. 4, verification protocol steps 410-416 and paragraphs [0194]-[0196]). 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to incorporate the as disclosed by .


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Non-patent Literature
Jana et al. (NPL 2005, listed in PTO-892 as reference "U") disclose Dynamic User Credential Management in Grid Environment, including a very simple and lightweight mechanism to exchange structured information in a decentralized and distributed environment.
Ibrahem (NPL 2012, listed in PTO-892 as reference "V") disclose Modification of Diffie-Hellman key exchange algorithm for Zero knowledge proof, including jointly establishing a shared secret key over an insecure communication channel using ZKPs.
Lám (NPL 2016, listed in PTO-892 as reference "W") disclose What is Zero knowledge encryption, including a “private” password of the proofer and a “public” password that the verifier knows being mathematically linked.
Germundsson et al. (NPL 2020, listed in PTO-892 as reference "X") disclose XOR, including the definition of XOR.

Patent Literature
Lu (US 2017/0180128 A1) discloses method for managing a trusted identity, including a user device deriving a key encryption key and retrieve a secret key by decrypting the encrypted key using the key encryption key.
 Aichroth et al. (US 2012/0167189 A1) disclose pseudonymized authentication, including pseudonymization by the session key allocated with the help of a Zero-Knowledge proof.
Moy et al. (US 2021/0256508 A1) disclose systems and methods for distributed ledger-based identity management, including verification of e-signatures via private key signatures (e.g., sign in with your private key).
 Langschaedel et al. (US 2015/0262176 A1) disclose hot wallet for holding bitcoin, including removing the private key of the Bitcoin address of the vault from the local storage.
Gamishev (US 2020/0344603 A1) discloses method for determining a key for securing communication between a user apparatus and an application server, including a master key K.sub.AUSF derived from encryption and integrity keys.
Srinivasan et al. (US 2003/0123672 A1) disclose optimized enveloping via key reuse, including extracting an encrypted secret key from a received message.
Han (US 2021/0327007 A1) discloses signing methods, apparatuses and devices of electronic contract, including a blockchain node obtaining, when creating and signing different target electronic contracts, the identity information, the signature information, etc. of the signatory user automatically based on a second smart contract, without the need for the signatory user to provide corresponding 
Kaliski et al. (WO 2006/014358 A1) disclose password-protection module, including mutual authentication involving a zero-knowledge protocol.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDUARDO D CASTILHO whose telephone number is (571)270-1592. The examiner can normally be reached Mon-Fri 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick McAtee can be reached on (571) 272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 

/E.C./Examiner, Art Unit 3685 

/JACOB C. COPPOLA/Primary Examiner, Art Unit 3685                                                                                                                                                                                                        




    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 See also Germundsson et al. (NPL 2020, listed in PTO-892 as reference "X") disclose XOR, including the definition of XOR.