DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the application 17/253059 filed on 12/16/2020.
Claims 1-10 have been examined and are pending in this application.
Receipt of the preliminary amendments filed on 12/16/2020 is acknowledged.

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. 2019101265252, filed on 02/20/2019.

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 12/16/2020, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 8 and 10 are rejected under 35 USC 101 as being directed to non-statutory subject matter.
Regarding claim 8; claim 8 is directed to a system; However, there is no hardware element found within the claimed system.  As recited in the body of the claim, the claimed system contains a client and a server.  The specification does not explicitly define that the claimed client and server are only implemented in hardware.  One of ordinary skill in the art would understand that a server or a client could be client/server software components (see The Authoritative Dictionary of IEEE Standards Terms, 7th Edition, published in 2000).  As the claimed system contains only software component, the claim is directed to non-statutory subject matter.  The mere recitation of the machine in the preamble with an absence of a machine in the body of the claim fails to make the claim statutory under 35 USC 101. The Examiner respectfully suggests that the claim be further amended to positively recites at least one hardware element within the body of the claim to make the claim statutory subject matter under 35 U.S.C. 101.
Regarding claim 10; claim 10 recites a computer program per se because the claimed “computer program product” is not stored on any memory device or non-transitory computer-readable storage medium.  See Warmerdam, 33 F.3d at 1361, 31 USPQ2d at 1760.  The claim also recites “[a] computer readable storage medium”.  Under a recent precedential opinion, the scope of the recited “computer readable storage medium” encompasses transitory media such as signals or carrier waves, where, as here the Specification does not limit the computer readable storage medium to non-transitory forms [spec. [0060] ... the present application provides a computer readable storage medium in which a computer program is stored, and the computer program is executable by the processor to implement all the foregoing steps ...]  See Ex parte Mewherter, 107 USPQ2d 1857, 1862 (PTAB 2013) (precedential) (holding recited machine-readable storage medium ineligible under § 35 U.S.C. 101 since it encompassed transitory media).  The Examiner respectfully suggests that the claim be amended to either “A non-transitory computer-readable storage medium” or “a computer-readable storage device” to make the claim statutory under 35 USC 101; (emphasis added).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-10 are rejected under 35 U.S.C. 103 as being unpatentable over UHR et al. (“Uhr,” US 2018/0227293) in view of Reddy et al. (“Reddy,” US 2017 /0339130).

Regarding claim 1: Uhr discloses a blockchain and Domain Name System Security Extensions (DNSSEC)-based user authentication method, comprising:
in response to determining that an encrypted connection over Internet need to be performed between a server and a client, authenticating, by the server, an identity of the client by a blockchain-based authentication mechanism (Uhr: ¶0073 a peer-to-peer (P2P)-network-based distributed database on the basis of public key cryptography; ¶0121 the block-chain-based certificate management server 300 extracts the certificate-specific public key and the user verification hash information [] and transmits a certificate validity check signal that is composed of the extracted certificate-specific public key and user verification hash information).
Uhr does not explicitly disclose authenticating, by the client, the identity of the server by a DNSSEC-based mechanism.
However, Reddy discloses authenticating, by the client, the identity of the server by a DNSSEC-based mechanism (Reddy: ¶0033 binding the server certificate to the domain name using DNS Security Extensions (DNSSEC); ¶0069 at step 825 [] the device may use the stored certificate information to validate the server certificate for the domain).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Reddy with the system/method of Uhr to include authenticating, by the client, the identity of the server by a DNSSEC-based mechanism. 
One would have been motivated to performs a TLS handshake with a network device and receives a certificate for the domain as part of the TLS handshake and validates the certificate for the domain using the certificate information (Reddy: ¶0014).
  
Regarding claim 2: Uhr in view of Reddy discloses the method of claim 1.
Uhr further discloses authenticating, by the server, the identity of the client according to a blockchain-based certificate system (Uhr: ¶0056 generated user verification hash information and user verification-specific transaction ID information).

Regarding claim 3: Uhr in view of Reddy discloses the method of claim 2.
Uhr further discloses searching for, by the server, whether a corresponding personal certificate is present in the blockchain-based certificate system according to user information, and indicating that the identity authentication is successful in response to determining that the corresponding personal certificate is present in the blockchain-based certificate system (Uhr: ¶0111 the blockchain-based-certificate authentication request server 500 includes a DB unit 510, and the included DB unit 510 has a member-specific user identification information DB 511 in which identification information of the user operating the user terminal 100 is stored and also in which user identification information identical to blockchain-based-certificate-issuance-specific composed of user identification information that has been used when the blockchain-based certificate is issued and designated user identification information corresponding to pre-designated user identification information among the user identification information are stored).
 
Regarding claim 4: Uhr in view of Reddy discloses the method of claim 3.
Uhr further discloses before the authenticating, by the server, the identity of the client according to a blockchain-based certificate system, establishing a blockchain-based certificate system, generating a personal certificate for each legitimate user, and issuing and storing the personal certificate by the blockchain-based certificate system (Uhr: fig. 1 a blockchain-based-certificate issuing system; ¶0104 the blockchain holding servers 400 record [] user verification-specific transaction information in the blockchain to complete issuance of a blockchain-based certificate (S180); ¶0105 when the issuance of the blockchain-based certificate is completed, the blockchain-based-certificate management server 300 notifies the user terminal 100 of the completion of the issuance of the blockchain-based certificate (S190)).

Regarding claim 5: Uhr in view of Reddy discloses the method of claim 1.
Reddy further discloses wherein the authenticating, by the client, the identity of the server by a DNSSEC-based mechanism comprises: validating, by the client, a server certificate by DNSSEC to authenticate the identity of the server (Reddy: ¶0062 the DNS server may also employ DNSSEC with the domain by retrieving DNSSEC record information for the domain as part of the pre-fetch and using the record information to validate the domain).
The motivation is the same that of claim 1 above.

Regarding claim 6: Uhr in view of Reddy discloses the method of claim 5.
Reddy further discloses searching for, by the client, a transport layer security authentication (TLSA) record corresponding to the server, and performing DNSSEC validation, indicating that the identity authentication is successful in response to determining that the DNSSEC validation passes authenticating, by the client, the identity of the server by a DNSSEC-based mechanism (Reddy: ¶0034 DANE proposes that the DNS server store the certificate/fingerprint as part of a TLSA record that is signed using DNSSEC [] Thus, the certificate stored by the DNS server is controlled by the domain name holder, which may be self-signed or signed by a particular certificate authority).
The motivation is the same that of claim 1 above.

Regarding claim 7: Uhr in view of Reddy discloses the method of claim 6.
Reddy further discloses before the validating, by the client, a server certificate by DNSSEC to authenticate the identity of the server implementing DNSSEC for a domain name of the server; generating a server certificate for the server, and generating a corresponding TLSA record according to the server certificate, the TLSA record including the server certificate (Reddy: ¶0040 a DANE lookup involves multiple DNS requests and responses (e.g., to obtain a DNSKEY/RRSIG chain up from the root and to validate the chain of DNSSEC signatures); ¶0053 DNS recursive service 516 may pre-fetch information about the domain of HTTPS server 518 and store the fetched information in a local cache [] this pre-fetching may entail maintaining a reputation score for the domain, performing a DANE lookup for the domain, fetching DNSSEC records, performing any DNSSEC validation, storing TLSA records for the domain, or performing any other operation to obtain domain/certificate information regarding the domain of HTTPS server 518).
The motivation is the same that of claim 1 above.

Regarding claim 8: Uhr discloses a blockchain and DNSSEC-based user authentication system, comprising:
a client and a server (Uhr: fig. 1 items 100 and 300);
wherein the server is configured to authenticate an identity of the client by a blockchain-based authentication mechanism (Uhr: ¶0073 a peer-to-peer (P2P)-network-based distributed database on the basis of public key cryptography; ¶0121 the block-chain-based certificate management server 300 extracts the certificate-specific public key and the user verification hash information [] and transmits a certificate validity check signal that is composed of the extracted certificate-specific public key and user verification hash information).
Uhr does not explicitly disclose the client is configured to authenticate the identity of the server by a DNSSEC-based mechanism.
However, Reddy discloses the client is configured to authenticate the identity of the server by a DNSSEC-based mechanism (Reddy: ¶0033 binding the server certificate to the domain name using DNS Security Extensions (DNSSEC); ¶0069 at step 825 [] the device may use the stored certificate information to validate the server certificate for the domain).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Reddy with the system/method of Uhr to include the client is configured to authenticate the identity of the server by a DNSSEC-based mechanism. 
One would have been motivated to performs a TLS handshake with a network device and receives a certificate for the domain as part of the TLS handshake and validates the certificate for the domain using the certificate information (Reddy: ¶0014).

Regarding claim 9: Uhr in view of Reddy discloses the method of claim 1.
Uhr further discloses an electronic device, comprising: a memory, a processor, and a computer program stored in the memory and executable by the processor, wherein the processor is configured to execute the program to implement the steps of the blockchain and DNSSEC- based user authentication method of claims 1 (Uhr: ¶0044 the user terminal 100 is a desktop computer such as a personal computer (PC) and [] the user terminal 100 is a mobile terminal capable of Internet access, such as a smartphone).
  
Regarding claim 10: Uhr in view of Reddy discloses the method of claim 1.
Uhr further discloses a computer readable storage medium storing a computer program, wherein the computer program is executable by a processor to implement the steps of the blockchain and DNSSEC-based user authentication method of claims 1 (Uhr: ¶0043 the user terminal 100 includes [] an information storage unit 102 configured to store data or an application program).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: 



/FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439 


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439