DETAILED ACTION
This action is in response to the application filed on Marcy 16, 2021. Claims 1-20 are pending. Of such, claims 1-9 represent a method, claims 10-17 represents a device, and claims 18-20 represent another method directed to key management for multi-party computation. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 1 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 discloses in line 15 the term “the garbled circuit”. It is unclear if “the garbled circuit” is the same garbled circuit generated by the first computer node or by another node. 
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 18-20 are rejected under 35 U.S.C. 102 (a)(1) as being anticipated over Raykova et al. (US Publication Number 20110211692), hereinafter referred to as Raykova.
Regarding Claim 18, Raykova discloses:
A method comprising: 2receiving, by a third computer node, from a first computer node, a first 3garbled circuit, a garbled first key share, and a first garbled message (In ¶ 63, Raykova discloses “In action 604, the P.sub.A 504 garbles the circuit to produce a garbled circuit, G(Circuit), also more generally referred to herein as a concealed version of the Boolean circuit. Garbling consists of encrypting the contents of the Boolean circuit in a manner to be described below. In action 606, the P.sub.A 504 sends the garbed circuit G(Circuit) to the server module 502”); 4receiving, by the third computer node, from a second computer node, a 5second garbled circuit, a garbled second key share and a second garbled message (In ¶ 71, Raykova discloses “But in general, the server module 502 can receive and process two inputs provided by separate participant modules, e.g., as supplied by P.sub.A 504 and P.sub.B 506, respectively.”); 6generating, by the third computer node, a subsequent message by 7inputting the first garbled key share, the second garbled key share, and the first or the 8second garbled message to the first or the second garbled circuit (In ¶ 49, Raykova discloses “In action 208, the server module 102 evaluates the circuit 110 based on the concealed inputs received in action 206. This generates an output which is also expressed in a concealed form (e.g., comprising a concealed output)”); and 9transmitting, by the third computer node, the subsequent message to the 10first computer node (In ¶ 73, Raykova discloses “The server module 502 can then pass these keys to the appropriate recipient, e.g., the P.sub.A 504”).
Regarding Claim 19, Raykova discloses:
The method of claim 18, further comprising verifying, by the third 2computer node, that the first garbled circuit and the second garbled circuit match and 3that the first garbled message and the second garbled message match (In ¶ 49, Raykova discloses “In action 208, the server module 102 evaluates the circuit 110 based on the concealed inputs received in action 206. This generates an output which is also expressed in a concealed form (e.g., comprising a concealed output)”).
Regarding Claim 20, Raykova discloses:
The method of claim 18, wherein the first computer node ungarbles 2 the subsequent message and transmits the subsequent message to a client computer (In ¶ 73, Raykova discloses “This output is in concealed form because it does not reveal the actual output values corresponding to the keys. In block 908, the recipient(s) of the concealed output (e.g., P.sub.A 504) uses a translation table to map the keys in the output to associated actual bit values”).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-17 are rejected under 35 U.S.C. 103 as being anticipated over Raykova et al. (US Publication Number 20110211692), hereinafter referred to as Raykova, in view of Le Saint (US Publication Number 20210111875), hereinafter referred to as Le Saint.
Regarding Claim 1, Raykova discloses:
A method comprising: 28generating, by the first computer node, a garbled circuit, a garbled first key 9share based on the first key share and the garbled circuit, and a garbled message 10based on the initial message and the garbled circuit (In ¶ 61, Raykova discloses “Starting with FIG. 6A, this portion of the action flow 600 describes a procedure for creating and garbling a Boolean circuit.”) ; 11transmitting, by the first computer node to a third computer node, the 12garbled circuit, the garbled first key share, and the garbled message, wherein the third 13computer node also receives, from the second computer node, a garbled second key 14share based on a second key share stored at the second computer node and the 15garbled circuit (In ¶ 63, Raykova discloses “In action 604, the P.sub.A 504 garbles the circuit to produce a garbled circuit, G(Circuit), also more generally referred to herein as a concealed version of the Boolean circuit. Garbling consists of encrypting the contents of the Boolean circuit in a manner to be described below. In action 606, the P.sub.A 504 sends the garbed circuit G(Circuit) to the server module 502. In action 608, the server module 502 receives and stores the garbed circuit G(Circuit).”), 16which causes the third computer node to generate a subsequent message 17by inputting the first garbled key share, the second garbled key share, and the garbled 18message to the garbled circuit, and transmit the subsequent message to the first 19computer node (In ¶ 49, Raykova discloses “In action 208, the server module 102 evaluates the circuit 110 based on the concealed inputs received in action 206. This generates an output which is also expressed in a concealed form (e.g., comprising a concealed output)” and in ¶ 71, Raykova further discloses “FIGS. 6B and 6C continue by describing how the garbled circuit can be used to provide an output result.”); and 20transmitting, by the first computer node, the subsequent message or a 21derivative thereof to the client computer (In ¶ 85, Raykova discloses “In action 652, the P.sub.A 504 uses the translation table to map the garbled output y.sub.A (which comprises a series of keys) to an actual (non-concealed) bit stream.”).
Raykova does not explicitly teach the limitation of receiving a key from a key management computer. 
However, Le Saint discloses the following limitation:
Receiving, by a first computer node, a first key share from a key 3management computer (In ¶ 37, Le Saint discloses “The key shares can be distributed amongst the devices and accumulated later by a device that wishes to perform a cryptographic operation”); 4receiving, by the first computer node, an initial message from a client 5computer (In ¶ 89, Le Saint discloses “receiving, and formatting request messages and response messages according to a Hypertext Transfer Protocol (HTTP)”); 6transmitting, by the first computer node, the initial message to a second 7computer node (In ¶ 37, Le Saint discloses “the devices of network 100 can encrypt and decrypt data messages amongst each other, whilst any device outside of the network may be unable to read the data without the shared secret”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Raykova’s approach by utilizing Le Saint’s approach of receiving a key from a key management computer as the motivation would be the key management computer would provide a secure mechanism to receive tamper proof keys and prevent information to be read from an entity that is unauthorized (see Le Saint ¶ 23).
Regarding Claim 2, the combination of Raykova and Le Saint disclose:
The method of claim 1, wherein the garbled circuit is a first garbled 2circuit, wherein the garbled message is a first garbled message, and wherein the third 3computer node also receives from the second computer node, a second garbled circuit 4and a second garbled message based on the initial message and the second garbled 5circuit (In ¶ 46, Raykova discloses “In action 202, the server module 102 receives a circuit 110 that it uses to process the inputs provided by P.sub.A 104 and P.sub.B 106.” And in ¶ 63, Raykova further discloses “In action 604, the P.sub.A 504 garbles the circuit to produce a garbled circuit, G(Circuit), also more generally referred to herein as a concealed version of the Boolean circuit. Garbling consists of encrypting the contents of the Boolean circuit in a manner to be described below. In action 606, the P.sub.A 504 sends the garbed circuit G(Circuit) to the server module 502. In action 608, the server module 502 receives and stores the garbed circuit G(Circuit)”).
Regarding Claim 3, the combination of Raykova and Le Saint disclose:
The method of claim 2, wherein the third computer node 2determines that the first garbled circuit and the second garbled circuit match and the 3first garbled message and second garbled message match (In ¶ 49, Raykova discloses “In action 208, the server module 102 evaluates the circuit 110 based on the concealed inputs received in action 206”).
Regarding Claim 4, the combination of Raykova and Le Saint disclose:
The method of claim 1, further comprising: 2generating, by the first computer node, an ungarbled subsequent 3message based on the subsequent message and the garbled circuit (In ¶ 50, Raykova discloses “In action 210, the server module 210 sends the concealed output to the participant modules”).
Regarding Claim 5, the combination of Raykova and Le Saint disclose:
The method of claim 1, wherein the initial message is plaintext and 2the subsequent message or the derivative thereof is ciphertext (In ¶ 52, Raykova discloses “The processing modules 302 also include an encryption module 306 for performing encryption on an n-bit message m using the encryption key K to produce ciphertext c. The processing modules 302 also include a decryption module 308 for performing decryption on the ciphertext c using the encryption key K to reconstruct the message m”).
Regarding Claim 6, the combination of Raykova and Le Saint disclose all limitations with respect to claim 1. 
Raykova does not explicitly teach the limitation of the key management computer. 
However, Le Saint discloses:
Wherein the key management computer 2generated the first key share from a key stored in a hardware security module (In ¶ 29, Le Saint discloses “Usually encryption keys are stored at a key management server or locally in a secure element or other tamper-resistant hardware”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Raykova’s approach by utilizing Le Saint’s approach of receiving a key from a key management computer as the motivation would be the key management computer would provide a secure mechanism to receive tamper proof keys and prevent information to be read from an entity that is unauthorized (see Le Saint ¶ 23).
Regarding Claim 7, the combination of Raykova and Le Saint disclose all limitations with respect to claim 1. 
Raykova does not explicitly teach the limitation of the key management computer. 
However, Le Saint discloses:
Wherein the key management computer 2forms the first key share and the second key share (In ¶ 37, Le Saint discloses “The key shares can be distributed amongst the devices and accumulated later by a device that wishes to perform a cryptographic operation”).
One in ordinary skill in the art of cryptography would have been motivated, before the effective filing date of the claimed invention to modify Raykova’s approach by utilizing Le Saint’s approach of receiving a key from a key management computer as the motivation would be the key management computer would provide a secure mechanism to receive tamper proof keys and prevent information to be read from an entity that is unauthorized (see Le Saint ¶ 23).
Regarding Claim 8, the combination of Raykova and Le Saint disclose:
The method of claim 1, wherein the first computer node, the second 2computer node, and the third computer node are all present at a same premises (In ¶ 38, Raykova discloses “The server module 102 is connected to P.sub.A 104 and P.sub.B 106 via any type of network 108. The network 108 may represent any type of point-to-point or multi-point coupling mechanism. In one implementation, the network 108 can correspond to a wide area network (e.g., the Internet), a local area network, or combination thereof.”).
Regarding Claim 9, the combination of Raykova and Le Saint disclose:
The method of claim 1, wherein the first computer node, second 2computer node, and third computer node are part of a distributed computing network (In ¶ 38, Raykova discloses “The server module 102 is connected to P.sub.A 104 and P.sub.B 106 via any type of network 108. The network 108 may represent any type of point-to-point or multi-point coupling mechanism. In one implementation, the network 108 can correspond to a wide area network (e.g., the Internet), a local area network, or combination thereof.”).
Claims 10-17 are directed to a computer node having functionality corresponding to the methods of Claims 1-9, and are rejected by a similar rationale, mutatis mutandis.”  
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Hamlin et al. (NPL Cryptography for Big Data Security) discloses methods for key management with multiparty computation.
Guy et al. (US Publication Number 2016135738) discloses a system and method for protecting keys using garbled circuits. 
Mohassel et al. (NPL Fast and Secure Three-party Computation: The Garbled Circuit Approach) discloses a method for three party protocols with the use of garbled circuits. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHADI H KOBROSLI whose telephone number is (571)272-1952. The examiner can normally be reached M-F 9am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHADI H KOBROSLI/Examiner, Art Unit 2492                                                                                                                                                                                                        

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492