DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over LEE et. al. (US 20090154707 A1), hereinafter referred to as Lee, T and LEE et. al. (US 20110055585 A1), hereinafter referred to as Lee K.
	
Regarding claim 1: Lee, T teaches a computer-implemented method performed during a multi-party computation (MPC) process performed between multiple parties (Fig. 1 & [Pars. 20-21]; a system and method for distributing a group key in a video conference system using a challenge/response system in response to a request from a multipointing control unit in a video conference system using a one-time password... The present invention also provides a system and method for distributing a group key using a time synchronization system in response to a request from a multipointing control unit in a video conference system using a one-time password. [Pars. 49-50] the time synchronization system uses both a secret key value and a current time as inputs of a hash function. The time synchronization system is based on time synchronization between a server and a client. The time synchronization system is widely used in OTP solutions using physical hardware tokens. All users have a hardware token capable of generating a one-time password, which includes a clock providing accurate time.), said method comprising: 
the multiple parties executing a pre-processing phase and obtain (pars. 48-50, fig. 1; The challenge/response system is based on responding to a challenge value from an OTP server, and the synchronization system is based on synchronization between an OTP server and a terminal…. A token generates a new password through a hash function using a random number value from a server and a secret value stored in the token as inputs. Since a challenge value and a response value are exchanged between a server and a client, mutual authentication is possible, users are generating OTP from random number;…the time synchronization system uses both a secret key value and a current time as inputs of a hash function. The time synchronization system is based on time synchronization between a server and a client. The time synchronization system is widely used in OTP solutions using physical hardware tokens. All users have a hardware token capable of generating a one-time password, which includes a clock providing accurate time); 
the parties periodically verifying the correctness of the correlated random variables by exchanging information between the multiple parties (pars. 47, 49, 57; A One-Time Password (OTP) commonly provides powerful security because it is newly generated every specific communication…The video terminal group 120 is a group of video terminals for group video conference using a group key acquired from the MCU 110 by the challenge/response system or the time synchronization system. The video terminal in the video terminal group 120 uses a unique one-time password, but uses the same group key to participate in the video conference.. random number provided from an authentication server or a transaction process is input to a one-time password generator to generate a new password. The challenge/response system forces a user to input something to a password generator in order to generate the new password… All users have a hardware token capable of generating a one-time password, which includes a clock providing accurate time); 
refreshing the values of the correlated random variables in each of the multiple parties (pars. 27 and 57; the present invention provides a method for distributing a group key in a video conference system, the method including: when a video terminal is required to participate in video conference, generating a one-time password at a specific time based on synchronization time information with the video terminal; encrypting a group key corresponding to the video conference with the generated one-time password and transmitting the encrypted group key to the video terminal; and causing the video terminal to participate in the video conference in response to an acknowledgement message from the video terminal…The video terminal group 120 is a group of video terminals for group video conference using a group key acquired from the MCU 110 by the challenge/response system or the time synchronization system. The video terminal in the video terminal group 120 uses a unique one-time password, but uses the same group key to participate in the video conference);
the multiple parties using the correlated random variables during the MPC process after verifying a correctness of the correlated random variables (par. 76, fig. 8 elements 810 & 824; After acquiring the group key, the video terminal n generates an acknowledgement message Gn OK using the group key, and sends the generated acknowledgement message Gn OK to the MCU in step 426. The video terminal then initiates the video conference by participating in the video conference in step 428).  
Lee, T fails to teach wherein no party of the multiple parties has access to values of the correlated random variables stored in another party of the multiple parties during the verifying and refreshing processes;
However, Lee, K teaches wherein no party of the multiple parties has access to values of the correlated random variables stored in another party of the multiple parties during the verifying and refreshing processes [para 135, Since there is no storage of password, system and network administrators will no longer know the secret of any user's key. This allows a user to use the same asymmetric key pair for different offline/online accounts. By sharing the same asymmetric key pair among different accounts, the memorizability of a user is improved, and hence there is no more need to jot down various keys in the notebook. Since there is no encrypted password, hashed password, or verifier, the pre-computation attack can be avoided. Other attacks such as guessing attack, dictionary attack, and brute force attack will still be possible. However, guessing attack and dictionary attack can be avoided if the 2D key, multilingual key, multi-tier geo-image key, or multi-factor key is used properly as for the key style of ASCII art and Unicode art. If the same asymmetric key pair is used together with multihash key to create different slave keys for different online accounts, this allows pseudo-one-set password entry to multiple websites without having password domino cracking effect as in the symmetric key cryptosystems];
Given the teachings as a whole, it would have been obvious to one of ordinary skills in the art before the effective filing date of the claimed invention to specify that no value has access to the numbers with the invention of Lee, T in order to protect the user and maintaining secure connection (See Lee, K [para 135]). 

Claims 2-12 are rejected under 35 U.S.C. 103 as being unpatentable over LEE et. al. (US 20090154707 A1), hereinafter referred to as Lee,T and LEE et. al. (US 20110055585 A1), hereinafter referred to as Lee, K and IMAMOTO et. al. (US 20060143453 A1), hereinafter referred to as Imamoto.

Regarding claim 2: The combination of Lee, T and Lee, K teaches the method of claim 1.
Lee, T further teaches further comprising the first party of the multiple parties computing two output values by executing a function, a first output value is an output of the function receiving as input the random vector and a first of the correlated random variables received at the first party [fig. 10 element 1101, pars. 49 and 122; A token generates a new password through a hash function using a random number value from a server and a secret value stored in the token as inputs. Since a challenge value and a response value are exchanged between a server and a client, mutual authentication is possible… Referring to FIG. 10, an MCU sends the video conference participation request message to the video terminal n in step 1010. The OTP module of the MCU generates a one-time password Kn OTP corresponding to the video terminal n. The K.sub.n OTP is generated using the unique value of the time-synchronous OTP token of the video terminal n registered in the MCU. That is, the one-time password K.sub.n OTP is generated at a specific time based on synchronization time information between the video terminal and the MCU according to the time synchronization system. the MCU encrypts the group key assigned to the video terminal n with the generated one-time password Kn OTP, and sends the encrypted group key E.sub.Kn OTP(Gn) in step 1011] and 
the first party sending the first output value to the second party [fig. 10 elements 1011 & par. 122; the MCU encrypts the group key assigned to the video terminal n with the generated one-time password Kn OTP, and sends the encrypted group key E.sub.Kn OTP(Gn) in step 1011.] and 
the second party performing a proof-validation function having as input the first output value received from the first party and the two values of the random correlated variables generated during the preprocessing phase [fig. 10 elements 1013 to 1016, pars. 49 and 123-126; Upon receipt of the video conference participation request message, the video terminal n performs a process of activating an OTP token module in step 1012. The activation of the OTP token module serves to block, through user authentication, an unauthorized user from participating in the video conference. The OTP token module is activated according to whether the user picks up the video terminal and inputs the user OTP and the input user OTP passes the user…The OTP token module of the video terminal n generates its own one-time password Kn OTP in step 1013. The K.sub.n OTP is generated using the unique value of the time-synchronous OTP token of the video terminal n registered in the MCU. That is, the one-time password K.sub.n OTP is generated at a specific time based on synchronization time information between the video terminal and the MCU according to the time synchronization system. The OTP token module of the video terminal n decodes the encrypted group key E.sub.Kn OTP(Gn) in the control message received from the MCU with the generated one-time password Kn OTP in step 1014. The OTP token module of the video terminal n acquires a desired group key Gn by decoding the encrypted group key E.sub.Kn OTP(Gn) in step 1015. Decoding of the encrypted group key may be expressed as shown in Expression 1. After acquiring the group key, the video terminal n generates an acknowledgement message Gn OK using the group key, and sends the generated acknowledgement message Gn OK to the MCU in step 1016. The video terminal then initiates the video conference through participation in the video conference in step 1017].  

Lee, T fails to teach a second output value is an output of the function receiving as input the random vector and a second of the random correlated variables generated during the preprocessing phase; 
storing the second output value in the first party;
However, Imamoto teaches a second output value is an output of the function receiving as input the random vector and a second of the random correlated variables generated during the preprocessing phase (pars. 252, 256 & fig. 12 at S33, the client 20 executes a process to generate a random number R.sub.ci (the first random number), and to obtain as SIGNAL.sub.ci (the first onetime ID), a function value of pseudo-random number function prf (K.sub.i, R.sub.ci-1, R.sub.si-1) in which a shared key K.sub.i previously shared with the server 10, a random number R.sub.ci-1 (the first stored random number) and a random number R.sub.si-1 (the second stored random number) are used as arguments (step S31)… when the received data items match the stored data items previously stored in the server 10, and it is determined that the client 20 is valid, the server 10 generates a random number R.sub.si (the second random number). At the same time, it also executes a process to obtain a function value of pseudo-random function prf(K.sub.i, R.sub.ci, R.sub.si-1) as SIGNAL.sub.s1 (the second onetime ID), in which the random number R.sub.ci, the random number R.sub.si-1, and the shared key K.sub.i are used as arguments. Then, the server 10 executes a process to store the random numbers R.sub.ci, R.sub.si respectively in the storage areas where the random numbers R.sub.ci-1 and R.sub.si-1 are stored, and to generate and store the shared key K.sub.i+1 based on these random numbers R.sub.ci, R.sub.si (step S33).
storing the second output value in the first party (when the received data items match the stored data items previously stored in the server 10, and it is determined that the client 20 is valid, the server 10 generates a random number R.sub.si (the second random number). At the same time, it also executes a process to obtain a function value of pseudo-random function prf(K.sub.i, R.sub.ci, R.sub.si-1) as SIGNAL.sub.s1 (the second onetime ID), in which the random number R.sub.ci, the random number R.sub.si-1, and the shared key K.sub.i are used as arguments. Then, the server 10 executes a process to store the random numbers R.sub.ci, R.sub.si respectively in the storage areas where the random numbers R.sub.ci-1 and R.sub.si-1 are stored, and to generate and store the shared key K.sub.i+1 based on these random numbers R.sub.ci, R.sub.si (step S33).);

Given the teachings as a whole, it would have been obvious to one of ordinary skills in the art before the effective filing date of the claimed invention to specify an output value as suggested by Imamoto with the combined inventions of Lee, T and Lee, K in order to use it as an output value and storing it in the first party (See Imamoto [pars. 252, 256 & fig. 12 at S33]).

Regarding claim 3: The combination of Lee, T, Lee, K and Imamoto teaches the method of claim 2.
Lee, T further teaches further comprising verifying that an output of the proof- validation function equals the first output value  [fig. 10 elements 1013 to 1016, pars. 49 and 123-126; Upon receipt of the video conference participation request message, the video terminal n performs a process of activating an OTP token module in step 1012. The activation of the OTP token module serves to block, through user authentication, an unauthorized user from participating in the video conference. The OTP token module is activated according to whether the user picks up the video terminal and inputs the user OTP and the input user OTP passes the user…The OTP token module of the video terminal n generates its own one-time password Kn OTP in step 1013. The K.sub.n OTP is generated using the unique value of the time-synchronous OTP token of the video terminal n registered in the MCU. That is, the one-time password K.sub.n OTP is generated at a specific time based on synchronization time information between the video terminal and the MCU according to the time synchronization system. The OTP token module of the video terminal n decodes the encrypted group key E.sub.Kn OTP(Gn) in the control message received from the MCU with the generated one-time password Kn OTP in step 1014. The OTP token module of the video terminal n acquires a desired group key Gn by decoding the encrypted group key E.sub.Kn OTP(Gn) in step 1015. Decoding of the encrypted group key may be expressed as shown in Expression 1. After acquiring the group key, the video terminal n generates an acknowledgement message Gn OK using the group key, and sends the generated acknowledgement message Gn OK to the MCU in step 1016. The video terminal then initiates the video conference through participation in the video conference in step 1017].

Regarding claim 4: The combination of Lee, T, Lee, K and Imamoto teaches the method of claim 3.
Lee, T further teaches further comprising performing a commitment process between the first party and the second party on the output of the proof-validation function equals the first output value (para [123-126], the OTP token module of the video terminal n decodes the encrypted group key E.sub.Kn OTP(Gn) in the control message received from the MCU with the generated one-time password Kn OTP in step 1014. The OTP token module of the video terminal n acquires a desired group key Gn by decoding the encrypted group key E.sub.Kn OTP(Gn) in step 1015. Decoding of the encrypted group key may be expressed as shown in Expression 1…. After acquiring the group key, the video terminal n generates an acknowledgement message Gn OK using the group key, and sends the generated acknowledgement message Gn OK to the MCU in step 1016. The video terminal then initiates the video conference through participation in the video conference in step 1017).

Regarding claim 5: The combination of Lee, T, Lee, K and Imamoto teaches the method of claim 3.
Lee, T further teaches further comprising computing output of the proof-validation function equals the first output value multiple times [fig. 10 element 1101, pars. 49 and 122; A token generates a new password through a hash function using a random number value from a server and a secret value stored in the token as inputs. Since a challenge value and a response value are exchanged between a server and a client, mutual authentication is possible… Referring to FIG. 10, an MCU sends the video conference participation request message to the video terminal n in step 1010. The OTP module of the MCU generates a one-time password Kn OTP corresponding to the video terminal n. The K.sub.n OTP is generated using the unique value of the time-synchronous OTP token of the video terminal n registered in the MCU. That is, the one-time password K.sub.n OTP is generated at a specific time based on synchronization time information between the video terminal and the MCU according to the time synchronization system. the MCU encrypts the group key assigned to the video terminal n with the generated one-time password Kn OTP, and sends the encrypted group key E.sub.Kn OTP(Gn) in step 1011]; and 
verifying that the output of the proof- validation function equals the first output value in each of the multiple times [fig. 10 elements 1013 to 1016, pars. 49 and 123-126].

Regarding claim 6: The combination of Lee, T, Lee, K and Imamoto teaches the method of claim 5.
Lee, K further teaches further comprising concatenating the multiple outputs of the proof-validation function and the second output value (para[0232], Bounds of hash iteration for various security levels s.sub.i are b.sub.1, b.sub.2, b.sub.3, . . . , b.sub.i, . . . , b.sub.x. Concatenation of (d.parallel.d.sub.n.parallel.Q) selects security level s.sub.i among x security levels, where x=20, 32 or others. This method uses 2n-bit hash function, where 2n.gtoreq.512 like SHA-512. H.sub.b (z.sub.1, z.sub.2) means bit truncation of H.sub.b from bit z.sub.1 to bit z.sub.2.).

Regarding claim 7: The combination of Lee, T, Lee, K and Imamoto teaches the method of claim 6.
Lee, T further teaches further comprising performing a commitment process between the first party and the second party on the concatenation of the multiple outputs of the proof- validation function and the second output value (para [123-126], he OTP token module of the video terminal n decodes the encrypted group key E.sub.Kn OTP(Gn) in the control message received from the MCU with the generated one-time password Kn OTP in step 1014. The OTP token module of the video terminal n acquires a desired group key Gn by decoding the encrypted group key E.sub.Kn OTP(Gn) in step 1015. Decoding of the encrypted group key may be expressed as shown in Expression 1…. After acquiring the group key, the video terminal n generates an acknowledgement message Gn OK using the group key, and sends the generated acknowledgement message Gn OK to the MCU in step 1016. The video terminal then initiates the video conference through participation in the video conference in step 1017)..

Regarding claim 8: The combination of Lee, T, Lee, K and Imamoto teaches the method of claim 2.
Lee further teaches wherein the refreshing of the correlated random variables is performed locally in each of the multiple parties based on a random seed known to each of the multiple parties (pars. 27 and 57; the present invention provides a method for distributing a group key in a video conference system, the method including: when a video terminal is required to participate in video conference, generating a one-time password at a specific time based on synchronization time information with the video terminal; encrypting a group key corresponding to the video conference with the generated one-time password and transmitting the encrypted group key to the video terminal; and causing the video terminal to participate in the video conference in response to an acknowledgement message from the video terminal…The video terminal group 120 is a group of video terminals for group video conference using a group key acquired from the MCU 110 by the challenge/response system or the time synchronization system. The video terminal in the video terminal group 120 uses a unique one-time password, but uses the same group key to participate in the video confere).

Regarding claim 9: The combination of Lee, T, Lee, K and Imamoto teaches the method of claim 8.
Lee, T further teaches wherein the refreshing of the correlated random variables comprising the multiple parties agreeing on a random seed and each party of the multiple parties locally computing new values for the correlated random variables based on the random seed and prior values of the correlated random variables (pars. 48-50, fig. 1; The challenge/response system is based on responding to a challenge value from an OTP server, and the synchronization system is based on synchronization between an OTP server and a terminal…. A token generates a new password through a hash function using a random number value from a server and a secret value stored in the token as inputs. Since a challenge value and a response value are exchanged between a server and a client, mutual authentication is possible, users are generating OTP from random number;…the time synchronization system uses both a secret key value and a current time as inputs of a hash function. The time synchronization system is based on time synchronization between a server and a client. The time synchronization system is widely used in OTP solutions using physical hardware tokens. All users have a hardware token capable of generating a one-time password, which includes a clock providing accurate time).

Regarding claim 10: The combination of Lee, T, Lee, K and Imamoto teaches the method of claim 8.
Claim 10 is drawn to the method of using the corresponding method claimed in claim 1. Therefore, claim 10 correspond to method claim 1 and is rejected for the same reasons of obviousness as used above.

Regarding claim 11: The combination of Lee, T, Lee, K and Imamoto the method of claim 1.
Lee, K further teaches wherein each party of the multiple parties receives at least two values of correlated random variables (Fig 16B).

Regarding claim 12: The combination of Lee, T, Lee, K and Imamoto teaches the method of claim 11.
Lee, T further teaches wherein one of the values of the correlated random variables sent to the first party is an outcome of a function receiving as input two values of correlated random variables sent to the second party [fig. 10 elements 1013 to 1016, pars. 49 and 123-126].


Claims 13 is rejected under 35 U.S.C. 103 as being unpatentable over LEE et. al. (US 20090154707 A1), hereinafter referred to as Lee,T and LEE et. al. (US 20110055585 A1), hereinafter referred to as Lee, K, IMAMOTO et. al. (US 20060143453 A1), hereinafter referred to as Imamoto and AHMED et. al. (US 20190036678 A1), hereinafter referred to as Ahmed.

Regarding claim 13: The combination of Lee, T, Lee, K and Imamoto teaches the method of claim 13.
Ahmed further teaches wherein the function comprises multiplying one value stored in each party of the multiple parties (para 314-315; FIG. 21 illustrates a mapping of numbers to primes, in accordance with an embodiment of the present specification. The table 2100 shows a first column 2105 of natural numbers in order acting as an index, a second column 2110 of a listing of all quasi natural numbers (where a number is a quasi-prime if and only if any product of natural number that multiplies together to be the number forces one or both of the factors to be the number one, as previously defined) and a third column 2115 is a binary string in Prime Arithmetics that is used to name a prime in a corresponding position of the second column 2110. If k>1 and composite then [p(k)].sub.p=<1_0_[A].sub.p.sub._[B].sub.p.sub._[C].sub.p . . . [Z].sub.p>, where, A, B, C, . . . Z are the prime natural numbers that multiply together to form k) and 
a XOR between the result of the multiplying and another value stored in the second party (the attribute-based encryption scheme uses a masking operation with a private key. This masking operation could be any operation like XOR operation, AND operation, or any other operation known to persons of ordinary skill in the art. FIG. 29 illustrates a workflow for an attribute-based encryption scheme that uses an XOR masking operation to obtain unique private keys, in accordance with an embodiment of the present specification. The attribute-based encryption scheme 2900, generates a unique RSA key pair where the private key 2925 is d. Assume that there are n users 2905 and each user has a unique user ID 2910.sub.1 through 2910.sub.n corresponding to personal attributes of each user. These unique user IDs are passed through SHA256 2915 to obtain 256-bit unique values 2920.sub.1 through 2920.sub.n (that is, hashes of each user ID). Next, a bit size of the private key d 2925 is checked. If the bit size of the private key 2925 is concurrent to 0 under mod 256 then we XOR it (XOR operation being referenced as 2930 in the figure) with a SHA256 bit value. If the bit size of the private key 2925 is not concurrent to 0 under mod 256 then we use suitable padding to make it concurrent to 0 under mod 256 and then XOR it with a SHA 256-bit value. As a result, we have unique private keys 2935.sub.1 through 2935.sub.n of each user corresponding to a single public key).
Given the teachings as a whole, it would have been obvious to one of ordinary skills in the art before the effective filing date of the claimed invention to specify multiplying the numbers as suggested by Ahmed with the combined inventions of Lee, T, Lee, K and Imamoto in order to perform an excusive OR between the result and other user (See Ahmed, para [314-315, 558]). 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUHAMMED JAMIL RAHMAN whose telephone number is (571)272-2272. The examiner can normally be reached M-F 7:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MUHAMMED JAMIL RAHMAN/Examiner, Art Unit 2497
/ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497