DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 03/21/2022.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/21/2022 has been entered.
Status of claims in the instant application:
Claims 1-15 are pending.
No claim has been amended.
No claim has been canceled.
No new claim has been added.
Response to Amendment
Applicants arguments, page [7] of the remarks filed on 03/21/2022, regarding interpretation of claims under 35 USC 112(f), have been fully considered, but they are not persuasive. Therefore the interpretation of claims under 35 USC 112(f) are maintained, and the Applicant is directed to Examiner’s response below.
Applicant’s arguments, page [7-9] of the remarks filed on 03/21/2022,  with respect to rejection of claims 1-15 under 35 USC 103 as it applies to Yang prior art have been considered, but they are not persuasive. Therefore the Applicant is directed to Examiner’s response below.
Applicant’s arguments regarding Hernandez is moot, as this art is no longer being used in the rejections of claims in this office action.
Applicant states, page [7] of the remarks filed on 03/21/2022:
“The terms "security device" and " computing device" were interpreted under 35 U.S.C. § 112(f). Applicant disagrees that these terms should be so interpreted. A term is not a generic placeholder and 35 U.S.C. § 112(f) does not apply "[i]f persons of ordinary skill in the art reading the specification understand the term to have a sufficiently definite meaning as the name for the structure that performs the function."MPEP 2182(I)(A). The Office Action quotes portions of Applicant's Detailed Disclosure that, when read, a person of ordinary skill in the art would understand the terms to be the name of the structure. Non-Final Office Action dated March 15, 2021, pages 4-6. Applicant respectfully requests the interpretations under 35 U.S.C. § 112(f) be withdrawn.”
In response, as a matter of formality, Examiner first notes that the section of MPEP “MPEP 2182(I)(A)” that that the Applicant noted does no deal with “interpretation of claims under 35 USC 112(f)”
In response, Examiner notes that there is/was no “Non-Final Office Action” dated March 15, 2021. The last “Non-Final Office Action” was mailed on 04/15/2021. Examiner further notes that Applicant’s arguments, in response to the last “Non-Final Office Action” mailed on 04/15/2021, regarding interpretation of claims under 35 USC 112(f) were already addressed in the last “Final Office Action” mailed on 10/20/2021. Therefore, the Applicant is directed to the above final office action for Examiner’s response.
Examiner further notes that the term “computing device” is/was not interpreted under 35 USC 112(f), as the term is generally understood in the art to provide a known structure. It was rather a note to the Applicant indicating that the term “computing device” would not invoke interpretation of claims under 35 USC 112(f). This was also noted in the final office action noted above.
Examiner has also responded regarding the term “security device” in the “Final Office Action” mailed on 10/20/2021, and the Applicant is directed to the above final office action for Examiner’s response.
Examiner further notes that the term “security device” is explained in the specification with description and function, using devices like “smartphones, smart watches, tablet computers, jewelry with embedded electronics (e.g., bracelets, rings, broaches, etc.), smart cards (e.g., a credit card, an identification card, etc.), and/or an electronic hanko, etc”. But this does not make those devices to be generally accepted as the name “security device” as claimed by the Applicant.
In response, Examiner first notes that the term “computing device” was not interpreted under 35 U.S.C. § 112(f). It was only noted that the term “computing device” as in the claim is an accepted hardware term. Examiner also notes that MPEP 2182(I)(A) does not appear to describe that Applicant is pointing out.  
Examiner directs Applicant to MPEP 2181(I) that says, “In response to the Office action that finds that 35 USC 112(f) is invoked, if applicant does not want to have the claim limitation interpreted under 35 USC 112(f), applicant may: (1) present a sufficient showing to establish that the claim limitation recites sufficient structure to perform the claimed function so as to avoid interpretation under 35 USC 112(f); or (2) amend the claim limitation in a way that avoids interpretation under 35 USC 112(f) (e.g., by reciting sufficient structure to perform the claimed function).”
MPEP 2181(I) also says:
“Instead of using “means” in such cases, a substitute term acts as a generic placeholder for the term “means” and would not be recognized by one of ordinary skill in the art as being sufficiently definite structure for performing the claimed function. “The standard is whether the words of the claim are understood by persons of ordinary skill in the art to have a sufficiently definite meaning as the name for structure." Williamson, 792 F.3d at 1349, 115 USPQ2d at 1111; see also Greenberg v. Ethicon Endo-Surgery, Inc., 91 F.3d 1580, 1583, 39 USPQ2d 1783, 1786 (Fed. Cir. 1996”
Applicant states, see page [7-8] of the remarks filed on 03/21/2022, that, “First, the devices of Yang do not generate their own private keys. Yang describes a cryptography scheme where a secure server generates a common session key and then generates secret keys for each of the devices based on the common session key. Yang et al., paras. [0107], [0113], [0114], [0175], and [0176]; see also FIG. 3 and FIG. 5. This means that the secure server of Yang transmits the secret keys for the device never outside of its security perimeter. This is  {10206807: }7a problem with prior cryptography schemes, such as the ones described in Yang. See Applicant's Detailed Disclosure, paragraphs [0015] and [0019]. Second, in the system of Yang, the secret keys that are generated by the secure server for each of the devices are related to each other by virtue of being based on the same common session key. Yang et al., paras. [0107], [0113], [0114], [0175], and [0176]; see also FIG. 3 and FIG. 5. Regarding the creation of the secret key on the second device, Yang states, in part:
Prior to adding entities to the entity-pair authentication and the common session key generation system in accordance with embodiments of the invention, server, which is configured as a Key Generation Centre, will first initiate a setup procedure based on a discrete-logarithm type signature scheme to generate a master secret key "x" and a master public key "y".... When first entity, i, registers itself with the secure server, the secure server will... generate a private key, ski, for the first entity using the first entity's identity, id;... [W]hen the next entity, that is when second entity, j, registers itself with the secure server, the secure server will... generate a private key, ski, for the second entity using the second entity's identity, idj... [S]erver will receive the arbitrary value Rii and the identity of entity, id;. Server then selects a random number random number ri2 E7q* where Z q* are non-zero residuals of modular q. Based on the selected random number r;2 and the received information, server then computes an arbitrary value R; that is to be accorded to entity as Ri=Riigr i2 or Ri=Ri/gr i2 and also  computes an   integer sii as sii=r,2+xH(R;,idi)(mod q) or sii=-r,2+xH(R;,idi)(mod q) where x is the previously generated master secret key "x" and H( ) is the hash function as contained in the parameters of the mpk. 
Id. This is a problem with prior cryptography schemes. Applicant's Detailed Disclosure states that systems that rely on a trusted dealer may have a problem because "the trusted dealer may be, in some circumstances, untrustworthy dealers that abuse their power to forge users' signatures... trusted dealers become a single point of failure in the signing scheme.... If a trusted dealer is compromised, all the master private keys it holds or generates are also compromised." See Applicant's Detailed Disclosure, para. [0019]. Accordingly, Yang does not teach or suggest , a second security device associated with the signer configured to generate and store a second private key, the second private key being generated independently from the first private key, as set forth in claim 1.”
In response, Examiner disagrees with Applicant’s characterization of the Yang  prior art that it does not disclose the first and second device independently generating and storing their private keys. Applicant has cited various paras. ([0107], [0113], [0114], [0015], [0019], [0107], [0113], [0114], [0175], and [0176]) from Yang prior art. But Applicant has neither acknowledged nor commented on Para [0030] of Yang prior art that was cited by the Examiner in previous office action disclosing the first and second device creating/storing their own private keys. Examiner reproduces relevant parts of Para [0030] of Yang below:
“Yang, Para [0030]: According to a second aspect of the invention, a system for generating a common session key SK for encoding digital communications between a first device i and a second device j that are participating in a self-certified identity based signature scheme is disclosed, the system comprising: a secure server configured to instruct: the first device to compute a private key sk.sub.i based on a first set of parameters received from the secure server, and a random number r.sub.i1 generated by the first device, wherein the first set of parameters is generated by the secure server based on a second random number r.sub.i2 generated by the secure server, a first set of components comprising the first random number r.sub.i1, a master secret key x and parameters associated with a master public key mpk, wherein the first set of components is generated by the first device and transmitted to the secure server, and the second device to compute a private key sk.sub.j based on a second set of parameters received from the secure server, and a random number r.sub.j1 generated by the second device, wherein the second set of parameters is generated by the secure server based on a second random number r.sub.j2 generated by the secure server, a second set of components comprising the first random number r.sub.j1, the master secret key x and the parameters associated with a master public key mpk, wherein the second set of components is generated by the second device and transmitted to the secure server.”
Examiner further notes that para [0102, 0105] of Yang prior art, cited in previous office action, discloses storing the secret keys in the device memory:
“Yang, Para [0102]:  FIG. 2 illustrates a block diagram representative of components of an electronic device 200 that is provided within entities 105, 110 and server 120 for implementing embodiments in accordance with embodiments of the invention. One skilled in the art will recognize that the exact configuration of each electronic device provided within the entities or the server may be different and the exact configuration of electronic device 200 may vary and FIG. 2 is provided by way of example only.
Yang, Para [0105]:  Memory 220 and operating system 206 are in data communication with CPU 205 via bus 210. The memory components include both volatile and non-volatile memory and more than one of each type of memory, including Random Access Memory (RAM) 220, Read Only Memory (ROM) 225 and a mass storage device 245, the last comprising one or more solid-state drives (SSDs). Memory 220 also includes secure storage 246 for securely storing secret keys, or private keys. It should be noted that the contents within secure storage 246 are only accessible by a super-user or administrator of device 200 and may not be accessed by any user of device 200. One skilled in the art will recognize that the memory components described above comprise non-transitory computer-readable media and shall be taken to comprise all computer-readable media except for a transitory, propagating signal. Typically, the instructions are stored as program code in the memory components but can also be hardwired. Memory 220 may include a kernel and/or programming modules such as a software application that may be stored in either volatile or non-volatile memory.”
Examiner further notes that Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
Applicant states, see page [9] of the remarks filed on 03/21/2022, that, “The system as claimed in claim 1 has technical benefits over the system of Yang and Hernindez, taken singly or in combination. Unlike the systems of Yang and Hernindez, the system as claimed in claim 1 does not use a central authority as a trusted dealer to act as a single point of failure. Additionally, unlike the systems of Yang and Hernindez, the system as claimed in claim 1 is structured so it does not transmit the private keys outside of the security perimeter of the devices involved. Thus, the private keys of the system of claim 1 cannot be intercepted in transit.”
In response, Examiner notes that in Yang, the private keys are not generated by any central server, they are generated by each device itself and are stored within the devices, as disclosed by Yang para [0030]. 
Applicant states, see page [9] of the remarks filed on 03/21/2022, that, “Neither Yang nor Hernindez teach or suggest a second security device associated with the signer configured to generate and store a second private key, the second private key being generated independently from the first private key. Accordingly, the combination of Yang and Hernindez cannot teach such a feature. Accordingly, claim 1 and all claims depending therefrom are in condition for allowance.”
In response, Examiner notes that Examiner’s previous response already clarified that Yang prior art does disclose generating and storing first and second private keys separately by the first and second device.
Applicant states, see page [9] of the remarks filed on 03/21/2022, that, “Claim 9 is in condition for allowance. Claim 9 sets forth, in part, by a second security device associated with the signer, generating and storing a second private key, the second key being generated independently of the first private key. For at least the reasons discussed above, the combination of Yang and Hernindez cannot teach such a feature. Accordingly, claim 9 and all claims depending therefrom are in condition for allowance. “
In response, Examiner notes that Applicant’s argument for claim 9 is similar to the ones made for claim 1 that the Examiner has already responded above. As such, the Applicant is directed to Examiner’s response above.
In addition, Applicant’s arguments regarding all the dependent claims rely on the same ones made for independent claim above that have already been addressed by the Examiner. Hence the Applicant is also directed to Examiner’s previous response for all the dependent claims. 
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f):
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f). The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) because the claim limitations use a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitations are:
	Claim 1 recites: (a) a first security device storing a first private key, the first security device configured to … generate a first signature …; (b) a second security device storing a second private key independently generated from the first private key, the second security device configured to … generate a second signature …;
Claim 2 recites: (a) … first security device is additionally configured to …; (b) … second security device is additionally configured to …
	Claim 4 recites: (a) … the first security device is additionally configured to generate …
Because these claim limitations are being interpreted under 35 U.S.C. 112(f), they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
An investigation of the specification reveals the following:
“Para [0028]: The system includes two or more security devices each storing an independently generated private key that is associated with its own public key. The security devices may be any portable electronic device that is capable of (a) securely storing the independently generated private key, (b) receiving an input from a signer, (c) reliably authenticating the identity of the signer based on that input, (d) receiving a message to generate a signature, (e) generating the signature with the independently generated private key and the message, and (f) transmitting the signature to a computing device (e.g., a server, etc.) requesting the signature. In some examples, the security devices may be smartphones, smart watches, tablet computers, jewelry with embedded electronics (e.g., bracelets, rings, broaches, etc.), smart cards (e.g., a credit card, an identification card, etc.), and/or an electronic hanko, etc. In some examples, each security device is configured to physically receive an input (e.g., a biometric identifier such as a fingerprint, a password, etc.) from the signer independently from any other security device. In some examples, each security device communicates with computing device (e.g., via a wireless connection to the Internet, etc.). Alternatively, in some examples, one of the security devices acts as a primary device that communicates with the computing device (e.g., via a wireless connection to the Internet, etc.) while other security devices communicate with the primary device via a local area network (e.g., a wireless local area network, a Bluetooth.RTM. Low Energy connection, etc.) to communicate with the computing device.
Para [0031]: FIG. 2 illustrates a system that employs composite-key key asymmetric cryptography that uses multiple private keys that are independent of each other. FIG. 2 illustrates a Comp Key signing scheme using a first security device 202 and a second security device 204 (e.g., security devices 300 as shown in FIGS. 3 and 4 below).”
Examiner considers that the above description in the specification describes the terms first and second security devices as hardware/structural elements performing the recited functions in the claims.
Examiner also considers the term “computing device” as recited in the claims is generally accepted as a known hardware element that can execute software/program/algorithms, thus the term “computing device” does not invoke interpretation of claims under 35 USC 112(f).
If applicant does not intend to have these limitations interpreted under 35 U.S.C. 112(f), applicant may:  (1) amend the claim limitations to avoid them being interpreted under 35 U.S.C. 112(f) (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid them being interpreted under 35 U.S.C. 112(f).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6-9 and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Pub. No.: US 2019/0372763 A1 to YANG et al. (hereinafter “YANG”)                       in view of Pub. No.: US 2010/0174909 A1 to ASHDOWN (hereinafter “ASHDOWN”).
Regarding Claim 1. YANG discloses A system for generating a digital signature (YANG: FIG. 1, Abstract, Para [0008-0011]) comprising:
a first security device associated with a signer configured to generate and store a first private key (YANG, FIG. 1, Para [0030, 0100, 0102, 0105, 0118]: … a system for generating a common session key SK for encoding digital communications between a first device i and a second device j that are participating in a self-certified identity based signature scheme is disclosed  … the first device to compute a private key sk.sub.i based on a first set of parameters … The system illustrated in FIG. 1 comprises devices or entities 105, 110, that are wirelessly connected to secure server 120 … FIG. 2 illustrates a block diagram representative of components of an electronic device 200 that is provided within entities 105, 110 and server 120 for implementing embodiments in accordance with embodiments of the invention … Memory 220 also includes secure storage 246 for securely storing secret keys, or private keys … identity, id.sub.i, and the generated homomorphic encryption value c and the additive homomorphic encryption function to server 120. Similarly, the identity, id.sub.i, of entity 105 may comprise its user (signer) name, email address, telephone number, IP address, MAC address, or any alphanumeric combination that may be utilized to uniquely identify entity 105 …) and, [in response to receiving a message, generate a first signature based on the message and the first private key];
a second security device associated with the signer configured to generate and store a second private key the second private key being generated independently from the first private key (YANG, FIG. 1, Para [0030,, 0100,  0102, 0105, 0118]: … a system for generating a common session key SK for encoding digital communications between a first device i and a second device j that are participating in a self-certified identity based signature scheme is disclosed … the second device to compute a private key sk.sub.j based on a second set of parameters … The system illustrated in FIG. 1 comprises devices or entities 105, 110, that are wirelessly connected to secure server 120 … FIG. 2 illustrates a block diagram representative of components of an electronic device 200 that is provided within entities 105, 110 and server 120 for implementing embodiments in accordance with embodiments of the invention … Memory 220 also includes secure storage 246 for securely storing secret keys, or private keys … identity, id.sub.i, and the generated homomorphic encryption value c and the additive homomorphic encryption function to server 120. Similarly, the identity, id.sub.i, of entity 105 may comprise its user (signer) name, email address, telephone number, IP address, MAC address, or any alphanumeric combination that may be utilized to uniquely identify entity 105  …), [in response to receiving the message, generate a second signature based on the message and the second private key]; and
However YANG does not explicitly teach, but ASHDOWN from same or similar field of endeavor teaches:
“in response to receiving a message, generate a first signature based on the message and the first private key (ASHDOWN, FIG. 1-2, Para [0019-0020]: … The method of FIG. 1 optionally uses either a symmetric or an asymmetric cryptographic scheme. When symmetric cryptography is used, both the sender and the recipient are in possession of the same two cryptographic keys. Thus, the sender uses the first and second cryptographic keys to digitally sign the message and the recipient uses the same first and second cryptographic keys to verify the digital signatures. Alternatively, when asymmetric cryptography is used, the sender is in possession of private keys and the recipient is in possession of public keys associated with the private keys. Alternatively, the public keys are publicly available as they are not usable for generating the digital signature. Thus, the sender uses first and second private keys to digitally sign the message and the recipient uses first and second public keys to verify the digital signatures … The method of FIG. 2 is discussed in terms of an asymmetric cryptography scheme, but optionally symmetric cryptography is used instead. At 200 a sender provides an electronic document or message, which comprises digital data, for transmission to a recipient via a communications network. At 202 a system that is associated with the sender performs a hashing routine to generate a digest of the electronic document. Optionally, the hashing routine is performed within a security module comprising a secure processor. The digest is signed at 204 using a first private key associated with the sender, so as to generate a first signed digest …);
in response to receiving the message, generate a second signature based on the message and the second private key (ASHDOWN, FIG. 1-2, Para [0019-0020]: … The method of FIG. 1 optionally uses either a symmetric or an asymmetric cryptographic scheme. When symmetric cryptography is used, both the sender and the recipient are in possession of the same two cryptographic keys. Thus, the sender uses the first and second cryptographic keys to digitally sign the message and the recipient uses the same first and second cryptographic keys to verify the digital signatures. Alternatively, when asymmetric cryptography is used, the sender is in possession of private keys and the recipient is in possession of public keys associated with the private keys. Alternatively, the public keys are publicly available as they are not usable for generating the digital signature. Thus, the sender uses first and second private keys to digitally sign the message and the recipient uses first and second public keys to verify the digital signatures … The method of FIG. 2 is discussed in terms of an asymmetric cryptography scheme, but optionally symmetric cryptography is used instead. At 200 a sender provides an electronic document or message, which comprises digital data, for transmission to a recipient via a communications network. At 202 a system that is associated with the sender performs a hashing routine to generate a digest of the electronic document. Optionally, the hashing routine is performed within a security module comprising a secure processor. The digest is signed at 204 using a first private key associated with the sender, so as to generate a first signed digest. The digest is also signed at 206 using a second private key associated with the sender, so as to generate a second signed digest …);
a computing device remote from the first security device and the second security device (ASHDOWN, Para [0020]: …  At 200 a sender provides an electronic document or message, which comprises digital data, for transmission to a recipient via a communications network …), the computing device configured to:
responsive to receiving a request for the digital signature, send the message to the first security device and the second security device (ASHDOWN, Para [0020, 0023]: … Referring now to FIG. 2, shown is a simplified flow diagram of a method according to an embodiment of the instant invention. The method of FIG. 2 is discussed in terms of an asymmetric cryptography scheme, but optionally symmetric cryptography is used instead. At 200 a sender provides an electronic document or message, which comprises digital data, for transmission to a recipient via a communications network. At 202 a system that is associated with the sender performs a hashing routine to generate a digest of the electronic document. Optionally, the hashing routine is performed within a security module comprising a secure processor. The digest is signed at 204 using a first private key associated with the sender, so as to generate a first signed digest. The digest is also signed at 206 using a second private key associated with the sender, so as to generate a second signed digest. Optionally, a different digest is generated by repeating step 202 using different hashing routine prior to step 206, and the different digest is then signed at 206 using the second private key associated with the sender. At 208 the first signed digest and the second signed digest are transmitted, with the electronic document or message, to the recipient via the communications network. At 210 the recipient verifies the digital signatures based on each one of the first private key and the second private key. If both digital signatures are verified, then at 212 the digitally signed message is accepted as being authentic. However, if one of the digital signatures is not verified, then the digitally signed message is rejected at 214 … By way of a specific and non-limiting example, a method according to at least one embodiment of the instant invention may be applied to data transfer involving portable security modules. Portable security modules connect to computers and other electronic devices via an interface, such as for instance a Universal Serial Bus (USB) interface. The security modules include a memory element, typically flash memory, and a processor. A set of cryptographic keys is stored in a secure portion of the module. When digital data that is encoded using a plurality of cryptographic keys is provided to the module, the module retrieves a plurality of corresponding keys from a set of keys that is stored in the secure portion of the module, and uses the retrieved plurality of corresponding keys to verify the digital signatures associated with the digital data. For instance, when the digital data comprises a firmware upgrade for the module, then it can be determined that the firmware originates from a trusted source by confirming that the digital data is digitally signed using each of the plurality of cryptographic keys, the plurality of cryptographic keys being verifiable as belonging to the trusted entity. The firmware upgrade is installed if, and only if, it is determined that the digital data comprising the firmware upgrade has been signed using each of the plurality of cryptographic keys. Otherwise, the portable security module does not install the firmware upgrade. Of course, where asymmetric encryption is used, the public keys are optionally retrievable from a public key store instead of being stored within the receiving device …);
responsive to receiving the first signature and the second signature, generate a composite cryptographic signature based on the first signature and the second signature (ASHDOWN, Para [0018, 0020]: … Referring to FIG. 1, shown is a simplified flow diagram of a method according to an embodiment of the instant invention. At 100 a sender digitally signs a message using a first cryptographic key and digitally signs the same message using a second cryptographic key. Both the first cryptographic key and the second cryptographic key are associated with the same sender. Accordingly, the sender digitally signs the same message two times, once using the first cryptographic key and once using the second cryptographic key. At 102 the digitally signed message is transmitted to a recipient via a communications network …  Referring now to FIG. 2, shown is a simplified flow diagram of a method according to an embodiment of the instant invention. The method of FIG. 2 is discussed in terms of an asymmetric cryptography scheme, but optionally symmetric cryptography is used instead. At 200 a sender provides an electronic document or message, which comprises digital data, for transmission to a recipient via a communications network. At 202 a system that is associated with the sender performs a hashing routine to generate a digest of the electronic document. Optionally, the hashing routine is performed within a security module comprising a secure processor. The digest is signed at 204 using a first private key associated with the sender, so as to generate a first signed digest. The digest is also signed at 206 using a second private key associated with the sender, so as to generate a second signed digest. Optionally, a different digest is generated by repeating step 202 using different hashing routine prior to step 206, and the different digest is then signed at 206 using the second private key associated with the sender. At 208 the first signed digest and the second signed digest are transmitted, with the electronic document or message, to the recipient via the communications network. At 210 the recipient verifies the digital signatures based on each one of the first private key and the second private key. If both digital signatures are verified, then at 212 the digitally signed message is accepted as being authentic. However, if one of the digital signatures is not verified, then the digitally signed message is rejected at 214 …); and
append the composite cryptographic signature to a digital document (ASHDOWN, Para [0020]: … At 208 the first signed digest and the second signed digest are transmitted, with the electronic document or message, to the recipient via the communications network …).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of ASHDOWN into the teachings YANG, because it discloses that “the methods that are described with reference to FIGS. 1 and 2 are executed using N keys, where N.gtoreq.2. Increasing the number of keys results in improved security since every key must be compromised in order to digitally sign fraudulent data. Compromise of all keys at the same time likely would be the result only of an "inside job." (ASHDOWN: Para [0022])”.
Regarding Claim 6. The combination of YANG-ASHDOWN discloses the system of claim 1, ASHDOWN further discloses, “wherein the computing device does not store a private key used to generate the cryptographic signature (ASHDOWN, Para [0023]: : …  a method according to at least one embodiment of the instant invention may be applied to data transfer involving portable security modules. Portable security modules connect to computers and other electronic devices via an interface, such as for instance a Universal Serial Bus (USB) interface. The security modules include a memory element, typically flash memory, and a processor. A set of cryptographic keys is stored in a secure portion of the module …).”
The motivation to further combine ASHDOWN remains same as in claim 1.
Regarding Claim 7. The combination of YANG-ASHDOWN discloses the system of claim 1, YANG further discloses, “wherein the first security device and the second security device are communicatively coupled to the computing device (YANG, Para [0100-0101]: … The system illustrated in FIG. 1 comprises devices or entities 105 (first security device), 110 (second security device), that are wirelessly connected to secure server 120 (computing device). Entities 105 and 110 each may comprise, but is not limited to, any device that is able to carry out wireless communicative functions such as a smart phone, a tablet computer, a mobile computer, a netbook, a wearable electronic device such as smart watch, smart plugs, or transceivers that may be found in smart devices or Internet of Things (IoT) enabled devices, and etc. … As for secure server 120, this server may comprise a secure cloud server or a remotely located secure server which is able to communicate wirelessly with entities 105 and 110 either through Internet 115 or directly with entities 105 and 110 …)”, and 
ASHDOWN further discloses, “where the first security device is configured to transmit the first signature to the computing device and the second security device is configured to transmit the second signature to the computing device (ASHDOWN, FIG. 2, Para 0020]: … At 202 a system that is associated with the sender performs a hashing routine to generate a digest of the electronic document. Optionally, the hashing routine is performed within a security module comprising a secure processor. The digest is signed at 204 using a first private key associated with the sender, so as to generate a first signed digest. The digest is also signed at 206 using a second private key associated with the sender, so as to generate a second signed digest. Optionally, a different digest is generated by repeating step 202 using different hashing routine prior to step 206, and the different digest is then signed at 206 using the second private key associated with the sender. At 208 the first signed digest and the second signed digest are transmitted, with the electronic document or message …).”
The motivation to further combine ASHDOWN remains same as in claim 1.
Regarding Claim 8. The combination of YANG-ASHDOWN discloses the system of claim 1, YANG further discloses, “wherein the first security device is communicatively coupled to the computer device, and the second security device is communicatively coupled to the first security device (YANG, Para [0100-0101]: … The system illustrated in FIG. 1 comprises devices or entities 105 (first security device), 110 (second security device), that are wirelessly connected to secure server 120 (computing device). Entities 105 and 110 each may comprise, but is not limited to, any device that is able to carry out wireless communicative functions such as a smart phone, a tablet computer, a mobile computer, a netbook, a wearable electronic device such as smart watch, smart plugs, or transceivers that may be found in smart devices or Internet of Things (IoT) enabled devices, and etc. … As for secure server 120, this server may comprise a secure cloud server or a remotely located secure server which is able to communicate wirelessly with entities 105 and 110 either through Internet 115 or directly with entities 105 and 110 …)”, and 
ASHDOWN further discloses, “where the second security device is configured to transmit the second signature to the first security device and the first security device is configured to transmit the first and second signatures to the computing device (ASHDOWN, FIG. 2, Para 0020]: … At 202 a system that is associated with the sender performs a hashing routine to generate a digest of the electronic document. Optionally, the hashing routine is performed within a security module comprising a secure processor. The digest is signed at 204 using a first private key associated with the sender, so as to generate a first signed digest. The digest is also signed at 206 using a second private key associated with the sender, so as to generate a second signed digest. Optionally, a different digest is generated by repeating step 202 using different hashing routine prior to step 206, and the different digest is then signed at 206 using the second private key associated with the sender. At 208 the first signed digest and the second signed digest are transmitted, with the electronic document or message …); Examiner’s Note: Each signer receives a signature from the previous signer, adds its own signature and forwards to the next signer who then verifies this combined signature created by sequentially verifying/adding signatures.”
The motivation to further combine ASHDOWN remains same as in claim 1.
Regarding Claim 9. This is a method claim corresponding to the system of claim 1, hence similarly rejected as claim 1.
Regarding Claim 14. This is a method claim corresponding to the system of claim 6, hence similarly rejected as claim 6.
Regarding Claim 15. This is a method claim corresponding to the system of claim 7, hence similarly rejected as claim 7.
Claims 2-3 and 10-11 are rejected under 35 U.S.C. 103 as being unpatentable over Pub. No.: US 2019/0372763 A1 to YANG et al. (hereinafter “YANG”)                       in view of Pub. No.: US 2010/0174909 A1 to ASHDOWN (hereinafter “ASHDOWN”), as applied to claim 1 above, and further in view of Pub. No.: US 2002/0186838 A1 to Brandys (hereinafter “Brandys”)
Regarding Claim 2. The combination of YANG-ASHDOWN discloses the system of claim 1, however it does not explicitly teach, but Brandys from same or similar field of endeavor teaches, “wherein:
the first security device is additionally configured to, before generating the first signature, authenticate the signer based on a first input to the first security device (Brandys, FIG. 5, Para [0034, 0055]: … The biometrics interface 110 (FIG. 1) is used to receive biometric data. By way of example the biometrics interface 110 may provide a contact device or an optical device to perform a finger scan or image (first input), an iris scan or image, a retina scan or image or to determine the geometry of a hand or a face. The biometrics interface may also provide a microphone to perform a voice or speaker analysis and verification. The biometrics interface may also provide a keyboard to perform key stroke dynamic analysis or a contact to perform stroke or writing dynamic analysis and verification … if the biometric data 216 is identified (and the identity of the user is authenticated), the process proceeds to a state 512, wherein a message digest for the message is created. Otherwise, if the biometric data 216 is not identified, the process ends … From state 512, the process proceeds to a state 516 wherein the message digest is encrypted by the encryption module 208 on the card 100 using the private key 224. The result is an encrypted message digest that is the digital signature 234 for the message 230. This digital signature 234 is added to the message 230 …); and
the second security device is additionally configured to, before generating the second signature, authenticate the signer based on a second input to the second security device (Brandys, FIG. 5, Para [0034, 0055]: … The biometrics interface 110 (FIG. 1) is used to receive biometric data. By way of example the biometrics interface 110 may provide a contact device or an optical device to perform a finger scan or image, an iris scan or image, a retina scan or image or to determine the geometry of a hand or a face. The biometrics interface may also provide a microphone to perform a voice (second input) or speaker analysis and verification. The biometrics interface may also provide a keyboard to perform key stroke dynamic analysis or a contact to perform stroke or writing dynamic analysis and verification … if the biometric data 216 is identified (and the identity of the user is authenticated), the process proceeds to a state 512, wherein a message digest for the message is created. Otherwise, if the biometric data 216 is not identified, the process ends … From state 512, the process proceeds to a state 516 wherein the message digest is encrypted by the encryption module 208 on the card 100 using the private key 224. The result is an encrypted message digest that is the digital signature 234 for the message 230. This digital signature 234 is added to the message 230 …).”
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Brandys into the combined teachings of YANG-ASHDOWN, because it discloses that “Incorporating the biometric data analyzer 200 into the smart card 100 is advantageous because it provides for an additional level of security. Any attempt to simulate the biometric data is extremely difficult because the details of the biometric data and the analysis algorithms are embedded into the smart card 100 and are unknown to a fraudulent user (Brandys, Para [0057])”.
Regarding Claim 3. The combination of YANG-ASHDOWN-Brandys discloses the system of claim 2, Brandys further discloses, “wherein the first input is a different type of input than the second input (Brandys, FIG. 5, Para [0034, 0055]:  … the biometrics interface 110 may provide a contact device or an optical device to perform a finger scan or image (first input), an iris scan or image, a retina scan or image or to determine the geometry of a hand or a face … The biometrics interface may also provide a microphone to perform a voice (second input) or speaker analysis and verification …).”
The motivation to combine Brandys remains same as in claim 2.
Regarding Claim 10. This is a method claim corresponding to the system of claim 2, hence similarly rejected as claim 2.
Regarding Claim 11. This is a method claim corresponding to the system of claim 3, hence similarly rejected as claim 3.
Claims 4-5 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Pub. No.: US 2019/0372763 A1 to YANG et al. (hereinafter “YANG”)                       in view of Pub. No.: US 2010/0174909 A1 to ASHDOWN (hereinafter “ASHDOWN”), as applied to claim 1 above, and further in view of Pub. No.: US 2020/0044861 A1 to Buldas et al. (hereinafter “Buldas”)
Regarding Claim 4. The combination of YANG-ASHDOWN discloses the system of claim 1, however it does not explicitly teach, but Buldas from same or similar field of endeavor teaches, “wherein:
the first security device is additionally configured to generate the first private key and a first public key including a first public modulus (Buldas, Para [0036, 0009-0012, 0058-0061]: … the methods and techniques taught herein may be used in conjunction with any suitable asymmetric cryptosystem in which public keys and private keys are generated … The first private key and a public key may be a first key pair. The second private key and a public key may be a second key pair … The first private key may comprise a first private modulus and a first private exponent. The second private key may comprise a second private modulus and a second private exponent. The public key may comprise a public exponent … The first private modulus may be a product of prime numbers. The second private modulus may be a product of prime numbers. Each of the prime numbers may be coprime to the public exponent … The method may further comprise generating a composite public modulus from the first private modulus and the second private modulus …); and
the second security device is additionally configured to generate the second private key and a second public key including a second public modulus (Buldas, Para [0036, 0009-0012]: … the methods and techniques taught herein may be used in conjunction with any suitable asymmetric cryptosystem in which public keys and private keys are generated … The first private key and a public key may be a first key pair. The second private key and a public key may be a second key pair … The first private key may comprise a first private modulus and a first private exponent. The second private key may comprise a second private modulus and a second private exponent. The public key may comprise a public exponent … The first private modulus may be a product of prime numbers. The second private modulus may be a product of prime numbers. Each of the prime numbers may be coprime to the public exponent … The method may further comprise generating a composite public modulus …).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Buldas into the combined teachings of YANG-ASHDOWN, because it discloses that “the client device may verify that the composite signature S has indeed been created using the server's private key. The client device may then determine that the composite signature S did in fact originate with the server and not with an adversarial party. In order to perform this verification, the client device checks that S.sup.e.ident.m mod n (Buldas, Para [0062])”.
Regarding Claim 5. The combination of YANG-ASHDOWN-Buldas discloses the system of claim 4, Buldas further discloses, “wherein the computing device is configured to generate the composite cryptographic signature further based on the first public modulus and the second public modulus (Buldas, Para [0036, 0009-0012, 0058-0061]: … the server calculates a public modulus n (so called because it can subsequently be made public). The modulus n is the product of n.sub.1 and n.sub.2 i.e. n=n.sub.1n.sub.2 …).”
The motivation to combine Buldas remains same as in claim 4.
Regarding Claim 12. This is a method claim corresponding to the system of claim 4, hence similarly rejected as claim 4.
Regarding Claim 13. This is a method claim corresponding to the system of claim 5, hence similarly rejected as claim 5.
Pertinent Prior Arts: The following prior arts made of record and not relied upon are considered pertinent to applicant's disclosure.
US-PGPUB 20110060903 (Yoshida): Yoshida discloses a group signature system that comprises a group administrator apparatus, signer apparatuses and a verifier apparatus which can communicate with one another. Here, in a group signature method used by the apparatuses, a multiplication cyclic group or a bilinear group in which an order is unknown as in RSA is not used at all, but a multiplication cyclic group gG of a prime order q is only used, and representation parts k.sub.i1 and k.sub.i2 are used as a member private key. Moreover, as information for tracing a signer, T.sub.i=G.sub.1 [k.sub.i1] is utilized, and k.sub.i1 is utilized for verifying revocation. In consequence, a calculation amount can be decreased to increase a calculation speed as compared with conventional [CG04], [FI05] and [DP06] systems.
The present invention relates to a group signature system, an apparatus and a storage medium, and more particularly, it relates to a group signature system, an apparatus and a storage medium which can decrease a calculation amount to improve a calculation speed.
	US-PAT 8578169 (Adams et al): Adams discloses a system and method of signing a message to be sent from a first communication device to a destination via a second communication device. The message includes a first portion on the first communication device and a second portion on the second communication device. The method includes receiving at the second communication device the first portion of the message and a first signature for the first portion from the first communication device; combining the first portion and the second portion to form the message; obtaining a second signature for the message; and sending the first signature, the second signature and the message from the second communication device to the destination.
The embodiments relate to the field of secure messaging, and more specifically to the field of secure messaging on communication devices.
US-PGPUB 20030110383 (Garay et al.): Garay discloses methods and apparatus are disclosed for generation of secure and efficient digital signatures in an information processing system. The system includes one or more user devices, a signing aid or other intermediary device, and a verifier. A given user device has associated therewith key pairs (s, p) and (s', p') corresponding to respective first and second digital signature protocols. As part of a setup process, an agreement relating to the public keys p and p' is signed by both the user device and the intermediary device, and the resulting twice-signed agreement is stored by both the user device and the intermediary device. A first digital signature s1 is then generated on a message m or a hash h(m) thereof in the user device using the secret key s' and is sent to the verifier. The verifier in turn sends s1 to the intermediary, and the intermediary checks that s1 is a valid digital signature for the user device. If s1 is valid, the intermediary device generates a second digital signature s2 on m or h(m) using the secret key s, and s2 is returned to the verifier as a signature generated by the user device. The intermediary may be configured to wait a predetermined delay period between checking that s1 is a valid signature and generating s2, such that a user may contact the intermediary device and upon providing an access code thereto direct the intermediary device not to generate s2.
The invention relates generally to cryptographic techniques which may be implemented in computer networks, wireless networks, communication devices or other types of information processing systems and devices, and more particularly to techniques for generating secure digital signatures in a computationally-efficient and theft-resistant manner within such systems and devices.
PGPUB US 20190207758 A1, Cambou: Cambou discloses a cryptographic infrastructure, which provides a method for generating private keys of variable length from a cryptographic table and a public key. This infrastructure provides an approximation of the one-time pad scheme. The cryptographic table is shared between a message sender and a message recipient by a secure transfer. After sharing the cryptographic table, no new private keys need to be sent - the private keys are independently generated by each party from the data contained within the shared cryptographic tables, using the public key. After public keys are exchanged, private keys may be generated and used to encrypt and decrypt messages and perform authentication cycles, establishing a secure communication environment between the sender and the recipient.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MAHABUB S AHMED/Examiner, Art Unit 2434
/KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434