DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 05/02/2022.
In the instant Amendment, claims 2 and 3 were cancelled; claims 1, 6, 8 and 10 have been amended; and claims 1 and 8 are independent claims.  Claims 1 and 4-10 have been examined and are pending.  This Action is made FINAL.

Response to Arguments
The rejections of claims 8 and 10 under 35 U.S.C. § 101 is withdrawn as the claims have been amended.
Applicants’ arguments in the instant Amendment, filed on 05/02/2022, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicant’s arguments: “Applicant respectfully submits that the Office Action has not established that Uhr discloses amended claim 1.” 
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Uhr discloses in response to determining that an encrypted connection over Internet need to be performed between a server and a client, authenticating, by the server, an identity of the client by a blockchain-based authentication mechanism (Uhr: ¶0073 a peer-to-peer (P2P)-network-based distributed database on the basis of public key cryptography; ¶0121 the block-chain-based certificate management server 300 extracts the certificate-specific public key and the user verification hash information [] and transmits a certificate validity check signal that is composed of the extracted certificate-specific public key and user verification hash information); wherein the authenticating, by the server, the identity of the client by a blockchain-based authentication mechanism comprises: authenticating, by the server, the identity of the client according to a blockchain-based certificate system (Uhr: ¶0056 generated user verification hash information and user verification-specific transaction ID information); and wherein the authenticating, by the server, the identity of the client according to a blockchain-based certificate system comprises: searching for, by the server, whether a corresponding personal certificate is present in the blockchain-based certificate system according to user information, and indicating that the identity authentication of the client is successful in response to determining that the corresponding personal certificate is present in the blockchain-based certificate system (Uhr: ¶0111 the blockchain-based-certificate authentication request server 500 includes a DB unit 510, and the included DB unit 510 has a member-specific user identification information DB 511 in which identification information of the user operating the user terminal 100 is stored and also in which user identification information identical to blockchain-based-certificate-issuance-specific composed of user identification information that has been used when the blockchain-based certificate is issued and designated user identification information corresponding to pre-designated user identification information among the user identification information are stored). More specifically, Uhr discloses before generating the certificate-specific public key and the certificate-specific private key, the user terminal 100 may check whether a user operating the user terminal 100 has registered identification information of the user in the blockchain-based-certificate issuance request server 200 [0045], the blockchain-based-certificate issuance request server 200 has a DB unit 210, which includes a member-specific user identification information DB 211 in which the identification information of the user operating the user terminal 100 is stored [0046], the blockchain-based-certificate issuance request server 200 matches the transmitted blockchain-based-certificate-issuance-specific personal information to the member-specific user identification information DB 211 [0047] and a user confirmation authentication signal may be transmitted to the blockchain-based-certificate authentication request server 500 [0128]. However, the reference Reddy discloses authenticating, by the client, the identity of the server by a DNSSEC-based mechanism (Reddy: ¶0033 binding the server certificate to the domain name using DNS Security Extensions (DNSSEC); ¶0069 at step 825 [] the device may use the stored certificate information to validate the server certificate for the domain). More specifically, Reddy discloses a Domain Name Service (DNS) server pre-fetches domain information regarding a domain that includes certificate information for the domain. The DNS server receives a DNS request that includes a security request for the domain in metadata of a Network Service Header (NSH) of the DNS request. The DNS server retrieves the certificate information for the domain from the pre-fetched information regarding the domain, in response to receiving the security request [0044]. Therefore, as the metes and bounds of the limitation of been met as noted above; the examiner finds this argument not persuasive.

Applicant’s arguments: “The Office Action has not established that Reddy cures the deficiencies.” 
The Examiner disagrees with the Applicants. The Examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, Uhr teaches a blockchain-based-certificate issuing system in which a means for directly generating a certificate-specific public key and a certificate-specific private key is provided in a user terminal operated by a user and Reddy teaches a network security system to validate a server certificate. Uhr and Reddy are both from the same analogues art and therefore they are combinable. One of the ordinary skill in the art, before the effective filing date of the claimed invention would been motivated to combine the two references to drive at applicant invention. Therefore, as the metes and bounds of the limitation of been met as noted above; the examiner finds this argument not persuasive.

The amended claims 1, 10 and 15 have been addressed in rejection below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1 and 4-10 are rejected under 35 U.S.C. 103 as being unpatentable over UHR et al. (“Uhr,” US 2018/0227293) in view of Reddy et al. (“Reddy,” US 2017 /0339130).

Regarding claim 1: Uhr discloses a blockchain and Domain Name System Security Extensions (DNSSEC)-based user authentication method, comprising:
in response to determining that an encrypted connection over Internet need to be performed between a server and a client, authenticating, by the server, an identity of the client by a blockchain-based authentication mechanism (Uhr: ¶0073 a peer-to-peer (P2P)-network-based distributed database on the basis of public key cryptography; ¶0121 the block-chain-based certificate management server 300 extracts the certificate-specific public key and the user verification hash information [] and transmits a certificate validity check signal that is composed of the extracted certificate-specific public key and user verification hash information);
wherein the authenticating, by the server, the identity of the client by a blockchain-based authentication mechanism comprises: authenticating, by the server, the identity of the client according to a blockchain-based certificate system (Uhr: ¶0056 generated user verification hash information and user verification-specific transaction ID information); and
wherein the authenticating, by the server, the identity of the client according to a blockchain-based certificate system comprises: searching for, by the server, whether a corresponding personal certificate is present in the blockchain-based certificate system according to user information, and indicating that the identity authentication of the client is successful in response to determining that the corresponding personal certificate is present in the blockchain-based certificate system (Uhr: ¶0111 the blockchain-based-certificate authentication request server 500 includes a DB unit 510, and the included DB unit 510 has a member-specific user identification information DB 511 in which identification information of the user operating the user terminal 100 is stored and also in which user identification information identical to blockchain-based-certificate-issuance-specific composed of user identification information that has been used when the blockchain-based certificate is issued and designated user identification information corresponding to pre-designated user identification information among the user identification information are stored).
Uhr does not explicitly disclose authenticating, by the client, the identity of the server by a DNSSEC-based mechanism.
However, Reddy discloses authenticating, by the client, the identity of the server by a DNSSEC-based mechanism (Reddy: ¶0033 binding the server certificate to the domain name using DNS Security Extensions (DNSSEC); ¶0069 at step 825 [] the device may use the stored certificate information to validate the server certificate for the domain).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Reddy with the system/method of Uhr to include authenticating, by the client, the identity of the server by a DNSSEC-based mechanism. 
One would have been motivated to performs a TLS handshake with a network device and receives a certificate for the domain as part of the TLS handshake and validates the certificate for the domain using the certificate information (Reddy: ¶0014).
  
Regarding claim 4: Uhr in view of Reddy discloses the method of claim 1.
Uhr further discloses before the authenticating, by the server, the identity of the client according to a blockchain-based certificate system, establishing a blockchain-based certificate system, generating a personal certificate for each legitimate user, and issuing and storing the personal certificate by the blockchain-based certificate system (Uhr: fig. 1 a blockchain-based-certificate issuing system; ¶0104 the blockchain holding servers 400 record [] user verification-specific transaction information in the blockchain to complete issuance of a blockchain-based certificate (S180); ¶0105 when the issuance of the blockchain-based certificate is completed, the blockchain-based-certificate management server 300 notifies the user terminal 100 of the completion of the issuance of the blockchain-based certificate (S190)).

Regarding claim 5: Uhr in view of Reddy discloses the method of claim 1.
Reddy further discloses wherein the authenticating, by the client, the identity of the server by a DNSSEC-based mechanism comprises: validating, by the client, a server certificate by DNSSEC to authenticate the identity of the server (Reddy: ¶0062 the DNS server may also employ DNSSEC with the domain by retrieving DNSSEC record information for the domain as part of the pre-fetch and using the record information to validate the domain).
The motivation is the same that of claim 1 above.

Regarding claim 6: Uhr in view of Reddy discloses the method of claim 5.
Reddy further discloses searching for, by the client, a transport layer security authentication (TLSA) record corresponding to the server, and performing DNSSEC validation, indicating that the identity authentication of the server is successful in response to determining that the DNSSEC validation passes (Reddy: ¶0034 DANE proposes that the DNS server store the certificate/fingerprint as part of a TLSA record that is signed using DNSSEC [] Thus, the certificate stored by the DNS server is controlled by the domain name holder, which may be self-signed or signed by a particular certificate authority).
The motivation is the same that of claim 1 above.

Regarding claim 7: Uhr in view of Reddy discloses the method of claim 6.
Reddy further discloses before the validating, by the client, a server certificate by DNSSEC to authenticate the identity of the server implementing DNSSEC for a domain name of the server; generating a server certificate for the server, and generating a corresponding TLSA record according to the server certificate, the TLSA record including the server certificate (Reddy: ¶0040 a DANE lookup involves multiple DNS requests and responses (e.g., to obtain a DNSKEY/RRSIG chain up from the root and to validate the chain of DNSSEC signatures); ¶0053 DNS recursive service 516 may pre-fetch information about the domain of HTTPS server 518 and store the fetched information in a local cache [] this pre-fetching may entail maintaining a reputation score for the domain, performing a DANE lookup for the domain, fetching DNSSEC records, performing any DNSSEC validation, storing TLSA records for the domain, or performing any other operation to obtain domain/certificate information regarding the domain of HTTPS server 518).
The motivation is the same that of claim 1 above.

Regarding claim 8: Uhr discloses a blockchain and DNSSEC-based user authentication system, comprising:
a client equipment and a server equipment (Uhr: ¶0044 the user terminal 100 is a mobile terminal capable of Internet access, such as a smartphone; ¶0057 the blockchain- based-certificate management server 300 includes [] a transaction processing engine 320, and a hash processing engine 330);
wherein the server equipment is configured to authenticate an identity of the client equipment by a blockchain-based authentication mechanism (Uhr: ¶0073 a peer-to-peer (P2P)-network-based distributed database on the basis of public key cryptography; ¶0121 the block-chain-based certificate management server 300 extracts the certificate-specific public key and the user verification hash information [] and transmits a certificate validity check signal that is composed of the extracted certificate-specific public key and user verification hash information).
Uhr does not explicitly disclose the client equipment is configured to authenticate an identity of the server equipment by a DNSSEC-based mechanism.
However, Reddy discloses the client is configured to authenticate the identity of the server by a DNSSEC-based mechanism (Reddy: ¶0033 binding the server certificate to the domain name using DNS Security Extensions (DNSSEC); ¶0069 at step 825 [] the device may use the stored certificate information to validate the server certificate for the domain).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Reddy with the system/method of Uhr to include the client is configured to authenticate the identity of the server by a DNSSEC-based mechanism. 
One would have been motivated to performs a TLS handshake with a network device and receives a certificate for the domain as part of the TLS handshake and validates the certificate for the domain using the certificate information (Reddy: ¶0014).
wherein the server equipment searches for whether a corresponding personal certificate is present in the blockchain-based certificate system according to user information, and indicating that the identity authentication of the client equipment is successful in response to determining that the corresponding personal certificate is present in the blockchain-based certificate system (Uhr: ¶0111 the blockchain-based-certificate authentication request server 500 includes a DB unit 510, and the included DB unit 510 has a member-specific user identification information DB 511 in which identification information of the user operating the user terminal 100 is stored and also in which user identification information identical to blockchain-based-certificate-issuance-specific composed of user identification information that has been used when the blockchain-based certificate is issued and designated user identification information corresponding to pre-designated user identification information among the user identification information are stored).

Regarding claim 9: Uhr in view of Reddy discloses the method of claim 1.
Uhr further discloses an electronic device, comprising: a memory, a processor, and a computer program stored in the memory and executable by the processor, wherein the processor is configured to execute the program to implement the steps of the blockchain and DNSSEC- based user authentication method of claims 1 (Uhr: ¶0044 the user terminal 100 is a desktop computer such as a personal computer (PC) and [] the user terminal 100 is a mobile terminal capable of Internet access, such as a smartphone).
  
Regarding claim 10: Uhr in view of Reddy discloses the method of claim 1.
Uhr further discloses a non-transitory computer readable storage medium storing a computer program, wherein the computer program is executable by a processor to implement the steps of the blockchain and DNSSEC-based user authentication method of claims 1 (Uhr: ¶0043 the user terminal 100 includes [] an information storage unit 102 configured to store data or an application program).




Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439            



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439