Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed action
Claims 1, 19 and 21 are pending and are being considered.
Claims 2-18, 20 and 22 have been cancelled.

Examiner Note: The examiner notes that the term “computer program product comprising: a ser of storage device(s)” refers to storage device excluding transitory signal per se storage. See [0013-0014] storage devices refer storage medium, as used herein, is not to be construed as being transitory signals per se.
Examiner's Amendments
An examiner's amendment to the record appears below. Should the changes and/or additions
be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. Authorization for this examiner's amendment was given in a telephone interview from David B Woycechowsky Reg. No. 39079 on 05/19/2022.
AMEND THE CLAIMS AS FOLLOWS:
1. 	(currently amended) A computer-implemented method for a limited operation asymmetric cryptographic key scheme, the method comprising: 
configuring a master key pair for use in a cryptographic key system, the master key pair having certificate authority for a pre-defined number of signature operations; 
generating a plurality of random key pairs from the master key pairs; 
establishing a first certificate chain layer for the plurality of random key pairs by creating subordinate certificates for each random key pair in the plurality of random key pairs, each random key pair having the pre-defined number of signature operations of the master key pair;
 [[and]] repeating the configuring operation, the generating operation and the establishing for M layers, wherein M is an integer greater than or equal to one, and wherein each [[-]] random key pair generated in a previous layer acts in the way that the master key pair does by generating another set of random keys and signing subordinate certificates in a next layer;
determining that a first leaf node key pair has been used a predetermined number of times, with the first leaf node key pair being a key pair most distant from a root level of a hierarchy of key pairs of M layers created by repeating the configuring, generating and establishing operations; 
responsive to the determination that the first leaf node key pair has been used a predetermined number of times, retiring the first leaf node key pair;
and validating each random key pair used for signature operation by retrieving from storage of client computer system key pairs required for validation operation, wherein [[a]] the validation operation is handled remote from hardware hosting the limited operation asymmetric cryptographic key scheme. 
2.		(cancelled)
19. 	(Currently amended) A computer program product for a limited operation asymmetric cryptographic key scheme, the computer program product comprising:
 a set of storage device(s); 
and computer code stored collectively in the set of storage device(s), with the computer code including data and instructions to cause a processor(s) set to perform at least the following operations:
 configuring a master key pair for use in a cryptographic key system, the master key pair having certificate authority for a pre-defined number of signature operations; [[,]]
 generating a plurality of random key pairs from the master key pairs; [[, ]]
establishing a first certificate chain layer for the plurality of random key pairs by creating subordinate certificates for each random key pair in the plurality of random key pairs, each random key pair having the pre-defined number of signature operations of the master key pair;
[[, and]] repeating the configuring operation, the generating operation and the establishing for M layers, wherein M is an integer greater than or equal to one, and where each key pair generated in a previous layer acts in the way that the master key pair does by generating another set of random keys and signing subordinate certificates in a next layer;
determining that a first leaf node key pair has been used a predetermined number of times, with the first leaf node key pair being a key pair most distant from a root level of a hierarchy of key pairs of M layers created by repeating the configuring, generating and establishing operations; 
responsive to the determination that the first leaf node key pair has been used a predetermined number of times, retiring the first leaf node key pair;
and validating each random key pair used for signature operation by retrieving from storage of client computer system key pairs required for validation operation, wherein [[a]] the validation operation is handled remote from hardware hosting the limited operation asymmetric cryptographic key scheme.
20.	(Cancelled)
21.	 (Currently amended) A computer system for a limited operation asymmetric cryptographic key scheme, the computer system comprising:
 a processor(s) set; 
a set of storage device(s); 
and computer code stored collectively in the set of storage device(s), with the computer code including data and instructions to cause the processor(s) set to perform at least the following operations: 
configuring a master key pair for use in a cryptographic key system, the master key pair having certificate authority for a pre-defined number of signature operations; [[,]] 
generating a plurality of random key pairs from the master key pairs; [[,]] 
establishing a first certificate chain layer for the plurality of random key pairs by creating subordinate certificates for each random key pair in the plurality of random key pairs, each random key pair having the pre-defined number of signature operations of the master key pair;
[[, and]] repeating the configuring operation, the generating operation and the establishing for M layers, wherein M is an integer greater than or equal to one, and where each key pair generated in a previous layer acts in the way that the master key pair does by generating another set of random keys and signing subordinate certificates in a next layer;
determining that a first leaf node key pair has been used a predetermined number of times, with the first leaf node key pair being a key pair most distant from a root level of a hierarchy of key pairs of M layers created by repeating the configuring, generating and establishing operations; 
responsive to the determination that the first leaf node key pair has been used a predetermined number of times, retiring the first leaf node key pair;
and validating each random key pair used for signature operation by retrieving from storage of client computer system key pairs required for validation operation, wherein [[a ]] the validation operation is handled remote from hardware hosting the limited operation asymmetric cryptographic key scheme
22.	(Cancelled)

Response to arguments
Applicants arguments filled on 02/08/2022 have been fully considered and are persuasive.
Allowable Subject matter
Claims 1, 19 and 21 are allowed.
Examiner’s Statement of Reason for Allowance
According to 37 C.F.R. 1.104(e), it is the examiner's discretion to evaluate at the time of allowance whether the record of the prosecution as a whole does not make clear his or her reasons for allowing a claim or claims and set forth such a reasoning. At this time, the examiner believes that the claims allowed above require a separate reasoning to make the record clearer. The applicant or patent owner may file a statement commenting on the reasons for allowance within such time as may be specified by the examiner.
The following is an examiner’s statement of reasons for allowance:
In interpreting the currently amended claims in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.
The present invention is directed towards method and system for a limited operation asymmetric cryptographic key scheme that performs the following operations (not necessarily in the following order): (i) configuring a master key pair for use in a cryptographic key system, the master key pair having certificate authority for a pre- defined number of signature operations; (ii) generating a plurality of random key pairs from the master key pairs; and (iii) establishing a first certificate chain layer for the plurality of random key pairs by creating subordinate certificates for each random key pair in the plurality of random key pairs, each random key pair having the pre-defined number of signature operations of the master key pair.
Claims 1, 19 and 21 identifies a unique and distinct feature of “…..repeating the configuring operation, the generating operation and the establishing for M layers, wherein M is an integer greater than or equal to one, and where each key pair generated in a previous layer acts in the way that the master key pair does by generating another set of random keys and signing subordinate certificates in a next layer; determining that a first leaf node key pair has been used a predetermined number of times, with the first leaf node key pair being a key pair most distant from a root level of a hierarchy of key pairs of M layers created by repeating the configuring, generating and establishing operations….” including other limitations in the claims.
The closest prior art Wong et al (US 20150339664) is directed towards enhancing the security of a communication device (e.g., a portable communication device) when conducting a transaction using the communication device. The techniques described herein can be used with a communication device that may or may not have a secure element, because the techniques do not require the use of a secure element to safeguard account credentials. Embodiments of the invention instead utilize limited-use account parameters that may have a limited lifespan, and once expired, may no longer be used to conduct a transaction until the limited-use account parameters are replenished from the cloud.
Wong teaches configuring master key pair use in cryptographic operation for pre-defined signature operations and establishing chain of certificate for each random key pair, but fails to explicitly teach repeating the configuring operation, the generating operation and the establishing for M layers, wherein M is an integer greater than or equal to one, and where each key pair generated in a previous layer acts in the way that the master key pair does by generating another set of random keys and signing subordinate certificates in a next layer; determining that a first leaf node key pair has been used a predetermined number of times, with the first leaf node key pair being a key pair most distant from a root level of a hierarchy of key pairs of M layers created by repeating the configuring, generating and establishing operations.
The closest prior art Edwards et al (EP 1637297) is directed towards a method for securing firmware, comprising: generating a firmware digital certificate for a layer of firmware, wherein the firmware operates a hardware component of a compute node, wherein the firmware digital certificate comprises an attribute certificate, and wherein the firmware digital certificate comprises: a cumulative hash of the layer of firmware, wherein the cumulative hash comprises a concatenation of: a hash of the layer of firmware; and a hash of each one or more lower layers of the firmware; and a nonce; and authenticating the layer of firmware using a trusted data store.
Edwards teaches generating plurality of random key and repeating configuration operations for number of layers for certificate chain, however just like Wong Edwards also fails to teach repeating the configuring operation, the generating operation and the establishing for M layers, wherein M is an integer greater than or equal to one, and where each key pair generated in a previous layer acts in the way that the master key pair does by generating another set of random keys and signing subordinate certificates in a next layer; determining that a first leaf node key pair has been used a predetermined number of times, with the first leaf node key pair being a key pair most distant from a root level of a hierarchy of key pairs of M layers created by repeating the configuring, generating and establishing operations.
Therefore, the prior art of record does not teach or suggest individually or in combination the particular limitation listed below as recited in the claims.
“…..repeating the configuring operation, the generating operation and the establishing for M layers, wherein M is an integer greater than or equal to one, and where each key pair generated in a previous layer acts in the way that the master key pair does by generating another set of random keys and signing subordinate certificates in a next layer; determining that a first leaf node key pair has been used a predetermined number of times, with the first leaf node key pair being a key pair most distant from a root level of a hierarchy of key pairs of M layers created by repeating the configuring, generating and establishing operations….”
None of the prior art of record, either taken individually or in any combination, would have anticipated or made obvious the invention of the instant application at or before the time it was filled.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522. The examiner can normally be reached 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOEEN KHAN/               Examiner, Art Unit 2436               
                                                                                                                                                                          /KHOI V LE/Primary Examiner, Art Unit 2436