DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 12/17/2020.
Claims 1-5 are submitted for examination.
Claims 1-5 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority
This 371 application filed on December 17, 2020 claims priority of PCT application PCT/CN2020/070400 filed on January 06, 2020, Foreign application CN20190904251.5 filed on September 24, 2019.

Information Disclosure Statement
The following Information Disclosure Statements in the instant application submitted in compliance with the provisions of 37 CFR 1.97, and thus, have been fully considered:
IDS filed on 17 December 2020.

Claim Objections
Claims 1-5 recites limitation, “A Quantum Digital Signature (QDS)-based mail system and a transceiving method….”. The claim recites both system and method. Examiner suggest reciting the claims as only one statutory  category either system or a method. It is also advised that should applicant decide to make the claims as system claim, then to add hardware processor and/or memory to make claim  35 U.S.C. 101 compliant.
Claims 3 and 5 are objected to because of the following informalities:  Claim 3 recites limitations, “…wherein if the transmitting end sends bit-0 information, a combination of the sent message..”, “…if bit-1 information is sent, a combination of the sent message..”. Claim 5 recites a limitation, “…..step 3-1: if the message sent by the client A to the server..”, “…step 3-2: if the BER is greater than a BER threshold set by the server..”, “…step 3-4: if the BER is greater than a minimum BER threshold set by the system..”., “…if the BER is less than the minimum BER threshold set by the system…”.
Examiner suggest replacing “if” with “in response to” or “when”. Appropriate correction is required.
Claim 1 recites a limitation, “…a use terminal corresponding to the application layer comprises clients A and B and a server S..”. 
Examiner suggest replacing “use terminal” with “user terminal”.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 1 recites the limitation, “…in the first procedure, the server verifies a message signature, and in the second procedure, the receiving end B verifies the message signature..”.  Claim 3, recites a limitation, “…step 2-2: according to the requirements in a QDS protocol…”. Claim 5, recites a limitation “…discarding, by the server, the whole message and informing the client A that the message fails to be sent and needs to be resent; otherwise, forwarding the whole received message to the receiving end B..”.
There is insufficient antecedent basis for this limitation in the claim.

Claim 2 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 2 recites a limitation, “..assuming that the client A needs to send a message to the client B..”. It is not clear that the client A sends a message to client B or not as it is just an assumption. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Chuang et al. (US PGPUB. # US 2002/0199108, hereinafter “Chung”, provided by applicant in an IDS), and further in view of Yuan et al. (US PGPUB. # US 2019/0149327, hereinafter Yuan). 

Regarding Claim 1, Chung teaches,
A Quantum Digital Signature (QDS)-based mail system and a transceiving method, wherein: 
a use terminal corresponding to the application layer comprises clients A and B and a server S; (¶34, “Alice sends her public keys to a key distribution center, as indicated in step 106”, ¶37, “all recipients' public keys pass the swap test, all the recipients should now have identical public keys”, i.e. Alice is considered as client A and other two recipients are considered as client B and a server S) the client A serves as a transmitting end and the client B servers as a receiving end; (¶29, “Alice sends a classical message, and the t recipients use the public keys to verify that the message was sent by Alice”, i.e. Alice is considered as client A that serves as transmitting end and the t recipient is considered as client B) and the mail transceiving method comprises: a quantum key distribution (QKD) phase, (¶29, “The first step is the key distribution stage, where Alice creates and distributes quantum states which we shall refer to as her public keys”) a mail signature phase, ( and a signature verification phase; 
in the QKD phase, the transmitting end A needs to acquire two sets of keys respectively for the server S and the receiving end B, which are used to encrypt bits 1 and 0 respectively, (¶33, “Alice creates 2t copies of each of the states {.vertline..function.k.sub.0.sup.j&gt;, .vertline..function.k.sub.1.sup.j- &gt;}, as represented in step 104. These will be Alice's public keys”, Fig. 1(108), ¶35, ¶12, “the digital signature is used to create a key which is secure for encrypted transmission of information in one direction In one embodiment”, ¶13, claim 3, “wherein the digital signature is used to create a key which is secure for encrypted transmission of information in one direction”) [wherein the keys are generated by the physical layer and stored in the key layer; and when required, the application layer takes the corresponding keys out of the key layer at any time]; 
in the mail signature phase, the client is in charge of signing a message with the possessed keys; (¶38, “ Alice sends the signed message (b, k.sub.b.sup.1,k.sub.b.sup.2, . . . , k.sub.b.sup.M) over an insecure classical channel”, i.e. message is signed and sent to recipients) and 
the signature verification phase comprises two verification procedures: in the first procedure, the server verifies a message signature, and in the second procedure, the receiving end B verifies the message signature. (Fig. 1(122), ¶39, “Each recipient of the signed message checks each of the revealed public keys to verify that k.sub.b.sup.j.vertline..function..sub.k&gt;, as indicated in step 122”, i.e. both recipients verifies message indicates that there are two verification procedures).
Chung does not teach explicitly,
the mail system is a three-layer structure formed by a physical layer, a key layer, and an application layer; the physical layer is a key generation terminal and is used to generate a key string for signature in real time; the key layer is used to store the key string generated by the physical layer and provide a required key to the upper layer, namely, the application layer when required; and the application layer is a transceiving software part in the mail system, and is used to extract keys generated by the physical layer from the key layer so as to encrypt information to be sent;
[in the QKD phase, the transmitting end A needs to acquire two sets of keys respectively for the server S and the receiving end B, which are used to encrypt bits 1 and 0 respectively], wherein the keys are generated by the physical layer and stored in the key layer; and when required, the application layer takes the corresponding keys out of the key layer at any time; 
However, Yuan teaches,
the mail system is a three-layer structure formed by a physical layer, (Fig. 2(230), ¶42, “Key-generation layer 230”) a key layer (Fig. 2(220), ¶42, “key-management layer 220”), and an application layer; (Fig. 2(210), ¶42, “application layer 210”) the physical layer is a key generation terminal (Fig. 2(230), ¶42, “Key-generation layer 230”) and is used to generate a key string for signature in real time; (Fig. 2, ¶43, “ quantum engines 232 and 234 can communicate over a quantum channel 242; generate, according to predetermined cryptography protocols, secure quantum keys; and transmit the generated quantum keys to corresponding key-management platforms”) the key layer is used to store the key string generated by the physical layer and provide a required key to the upper layer, namely, the application layer when required; (Fig. 2, ¶44, “The key-management platforms (e.g., key-management platforms 222 and 224) store and manage quantum keys. In addition, they can respond to key requests from the cryptographic application modules. For example, cryptographic application module 212 can request encryption key(s) from key-management platform 222; and cryptographic application module 214 can request encryption key(s) from key-management platform 224”) and the application layer is a transceiving software part in the mail system, and is used to extract keys generated by the physical layer from the key layer so as to encrypt information to be sent; (¶27, “Each application can receive the quantum key from its corresponding key-management platform and uses the received quantum key to encrypt/decrypt data”, ¶45, “Cryptographic application modules 212 and 214 can obtain encryption keys from key-management platforms 222 and 224, respectively, and then use the obtained encryption keys to establish a secure communication channel 246”)
[in the QKD phase, the transmitting end A needs to acquire two sets of keys respectively for the server S and the receiving end B, which are used to encrypt bits 1 and 0 respectively], wherein the keys are generated by the physical layer and stored in the key layer; (Fig. 2, ¶43, “ quantum engines 232 and 234 can communicate over a quantum channel 242; generate, according to predetermined cryptography protocols, secure quantum keys; and transmit the generated quantum keys to corresponding key-management platforms”)  and when required, the application layer takes the corresponding keys out of the key layer at any time; (Fig. 2, ¶44, “The key-management platforms (e.g., key-management platforms 222 and 224) store and manage quantum keys. In addition, they can respond to key requests from the cryptographic application modules. For example, cryptographic application module 212 can request encryption key(s) from key-management platform 222; and cryptographic application module 214 can request encryption key(s) from key-management platform 224”).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Yuan with the invention of Chung.
Chung teaches, a sender sent a message utilizing quantum digital signature and the receiver verifies the message utilizing quantum key to authenticate the sender. Yuan teaches, quantum key distribution utilizing three layers. Therefore, it would have been obvious to have used quantum key distribution utilizing three layers of Yuan with a sender sent a message utilizing quantum digital signature and the receiver verifies the message utilizing quantum key to authenticate the sender of Chung to reduce the cost of generating and maintaining quantum keys while sending a message in a secure way.
KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Claims 2-5 	Objected
Chung teaches, a quantum digital signature system, which employs a public key, which is constructed from quantum bits, and a private key, which is a set of classical bits. Copies of the public key are distributed to a number of recipients in the first stage of the protocol. To sign a message, the sender reveals a portion of the private keys; since only she knows these, they authenticate her as the source of the message. The signature cannot be forged, and multiple recipients will always agree on the validity of a signature. (¶10). Chung further teaches, 1. Alice creates a set {k.sub.0.sup.j,k.sub.1.sup.j}, 1.ltoreq.i.ltoreq.M, of pairs of L-bit strings, as represented in step 102. The k.sub.0's will be used to sign 0's in the message, and the k.sub.1's will be used to sign 1's. Note k.sub.0.sup.j and k.sub.1.sup.j are chosen independently and randomly for each i. 2. Alice creates 2t copies of each of the states {.vertline..function.k.sub.0.sup.j&gt;, .vertline..function.k.sub.1.sup.j- &gt;}, as represented in step 104. These will be Alice's public keys. 3. Alice sends her public keys to a key distribution center, as indicated in step 106. 4. Each of the t recipients downloads two copies of each {.vertline..function.k.sub.0.sup.j&gt;, .vertline..function.k.sub.1.sup.j- &gt;}, as indicated for a group of t=3 recipients in step 108. One copy will be used to verify the message, and one to test for Alice cheating. The public keys have been labeled by Alice, so the recipients know which key is which (but not the identities of the individual keys). 5. Finally, for each value of i, the recipients verify that they all received the same public keys using the swap test. Each recipient first performs a swap-test between their two keys, as indicated at step 110. Then each passes one copy to a single recipient, as indicated at step 112. That recipient checks that these t test keys remain unchanged when any pair is swapped, as indicated at step 114. If any of the public keys fail the test, the protocol is aborted and each recipient so informs the from whom he or she received a key, and/or the person to whom he or she sent a key, as indicated at step 116. Otherwise, as indicated at step 118, the test is passed, and the recipients discard the test keys, keeping one copy of the public key originally obtained in step 108. (Fig. 1, ¶32-¶36). 1. Alice sends the signed message (b, k.sub.b.sup.1,k.sub.b.sup.2, . . . , k.sub.b.sup.M) over an insecure classical channel, as indicated in step 120. Thus, Alice reveals the identity of half of her public keys. 2. Each recipient of the signed message checks each of the revealed public keys to verify that k.sub.b.sup.j.vertline..function..sub.k&gt;, as indicated in step 122. Recipient j counts the number of incorrect keys; let this be s.sub.j. 3. As indicated in step 124, recipient j accepts the message if s.sub.j.ltoreq.c.sub.1M, and rejects it if s.sub.j.gtoreq.c.sub.2M. If c.sub.1M&lt;,s.sub.j&lt;c.sub.2M, the action taken by recipient j varies with the scenario. For instance, j might consult with the other recipients, as indicated in step 126, to compare the value of s that each has computed. If a sufficiently small number (or percentage) of recipients compute a questionable result s, the message may be deemed acceptable. (Fig. 1, ¶38-¶40). Thus each recipients verifies the received message.
Yuan teaches, a method for distributing quantum keys between first and second applications running on first and second client devices, respectively. During operation, a first application running on the first client device can transmit a first key request to a first quantum-key-management (QKM) module managing a first set of quantum keys, and transmit a notification to the second application running on the second client device, the notification prompting the second application to transmit a second key request to a second QKM module managing a second set of quantum keys. The first application can receive, from the first QKM module, a first quantum key based on the first key request, in response to the first QKM module determining that the second application receives a second quantum key based on the second key request. (Abstract). 
Petros Wallden teaches, QDS schemes have two stages, the distribution stage and  the messaging stage. In the latter stage, a message is actually sent and signed. While details vary, different schemes share common features. During the distribution stage Alice sends a quantum signature, a sequence of quantum states, to Bob and Charlie. In order to prevent repudiation, they can either compare their states [2] or symmetrize them [3–6]. Bob and Charlie then either store the quantum signature or measure it and store the outcomes. In the messaging stage, which could occur much later, Alice wants to sign a message. During the messaging stage, Alice sends the classical description of the quantum signature, and Bob and Charlie confirm that
this is compatible with their stored information. Importantly, the participants must be able to decide on the validity and transferability of the message without further communication with other participants. The two protocols are denoted P1 and P2. There are many possible variations on these protocols, e.g., using different quantum states for the quantum signatures (such as phaseencoded coherent states) or different types of measurements (unambiguous quantum state discrimination, minimum-error measurements, etc.). Here, we will focus on protocols employing BB84 states, as they are well studied in the context of QKD, and this choice allows for the first proof of security against coherent forging attacks. P1 is inspired by the protocol in Refs. [5,6], while P2 only uses quantum-mechanical features to produce secret shared
classical keys using QKD. After this, P2 continues with a classical scheme, with information-theoretic security relying on the security of the shared secret keys. This means that the functionality of information-theoretically secure digital
signatures follows directly from point-to-point QKD. To our knowledge, there are few information-theoretically secure classical digital signature schemes based on secret shared keys, and all of them require extra assumptions such as the existence
of a trusted third party [8,9] or the existence of authenticated broadcast channels [10]. Using P2, the functionality of digital signatures is implied by sharing secret keys alone. Since P1 uses the same “quantum hardware” as the generation of secret keys by QKD, for use in P2, it is an open question whether P1 or P2 is most resource efficient, in particular when generalizing to more than three parties. Just as for QKD, for QDS schemes one assumes that between each pair of the parties, Alice, Bob and Charlie, there exists an authenticated classical channel, guaranteeing that classical messages cannot be tampered with. Such channels are resource inexpensive [11]. Moreover, for both QKD and QDS it is essential that participants can be sufficiently sure that if a quantum state is sent, then (approximately) that same quantum state is also received, without an eavesdropper or forger having learned (too much) about it. How to achieve
this is well established for QKD, and we expect that similar techniques can be used for QDS. We further comment on this in the discussion at the end. However, for the moment, we will for P1 make the stronger assumption (which existing QDS protocols also make) that there are authenticated ideal quantum channels between the participants. This guarantees that the quantum state any participant sends is received by the intended recipient. Nevertheless, we formulate our protocol with nonideal channels in mind, and also note that analysis of previous QDS experiments [4,6] has considered imperfections in scenarios with only individual forging attacks. (Section I).
	However, none of the art teaches recited claim limations.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Hughes et al. (US PGPUB. # US 2013/0083926) discloses, innovations for quantum key management harness quantum communications to form a cryptography system within a public key infrastructure framework. In example implementations, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a Merkle signature scheme (using Winternitz one-time digital signatures or other one-time digital signatures, and Merkle hash trees) to constitute a cryptography system. More generally, the quantum key management innovations combine quantum key distribution and a quantum identification protocol with a hash-based signature scheme. This provides a secure way to identify, authenticate, verify, and exchange secret cryptographic keys. Features of the quantum key management innovations further include secure enrollment of users with a registration authority, as well as credential checking and revocation with a certificate authority, where the registration authority and/or certificate authority can be part of the same system as a trusted authority for quantum key distribution. 
Nordholt (US PGPUB. # US 2013/0101121) discloses, techniques and tools for implementing protocols for secure multi-party communication after quantum key distribution ("QKD") are described herein. In example implementations, a trusted authority facilitates secure communication between multiple user devices. The trusted authority distributes different quantum keys by QKD under trust relationships with different users. The trusted authority determines combination keys using the quantum keys and makes the combination keys available for distribution (e.g., for non-secret distribution over a public channel). The combination keys facilitate secure communication between two user devices even in the absence of QKD between the two user devices. With the protocols, benefits of QKD are extended to multi-party communication scenarios. In addition, the protocols can retain benefit of QKD even when a trusted authority is offline or a large group seeks to establish secure communication within the group.
	Samid, Gideon (US PGPUB. # US 2017/0250796) discloses, a method to secure data, using large undisclosed amounts of randomness, replacing the algorithmic complexity paradigm. Its security is credibly appraised through combinatorics calculus, and it transfers the security responsibility to the user who determines how much randomness to use. This Trans-Vernam cryptography is designed to intercept the Internet of Things where the ‘things’ operate on limited computing capacity and are fueled by fast draining batteries. Randomness in large amounts may be quickly and conveniently stored in the most basic IOT devices, keeping the network safe.
Kim et al. (US PGPUB. # US 2016/0359624) discloses, an apparatus for quantum cryptographic communication includes a light source configured to generate an optical pulse which is transmitted to a plurality of quantum code sending devices, and a quantum entanglement measuring unit configured to receive the optical signal generated from each of the plurality of quantum code sending devices and measure a relation among quantum states of the optical signals received from the plurality of quantum code sending devices; the optical signal being generated by encoding a key to a quantum state of the optical pulse. The apparatus for quantum cryptographic communication may further include a signal direction determining unit, a reflector for reflecting the optical pulse or the optical signal, an arbitrary phase shifter, or a modulator for encoding a digital signal corresponding to the key to the optical pulse.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498