Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	This action is in response to the remarks filed 5/31/2022.  Claims 1-20 are pending.  Claims 1 (a method), 12 (a method), and 15 (a non-transitory CRM) are independent.

Response to Arguments
Applicant's arguments filed 5/31/2022 have been fully considered but they are not persuasive. 
On page 12 of the remarks, Applicant argues that “while Whyte descries the use of linkage values to prevent access to a service, Bianchi’s special homomorphic property of discrete logarithms is used to grant access to a service resource.  The goals and objectives of Whyte and Bianchi are opposite.  As such, a person of ordinary skill in the art would not be motivated to combine Whyte and Bianchi as the Examiner asserts.”
This argument is not persuasive. 

In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, Biachi discloses that in the context of pseudonym certificates it was known to encrypt values with homomorphic encryption so as to allow computation on the encrypted values at the untrusted parties without relying on a trusted third party (Bianchi § 4.1-4.3).
Applicant’s discussing of the use of the encrypted data in Bianchi is not germane to the combination as those features were not cited and do not pertain to the underlying utility and obviousness of utilizing a special encryption to secure data that allows the computation on the data without the use of third parties.  Applicant’s argument is not persuasive.

On page 13 of the remarks Applicant argues: “the combination [of Whyte and Bianchi] would not yield the claimed invention …. Bianchi does not make use of pre-linkage, or linkage values.”  This argument is not persuasive.
In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
In this instance, Whyte was cited for the particular data in the “pre-linkage” values. Bianchi was cited only for the concept of using homomorphic encryption on the data of Whyte.  The statement of pre-linkage values in the discussion of Bianchi is clearly and necessarily related to the existence and use of the homomorphic encryption.  See prior Office Action mailed 3/02/2022.

For at least the above reasons, Applicant’s remarks are not persuasive.


Allowable Subject Matter
Claims 3, 7, 9, and 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Regarding claims 3 and 18, the combination of Whyte in view of Biachi does not disclose the further limitations of claims 3 and 19.  No further references were found which alone, or in combination with Whyte in view of Bianchi would anticipate or reasonably render obvious the further features of claims 3 and 19.
Regarding claim 7, the combination of Whyte in view of Bianchi disclose the further acts of verifying the group linkage values and conditioning the revocation on said verification.  Note that many of the limitations of claim 7 are similar to claim 5, which Whyte in view of Bianchi renders obvious.  No further references were found which alone, or in combination with Whyte in view of Bianchi would anticipate or reasonably render obvious the further features of claims 7.
Regarding claim 9, the combination of Whyte in view of Bianchi disclose the further acts of revoking only certificates with a particular type. No further references were found which alone, or in combination with Whyte in view of Bianchi would anticipate or reasonably render obvious the further features of claims 9.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 2, 4-6, 8, 10-17, 19, and 20 are is/are rejected under 35 U.S.C. 103 as being unpatentable over Whyte et al,. “A Security Credential Management System for V2V Communications” (published 2013), in view of Bianchi et al., “The SPARTA pseudonym an authorization system” (published 2008).

As to claim 1 Whyte discloses a method comprising: 
managing digital certificates by entities operable to perform computing on digital values and to communicate with each other (Whyte § 1, background, see Whyte Fig. 2), each digital certificate comprising a corresponding linkage value linkable to linkage values of one or more other digital certificates to define one or more groups of digital certificates (“Linkage Values. For any set of pseudonym certificates provided to a device, the SCMS inserts linkage values that can be used to revoke all of the certificates with validity equal to or later than some time i.” Whyte page 5, Linkage Values), the method comprising performing the following operations to generate the digital certificates: 
generating, by a first entity (LA1), first pre-linkage values; (“the LA1 (resp., the LA2) calculates the pre-linkage value plv1(i,j) …. Pre-linkage values are encrypted (individually) for the PCA but sent to the RA for association with a certificate request.” Whyte pages 5-6, bridging paragraph.)
receiving, by the first entity (RA and LA1), encrypted second pre-linkage values from a second entity (LA2), … wherein each encrypted second pre-linkage value is not decryptable by the first entity; (“Pre-linkage values are encrypted (individually) for the PCA but sent to the RA for association with a certificate request.” Whyte pages 5-6, bridging paragraph.)
for each digital certificate: selecting (“The RA collects several such requests from different devices along with the sets of pre-linkage values received from the LAs. Once enough such requests are available, the RA shuffles them.” Whyte page 6, step 2.), by the first entity (the RA), a first pre-linkage value and an encrypted second pre-linkage value; (Shuffling for later submission to the PCA: “The RA sends requests for pseudonym certificates to the PCA, for one certificate per request, where each request consists of a butterfly key-pair, an encrypted pre-linkage value from each of the LAs” Whyte page 6, step 3)
combining, by the first entity (the RA), the selected first pre-linkage value with the selected encrypted second pre-linkage value (“The RA sends requests for pseudonym certificates to the PCA, for one certificate per request, where each request consists of a butterfly key-pair, an encrypted pre-linkage value from each of the LAs” Whyte page 6, step 3) without decrypting the second pre-linkage value (“Pre-linkage values are encrypted (individually) for the PCA but sent to the RA for association with a certificate request.” Whyte pages 5-6, bridging paragraph.), to obtain an encrypted combined value, the encrypted combined value being decryptable by the second entity but not the first entity; and (the pre-linkage values are both in the request sent from the RA to the PCA where each pre-linkage is individually encrypted by its respective LA for the PCA.)
sending, by the first entity to the second entity, a certificate generation request comprising the encrypted combined value. (“The RA sends requests for pseudonym certificates to the PCA, for one certificate per request, where each request consists of a butterfly key-pair, an encrypted pre-linkage value from each of the LAs” Whyte page 6, step 3)

Whyte does not disclose:
wherein at least one of first pre-linkage values and the second pre-linkage values  are encrypted using homomorphic encryption.

Bianchi discloses:
wherein at least one of first pre-linkage values ((ay)xas, Bianchi § 4.1 step 2.1) and the second pre-linkage values (ay, Bianchi § 4.1 step 1) are encrypted using homomorphic encryption. (“Unless otherwise specified, all the following operations are modulo n. The following handshake relies on the double homomorphic property of the Discrete Logarithm hashing.” Bianchi § 4.1)
Note that the (aR) is the combination of the respective noted pre-linkage values in Bianchi and is used as part of the credential, see Bianchi § 4.3, and Bianchi § 4.1, step 5 showing the credential being provided to the user.

A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified Whyte with Bianchi by utilizing homomorphic encryption to combine the pre-linkage values, provided by the respective parties of Whyte, for inclusion in a certificate.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Whyte with Bianchi in order to provide a credentialing system that does not rely on third parties, thereby avoiding reliance and limitations of outside entities to the security and use of the system, Bianchi § 1; because the use of homomorphic encryption allows computation on encrypted data without knowledge of the encrypted data, Bianchi § 4.1.

As to claim 12 Whyte discloses a method comprising:
managing digital certificates by entities operable to perform computing on digital values and to communicate with each other (Whyte § 1, background, see Whyte Fig. 2), the entities comprising at least a first entity (RA and LA1) and a second entity (LA2), each digital certificate comprising a corresponding linkage value linkable to linkage values of one or more other digital certificates to define one or more groups of digital certificates (“Linkage Values. For any set of pseudonym certificates provided to a device, the SCMS inserts linkage values that can be used to revoke all of the certificates with validity equal to or later than some time i.” Whyte page 5, Linkage Values), the method comprising performing the following operations to generate the digital certificates: 
sending by the second entity, to the first entity, encrypted second pre-linkage values which are not decryptable by the first entity; (“Pre-linkage values are encrypted (individually) for the PCA but sent to the RA for association with a certificate request.” Whyte pages 5-6, bridging paragraph.)
for each digital certificate:
receiving, by the second entity from the first entity, a certificate generation request comprising an encrypted combined value obtained by the first entity combining a selected first pre-linkage value with a selected second pre-linkage value, (Shuffling for later submission to the PCA: “The RA sends requests for pseudonym certificates to the PCA, for one certificate per request, where each request consists of a butterfly key-pair, an encrypted pre-linkage value from each of the LAs” Whyte page 6, step 3) …, the first and second pre-linkage values being selected by the first entity, (“The RA collects several such requests from different devices along with the sets of pre-linkage values received from the LAs. Once enough such requests are available, the RA shuffles them.” Whyte page 6, step 2.) the second entity not knowing which of the first and second pre-linkage values were selected for the encrypted combined value, (Shuffling for later submission to the PCA: “The RA sends requests for pseudonym certificates to the PCA, for one certificate per request, where each request consists of a butterfly key-pair, an encrypted pre-linkage value from each of the LAs” Whyte page 6, step 3) the encrypted combined value not being decryptable by the first entity; (“Pre-linkage values are encrypted (individually) for the PCA but sent to the RA for association with a certificate request.” Whyte pages 5-6, bridging paragraph.)
in response to the certificate generation request: 
decrypting, by the second entity, the corresponding encrypted combined value; and creating, by the second entity, the corresponding digital certificate with a linkage value obtained from the corresponding combined value. (“a butterfly key-pair, an encrypted pre-linkage value from each of the LAs…. Step 4. The PCA completes the butterfly key expansion hiding the certificate's public key from the RA. It then generates a pseudonym certificate with linkage value lv(i,j) = plvl(i,j)EBplv2(i,j),” Whyte page 6, steps 3-4.  Although not termed a decryption, the PCA receives encrypted data and operates on unencrypted data, thus a decryption occurs.)

Whyte does not disclose:
wherein at least one of first pre-linkage value and the second pre-linkage value is encrypted using homomorphic encryption

Bianchi discloses:
wherein at least one of first pre-linkage value ((ay)xas, Bianchi § 4.1 step 2.1) and the second pre-linkage values (ay, Bianchi § 4.1 step 1) are encrypted using homomorphic encryption. (“Unless otherwise specified, all the following operations are modulo n. The following handshake relies on the double homomorphic property of the Discrete Logarithm hashing.” Bianchi § 4.1)
Note that the (aR) is the combination of the respective noted pre-linkage values in Bianchi and is used as part of the credential, see Bianchi § 4.3, and Bianchi § 4.1, step 5 showing the credential being provided to the user.

A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified Whyte with Bianchi by utilizing homomorphic encryption to combine the pre-linkage values, provided by the respective parties of Whyte, for inclusion in a certificate.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Whyte with Bianchi in order to provide a credentialing system that does not rely on third parties, thereby avoiding reliance and limitations of outside entities to the security and use of the system, Bianchi § 1; because the use of homomorphic encryption allows computation on encrypted data without knowledge of the encrypted data, Bianchi § 4.1.

As to claims 15 and 16, Whyte in view of Bianchi discloses the subject matter of claim 15 as seen above in claim 1; however, Whyte in view of Bianchi does not disclose a non-transitory CRM or instructions implementing the LA1/RA. 

A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified Whyte in view of Bianchi by implementing the respective entities within the system as software programming executing on physical hardware.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to implement the entities of Whyte in view of Bianchi in software executing on hardware because software implemented computer methods is the most common, basic, implementation for computer implemented methods, software being more quickly designable, testable than application specific integrated circuits.  In other words, a person of ordinary skill in the art would have implemented the system of Whyte in view of Bianchi in software executing on physical hardware because it would be the easiest way to field the disclosed system. 


As to claims 2 and 17, Whyte in view of Bianchi discloses the method/CRM of claims 1 and 16 and further discloses: performing, by the second entity, operations of: receiving the certificate generation requests; (“The RA sends requests for pseudonym certificates to the PCA, for one certificate per request, where each request consists of a butterfly key-pair, an encrypted pre-linkage value from each of the LAs” Whyte page 6, step 3)
for each certificate generation request: decrypting the corresponding encrypted combined value; and (“a butterfly key-pair, an encrypted pre-linkage value from each of the LAs…. Step 4. The PCA completes the butterfly key expansion hiding the certificate's public key from the RA. It then generates a pseudonym certificate with linkage value lv(i,j) = plvl(i,j)EBplv2(i,j),” Whyte page 6, steps 3-4.  Although not termed a decryption, the PCA receives encrypted data and operates on unencrypted data, thus a decryption occurs.)
creating the corresponding digital certificate with a linkage value obtained from the corresponding encrypted combined value. (“The PCA completes the butterfly key expansion hiding the certificate's public key from the RA. It then generates a pseudonym certificate with linkage value lv(i,j)” Whyte page 6, step 4.)

As to claims 4 and 19, Whyte in view of Bianchi discloses the method/CRM of claims 1 and 16 and further discloses: wherein for each combined value, the second entity (the PCA) does not know which second pre-linkage value was selected by the first entity for the combined value. (“The RA collects several such requests from different devices along with the sets of pre-linkage values received from the LAs. Once enough such requests are available, the RA shuffles them.” Whyte page 6, step 2.)

As to claim 5, Whyte in view of Bianchi discloses the method/CRM of claims 1 and 16 and further discloses:
receiving, by the first entity, an identification of a certificate generation request corresponding to a first digital certificate which is a member of a group to be revoked; (“Below we present a detailed step-by-step description of the process of identifying the linkage seeds and the enrollment certificate corresponding to a pseudonym certificate as illustrated in Figure 3. Some of the communications in the steps below need to be digitally signed.
• Step 1. The MA receives misbehavior reports, including a reported pseudonym certificate with linkage value Iv = plvl EB plv2'” Whyte pp. 6-7) 
in response to the certificate generation request, (note that this claim is concerning revocation, which by definition is after a certificate has been generated) determining, by the first entity: 
a first group-linking value from which the first pre-linkage values corresponding to the digital certificates in the group are computable; and (“Step 3. The MA makes a request (signed) to the PCA to map the linkage value of the identified pseudonym certificate, lv, to the corresponding pre-linkage values (plv1, plv2)” Whyte p. 6. “Both the LAs return the linkage seed to the MA.” Whyte p. 7) 
second group-linking data allowing the second computer entity to determine a second group-linking value from which the second pre-linkage values corresponding to the digital certificates in the group are computable; (“to the corresponding pre-linkage values (plv1, plv2)” Whyte p. 6. “Both the LAs return the linkage seed to the MA.” Whyte p. 7)
determining the second group-linking value by the second entity from the second group-linking data; (“Step 3. The MA makes a request (signed) to the PCA to map the linkage value of the identified pseudonym certificate, lv, to the corresponding pre-linkage values (plv1, plv2)” Whyte p. 6. “Both the LAs return the linkage seed to the MA.” Whyte p. 7. “a Certificate Revocation List  (CRL), which are used to reject certificates from a misbehaving device.” Whyte p. 2, §A.2))
revoking the digital certificates in the group by making available, to potential verifiers of validity of the digital certificates, the first and second group-linking values, and/or the first and second pre-linkage values corresponding to the digital certificates in the group, to allow the potential verifiers to match a linkage value of any digital certificate against the linkage values of the digital certificates in the group. (“Step S. The linkage seeds lSI (i) and IS2(i), and the time period i are added to the CRL. When the next CRL is due, the CRLG signs the CRL and publishes it.” Whyte p. 7)

As to claim 6, Whyte in view of Bianchi discloses the method/CRM of claims 5 and 16 and further discloses:
wherein the certificate generation request received by the first entity is determined by the second entity based on the linkage value of the first digital certificate. (“Step 3. The MA makes a request (signed) to the PCA to map the linkage value of the identified pseudonym certificate, lv, to the corresponding pre-linkage values (plv1, plv2)” Whyte p. 6.)

As to claim 8, Whyte in view of Bianchi discloses the method/CRM of claims6 and 16 and further discloses:
each digital certificate is associate with a validity time period which is a time period when the certificate is valid; (“the certificate validity time period i and index j, and the hash of the request.” Whyte p. 6, step 3) the first entity receives an indication of one or more validity time periods for the group to be revoked, (“where i is the currently valid time period.” Whyte p. 7, steps 4b-c)  the group being limited to certificates valid in the one or more validity time periods; (“where i is the currently valid time period.” Whyte p. 7, steps 4b-c) and the first and second group-linking values correspond to the indication of the one or more time periods. (“The MA makes a request to the LAI (resp., the LA2) to map plvl (resp., plv2) to the linkage seed lSI (i) (resp., IS2 (i», where i is the currently valid time period.” Whyte p. 7, steps 4b-c)

As to claims 10 and 13, Whyte in view of Bianchi discloses the method/method of claims 1 and 12 and further discloses: 
the digital certificates are generated in response to the first entity receiving one or more user requests, each user request being a request to generate a batch of digital certificates for a respective user for a plurality of time periods (“The RA first decrypts the request, and checks if the signature and the device's enrollment certificate are valid and that the latter is not revoked, and then also checks (with the help of RC, if necessary) if this is the only request by the device for that particular time period.” Whyte page 6, step 2), each batch including, for each time period, a plurality of digital certificates valid in the time period; (see Whyte page 3, ¶ 4 discussing certificate validity periods for batches and super-batches, “The RA collects and bundles the encrypted pseudonym certificates and the corresponding private key reconstruction values for a given device and delivers it via LOP to the device. These bundles are called super-batch.” Whyte page 6, step 5)
wherein each digital certificate is not trackable to the respective user without secret information available to the first entity; (“The IBLM sends the hash value of the RA-to-PCA pseudonym certificate request (signed) to the RA so that it can add the corresponding enrollment certificate to the internal blacklist. The RA does not return a value, i.e., does not give the enrollment certificate to anyone.” Whyte pages 6-7, bridging paragraph.  The enrollment certificate is the users secret information.)
wherein the second entity (PCA) does not receive the secret information in generating the certificates; (“The RA does not return a value, i.e., does not give the enrollment certificate to anyone.” Whyte pages 6-7.  Also, the PCA cannot correlate the individual pseudonym certificates: “The RA splits incoming requests of devices into requests for single certificates, and shuffles requests of all devices before sending them to the PCA.” Whyte page 5, Hiding Batch from PCA. Thus, the PCA does not know the users true identity, or the user’s pseudo-identity)
wherein the method further comprises, for each digital certificate generated by the second entity, the first entity (the RA) receiving, from the second entity (the PCA), a message comprising the digital certificate encrypted by the second entity, wherein each encrypted digital certificate is not decryptable by the first entity (“but even though the pseudonym certificates are delivered to the device by the RA, it never gets to see the content of those certificates;” Whyte page 5, ¶ 1), and the first entity sending the message to the respective user, the user being able to decrypt the digital certificate upon receipt of the message. (“The PCA completes the butterfly key expansion hiding the certificate's public key from the RA. It then generates a pseudonym certificate with linkage value lv(i,j) = plvl(i,j)EBplv2(i,j), encrypts the private key reconstruction value and the certificate for the device, signs the encrypted packet, and sends it to the RA 6.” Whyte page 6, step 4)

Whyte in view of Bianchi does not explicitly describe that the user can decrypt the provided certificate that is provided by the PCA in encrypted form, (Whyte page 6, steps 4-5).  

Bianchi further discloses that the user of the credential must be able to decrypt the credential:
the user being able to decrypt the digital certificate upon receipt of the message.
(“after removing the blinding factor (through modular multiplication with B􀀀1) in the message received at step (5) the user obtains the signed authorization credential” Bianchi § 4.1)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have further modified Whyte in view of Bianchi with Bianchi by providing for the device of Whyte to decrypt the certificate that was encrypted in Whyte p. 6 steps 4-5 before delivery to the device.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Whyte with Bianchi in order to allow the user device of Whyte to utilize the pseudonym certificate, the decryption of the encrypted pseudonym certificate being necessary for its intended use in the system.

As to claims 11, 14, and 20, Whyte in view of Bianchi discloses the method/method/CRM of claims 1, 12, and 20 and further discloses: 
wherein combining the selected first pre-linkage value ((ay)xas, Bianchi § 4.1 step 2.1) with the selected encrypted second pre-linkage value (ay, Bianchi § 4.1 step 1) comprises using a homomorphic property. (“Unless otherwise specified, all the following operations are modulo n. The following handshake relies on the double homomorphic property of the Discrete Logarithm hashing.” Bianchi § 4.1)


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Kang et al., US 2021/0111906, discloses pseudonym certificate generation utilizing linkage servers.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165. The examiner can normally be reached M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MICHAEL W CHAO/Examiner, Art Unit 2492