DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, filed on December 12, 2020, is accepted.
Claims 1 – 20 are being considered on the merits.

Drawings
The drawings, filed on December 12, 2020, are accepted.

Specification
The specification, filed on December 12, 2020, is accepted.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 3 and 20 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention.
Claim 3 recites the limitation “the identity certificate” in line 5.  There is insufficient antecedent basis for this limitation in the claim. For the purpose of examination, “the identity certificate” is interpreted as “an identity certificate”.
Claim 20 recites the limitation “the identity of the member” in line 2.  There is insufficient antecedent basis for this limitation in the claim. For the purpose of examination, “the identity of the member” is interpreted as “an identity of the member”.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 4, 10, 12 – 17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20180006829 A1 to Kravitz et al., (hereinafter, “Kravitz”) in view of US 20210152338 A1 to Anson.
Regarding claim 1, Kravitz teaches a method comprising: generating, by a member of a group of a blockchain network, a public key and a private key; [Kravitz, para. 49 discloses  The crypto capability on a processor within the device may create one or more public/private key pairs with at least one public key being transferred to the security ecosystem 108 directly or via the installer's computing device 114; also transferred may be device identifying information such as its model number, serial number, type name, current white list, current firmware version, etc. in 104. Para. 78 discloses A record of the purchase combined with a digital record of the car (and possibly a lease or loan document (409)) is then recorded (by a lender, security ecosystem or other) in an immutable manner (410). One example of such a recording may be on a Blockchain™ or similar media 418, as shown by 410. The buyer 411 and car's relationship may also be authenticated with each other, with a buyer's client application on a buyer device 413, and with both the car (through one of its IoT devices 414) and the car's passive key and entry system (key fob device) 415. The buyer's mobile device, the car and the passive key entry system will then all become members of an authenticated group, for example an “IoT Devices Group” 416.] requesting, by the member, a group certificate, associated with the public and private key, from a certificate authority; [Kravitz, para. 50 discloses the device may create and sign a digital identity token (DIT as further described in the following section) asserting the device's identity, including one or more of: the device's specifications; identity; role or function; its public key; and possibly other information, in 106. This DIT can be presented to the installer computing device or possibly to the security ecosystem (or in other embodiments to an IoT device with internal intelligence or to a computing device controlled by an artificial intelligence computer program), which reviews and confirms the device's assertions and, in turn possibly certifies its confirmation to the device's assertions thereafter digitally signing the device's digitally signed assertions and sending that to the security ecosystem, in 107. Optionally, the security ecosystem may review these assertions and may create an attribute certificate or DIT affirming them, in 108. The security ecosystem may provide public key certificates of other devices and/or groups that the IoT device is to trust (e.g., firmware signing authority; automotive maintenance group as described in more detail later in this application) and to digitally sign them, certifying that they are to be trusted, and then provide the public key certificates to the IoT device, in 109 (possibly transferred via the installer's computing device 114).], but Kravitz does not teach distributing, by the member, the private key to members of the group.  
However, Anson does teach distributing, by the member, the private key to members of the group. [Anson, para. 59 discloses a blockchain can facilitate the process of sending an asymmetric private key created by a first user to a second user via the blockchain. The method described here provides a method in which one user such as a network administrator of the network can create all asymmetric encryption keypairs for members of the network. Then, according to one aspect, the administrator can physically or electronically hand over the private and public keys to employees working within that network]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Anson’s system with Kravitz’s system, with a motivation for a system of storing an asymmetric private key together with sets of associated properties in a blockchain for the purpose of providing a secure method of transferring a private key created by one user to a second user is provided. In this way, the blockchain becomes a means of distribution of asymmetric encryption keys created by one user who wishes to distribute those keys to many other users. [Anson, para. 59]

As per claim 2, modified Kravitz teaches the method of claim 1, further comprising: submitting an operation signed with the private key, wherein the private key is associated with the group certificate, [Kravitz, para. 32 discloses signed firmware code that is signed using a private key that corresponds to a subject public key within typically a code signing certificate issued by a certification authority recognized by a host computer or device.] and wherein nodes of blockchain network verify the group certificate and perform access control. [Kravitz, para. 55 discloses the security ecosystem verifies that the IoT device client of the brake control unit provided an acceptable digital token confirming it uniquely has received the unique ID and/r public key certificate of devices to be trusted. The security ecosystem then creates a message confirming the correct key validation, digitally signs it using the private key associated with the public to be trusted, and returns it to the IoT device client of the Brake Control Unit. The veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete. Thereafter, additional trusted keys may be added and other verified messages from the security ecosystem may verified through this or a similar digital signing capability. Para. 56 discloses provisioned IoT devices may be added through the use of an inviter-invitee Protocol for IoT devices. The determination for specific relationships between designated IoT devices may be made by a number of authorized entities such as: users; the security ecosystem; a master IoT device management entity (e.g., a CIoT device); an IoT device with internal intelligence; an Artificial Intelligence (AI) system with access to the security ecosystem (e.g., the PKI/PMI and/or to the Attribute Authority) and directing the actions of the security ecosystem; etc. One or more of these may utilize the security ecosystem to instruct a designated IoT device to establish a secure communication line with one or more other designated IoT devices, including the establishment of rules and/or business logic (or possibly limited to the modification of existing rules and/or business logic).] 

As per claim 3, modified Kravitz teaches the method of claim 1, further comprising: receiving, by the member of the blockchain network group, a unique certificate from the certificate authority identifying the member, [Kravitz, para. 59 discloses When a new user/device (in this exemplary case the human machine interface unit 212) is invited (201) and goes through the IoT device client installation process, it may be asked whether it has a digital identity token. If so, the IoT device client loads the digital identity token shown by 202. The installer 214 may provide its certification to the DIT and transmit it to the security ecosystem, in 203. The security ecosystem network may then examine the token for authenticity, shown by 204. Each token is unique and may only be installed for a single security ecosystem user.] wherein the request for the group certificate is signed with a unique private key associated with the identity certificate. [Kravitz, para. 56 discloses One or more of these may utilize the security ecosystem to instruct a designated IoT device to establish a secure communication line with one or more other designated IoT devices, including the establishment of rules and/or business logic (or possibly limited to the modification of existing rules and/or business logic). A proper instruction typically will include appropriate identification of both inviter and invitee devices, together with digitally signed authorization for such requests.]

Regarding claim 4, modified Kravitz teaches the method of claim 1, and wherein the certificate authority may revoke the group certificate [Kravitz, para. 65 discloses Further, the record of the group members, their information, communication lines between the members, group membership and/or other pertinent information may be established, recorded and/or revoked in a security ecosystem. Device group membership as well as rules associated with membership in that group may be included on a certificate that is added (directly or indirectly by an AA) to one or more communication lines of devices within that group.] but Kravitz does not teach P202003043US01Page 51 of 56wherein the group comprises clients of the blockchain network; 
However, Anson does teach wherein the group comprises clients of the blockchain network; [Anson, para. 18 discloses A new user 102 of the system 100, which includes software encoded on a non-transient computer readable medium, can use a first computer system 104 to create a set of encryption keys 106 containing keys of different types. Computer system 104 can then initiate a process to send a subset of a first set of keys sent to a datacenter 110 via a network 108. A second user 112 of a second computer system 114 can similarly use system 114 to create a second set of new encryption keys 116 and then send a subset of that second set of keys to a datacenter 110 also via network 108. Alternatively, second user 112 can interact with datacenter 110 via a network different to network 108, where the different network can connect to datacenter 110. The datacenter 110 can then facilitate sharing of the keys of user 102 with user 112. Para. 19 discloses The datacenter 110 can also be connected to other datacenters. The computer network system 100 can contain at least two datacenters and can provide a blockchain being a distributed database for storing and distributing encryption keys, in non-transitory or other data storage media.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Anson’s system with Kravitz’s system, with a motivation for a system of storing an asymmetric private key together with sets of associated properties in a blockchain for the purpose of providing a secure method of transferring a private key created by one user to a second user is provided. In this way, the blockchain becomes a means of distribution of asymmetric encryption keys created by one user who wishes to distribute those keys to many other users. [Anson, para. 59]

Regarding claim 10, Kravitz teaches a method comprising: P202003043US01Page 52 of 56receiving, by a member of a group of a blockchain network, a group certificate generated by a certificate authority, a public key associated with the group certificate, [Kravitz, para. 55 discloses the security ecosystem verifies that the IoT device client of the brake control unit provided an acceptable digital token confirming it uniquely has received the unique ID and/r public key certificate of devices to be trusted.] and signing, by the member, an operation with the private key associated with the group certificate. [Kravitz, para. 55 discloses the security ecosystem then creates a message confirming the correct key validation, digitally signs it using the private key associated with the public to be trusted, and returns it to the IoT device client of the Brake Control Unit. The veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete.], but Kravitz does not teach a private key associated with the group certificate;
However, Anson does teach a private key associated with the group certificate; [Anson, para. 59 discloses a blockchain can facilitate the process of sending an asymmetric private key created by a first user to a second user via the blockchain. The method described here provides a method in which one user such as a network administrator of the network can create all asymmetric encryption keypairs for members of the network. Then, according to one aspect, the administrator can physically or electronically hand over the private and public keys to employees working within that network]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Anson’s system with Kravitz’s system, with a motivation for a system of storing an asymmetric private key together with sets of associated properties in a blockchain for the purpose of providing a secure method of transferring a private key created by one user to a second user is provided. In this way, the blockchain becomes a means of distribution of asymmetric encryption keys created by one user who wishes to distribute those keys to many other users. [Anson, para. 59]

As per claim 12, modified Kravitz teaches the method of claim 10, further comprising: verifying, by a node in the blockchain network, the signed operation using a public key and the certificate associated with the private key. [Kravitz, para. 55 discloses the veracity of the signed confirmation is verified using the public key to be trusted and the confirmation is complete. Thereafter, additional trusted keys may be added and other verified messages from the security ecosystem may verified through this or a similar digital signing capability. Examples of trusted entities whose trusted public keys may be added include: code signing authorities; a maintenance group; specified devices; etc.]

As per claim 13, modified Kravitz the method of claim 12, wherein the verifying comprises: determining, by the certificate authority, that the operation was signed with the group certificate. [Kravitz, para. 50 discloses A certificate is provided by the AA to the device attesting to the device's identity with one or more of the following: device client GUID, device ID, device public key, device public identity (e.g., type name, serial number, etc.), in 105. The device may create and sign a digital identity token (DIT as further described in the following section) asserting the device's identity, including one or more of: the device's specifications; identity; role or function; its public key; and possibly other information, in 106. This DIT can be presented to the installer computing device or possibly to the security ecosystem (or in other embodiments to an IoT device with internal intelligence or to a computing device controlled by an artificial intelligence computer program), which reviews and confirms the device's assertions and, in turn possibly certifies its confirmation to the device's assertions thereafter digitally signing the device's digitally signed assertions and sending that to the security ecosystem, in 107. Optionally, the security ecosystem may review these assertions and may create an attribute certificate or DIT affirming them, in 108.] 

Regarding claim 14, Kravitz teaches a system comprising: a memory; and a processor in communication with the memory, the rest of the limitations recite features similar to feature within claim 1, therefore, it is rejected in the same manner.

	Regarding claim 15 – 16, they recite features similar to feature within claim 2 – 3, therefore, they are rejected in the same manner.

Regarding claim 17, it recites features similar to feature within claim 4, therefore, it is rejected in the same manner.

As per claim 20, modified Kravitz teaches the system of claim 14, wherein the group certificate may only be used to submit operations that do not reveal the identity of the member. [Kravitz, para. 92 discloses Attribute certificates are typically generated (by the security ecosystem Attribute Authority (AA) as a result of successfully executed actions by inviter-intended invitees (including all device/endpoint authentication methods for the purpose of establishing secure communication lines as described in this application) enable securely authenticated persistent and private point-to-point communication lines, as well as upon the creation of groups. Each AA-issued attribute certificate points to one or more digital certificates that contain a subject public key. Such public key certificates may be issued by the security ecosystem's certification authority or by a cross-certified external certification authority.]

Claims 5 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over US 20180006829 A1 to Kravitz et al., (hereinafter, “Kravitz”) in view of US 20210152338 A1 to Anson in further view of US 20220141014 A1 to Britto et al., (hereinafter, “Britto”) and US 20210264052 A1 to Magerkurth et al., (hereinafter, “Magerkurth”).
Regarding claim 5, modified Kravitz teaches the method of claim 1, but modified Kravitz does not teach further comprising: encrypting the private key; and storing the private key on the blockchain network; wherein the members of the group are able to decrypt the private key; and wherein nodes of the blockchain network are not able to decrypt the private key.  
 	However, Britto does teach further comprising: encrypting the private key; and storing the private key on the blockchain network; [Britto, para. 13 discloses To store an external secret as disclosed herein, one or more HSMs may encrypt the external secret using a public/private key pair. The HSMs may then export the secret in encrypted form by, for example, encrypting the secret using a public key of a recipient system such as another HSM or a blockchain. Presuming the recipient system is also secure and the correct public key is securely provided to the encrypting device, the secret is never exposed but can now be stored by the recipient system. Para. 12 discloses Two types of secrets may be considered in the following discussion. User secrets may include secrets that a blockchain system as disclosed herein generates and holds on behalf of a user of the system (an “end user”). For example, the system may generate a number that can be used as a cryptographic secret, such as an encryption and/or decryption key.] wherein the members of the group are able to decrypt the private key; [Britto, para. 51 discloses the secret is re-encrypted with a public key of the vault and returned to the requesting user, who may use a corresponding vault private key to decrypt the secret. In an embodiment where a temporary secret is used, the vault owner(s) may generate a new secret as was done to store the secret initially, and the new secret then may be used to decrypt the stored secret.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Britto’s system with modified Kravitz’s system, with a motivation for the secret to be imported may be provided by a user, such as by generating the secret on a secure device, and encrypted with the import private key the public portion of which was registered at 330. The encrypted secret is included in a designated transaction type (e.g., “store remote secret”) and submitted to the validator network to further submit to the blockchain. The submission may include appropriate approvals from other members of the vault. More generally, as previously disclosed, one or more policies implemented on the authoritative blockchain system may specify the manner in which the external secret is to be provided, the number and nature of approvals needed, and any other relevant parameters for the transaction.. [Britto, para. 46]
	However, Kravitz in view of Britto does not teach wherein nodes of the blockchain network are not able to decrypt the private key, but Magerkurth does teach wherein nodes of the blockchain network are not able to decrypt the private key. [Magerkurth, para. 45 discloses to this end, because a spoofing node does not have access to the private key for the node, the second node will be unable to decrypt the digital signature applied by the spoofing node using the public key for the node. Thus, the second node can readily detect the spoofing attempt and discard the message. Again, in some traditional applications of blockchain technology, such personal information maintained in the distributed ledger may be exposed through such spoofing attacks.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Magerkurth’s system with modified Kravitz’s system, with a motivation to apply blockchain technology to new types of personal data and to improve the data security for the personal data now that blockchain technology has been applied [Britto, para. 46]

Regarding claim 18, it recites features similar to features within claim 5, therefore it is rejection in the same manner.

Claims 6, 8, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over US 20180006829 A1 to Kravitz et al., (hereinafter, “Kravitz”) in view of US 20210152338 A1 to Anson in further view of US 20200099531 A1 to Chidambaram et al., (hereinafter, “Chidambaram”).
Regarding claim 6, modified Kravitz teaches the method of claim 1, but Kravitz does not teach P202003043US01Page 51 of 56 wherein the members of the group comprise two or more clients of the blockchain network.
However, Chidambaram does teach wherein the members of the group comprise two or more clients of the blockchain network. [Chidambaram, para. 33 discloses establish a plurality of different device groups; associate each of the different device groups with one or more of the different modeled events; and for each said device group, identify parameters provided by the sensors of the computing devices identified in the respective device group that are related to the associated modeled events.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Chidambaram’s system with Kravitz’s system, with a motivation to securely transmit IoT related data, in accordance with certain example embodiments. The IoT devices that send data have this encryption component 916, as well as the private key sent from the IoT smart contract component 912. In FIG. 18, the data 1802 is sent in new protocol standard. Thus, the IoT data is hashed using a hash algorithm (e.g., DES, MD5, and/or the like), and the hashed value is transmitted along with data 1802 to the IoT platform 914 after being signed with the private key. [Chidambaram, para. 107]

As per claim 8, modified Kravitz teaches the method of claim 6, wherein the blockchain network has multiple groups, and a first member of the group is also a member of a second group on the blockchain network. [Kravitz, para. 13 discloses each of the secure communication lines may include a digital agreement establishing terms of use of said each secure communication line between respective IoT devices. In some embodiments, a group may be issued an attribute certificate which includes associated rules for group membership in the attribute certificate. In some embodiments, the different groups include sub-groups and each different vehicle may have a different group and each sub-group of a respective group includes components of that vehicle.]

Regarding claim 19, it recites features similar to feature within claim 6, therefore, it is rejected in the same manner.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over US 20180006829 A1 to Kravitz et al., (hereinafter, “Kravitz”) in view of US 20210152338 A1 to Anson in further view of US 20200099531 A1 to Chidambaram et al., (hereinafter, “Chidambaram”) and US 20220141014 A1 to Britto et al., (hereinafter, “Britto”).
Regarding claim 7, modified Kravitz teaches the method of claim 6, but modified Kravitz does not teach wherein some clients of the blockchain network are not members of the group.  
However, Britto does teach wherein some clients of the blockchain network are not members of the group.  [Britto, para. 32 discloses The initial users registered during the bootstrap process may be given “administrator” type permission on the system, i.e., they may have elevated privileges in the system compared to users that are registered later. These users also may be the only parties that can approve future transactions when the bootstrap transaction is completed, although future transactions can grant approval authority and/or other permissions to other users as previously disclosed. In some embodiments, while administrators may have the most permissions of any user in the system, their permissions still may be constrained to a limited range of activities, such as approving new users, elevating permission levels of existing users, or constraining users' administrative-level capabilities by, for example, adding a quorum requirement to some or all administrative activities, while still being prevented from taking more extensive actions such as rewriting the blockchain itself. Future transactions also may add other types of users and/or permissions to the system.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Britto’s system with modified Kravitz’s system, with a motivation for the secret to be imported may be provided by a user, such as by generating the secret on a secure device, and encrypted with the import private key the public portion of which was registered at 330. The encrypted secret is included in a designated transaction type (e.g., “store remote secret”) and submitted to the validator network to further submit to the blockchain. The submission may include appropriate approvals from other members of the vault. More generally, as previously disclosed, one or more policies implemented on the authoritative blockchain system may specify the manner in which the external secret is to be provided, the number and nature of approvals needed, and any other relevant parameters for the transaction. [Britto, para. 46]

Claims 9 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over US 20180006829 A1 to Kravitz et al., (hereinafter, “Kravitz”) in view of US 20210152338 A1 to Anson in further view of US 20150195261 A1 to Gehrmann et al., (hereinafter, “Gehrmann”).
Regarding claim 9, modified Kravitz teaches the method of claim 1, but modified Kravitz does not teach further comprising: issuing, by the member, the group certificate to other members of the group. 
However, Gehrmann does teach further comprising: issuing, by the member, the group certificate to other members of the group. [Gehrmann, para. 29 discloses the group key and the assertion are received from an authorized member of the group during a group creation or a group join phase. To this end, the responsibility for providing these credentials to members of the group may be delegated from the trusted third party to one of the members, e.g., the creator of a session or node which has already joined the session.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Gehrmann’s system with modified Kravitz’s system, with a motivation to provide an improved handling of secure sessions for members of a group of network nodes. [Gehrmann, para. 12]

Regarding claim 11, it recites features similar to feature within claim 9, therefore, it is rejected in the same manner.

Conclusion
Pertinent prior art made of record however not relied upon includes:
US 20180343114 A1 to Ben-Ari
“System and method for executing cryptographically secure transactions in a network comprising a public ledger, comprising associating a first proposed transaction with a public keys smart contract and associating at least a second transaction including private data and public data in said network with a cryptographically secure transaction.”
US 10411905 B2 to Smith et al.
“Techniques for implementing public key infrastructure using blockchains are described. An apparatus may receive, from a introducee principal, a proof-of-work. The apparatus may combine the proof-of-work with an identifier of the introducee principal. The apparatus may generate an introduction of the introducee principal. The introduction may include signing, using an asymmetric private key assigned to the apparatus, the combination of the proof-of-work and the identifier of the introducee principal. The apparatus may publish the introduction of the introducee principal to a blockchain.”

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434