DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Examiner’s note: There is no foreign priority translation to fully use the foreign filing date. The claims do not have detail what the domain contains.


Claim Rejections - 35 USC § 112
The  following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-20 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Regarding independent claims 1, 10, and 14. The claims recite “wherein the second entity is an upper node of the first entity and is a node of a blockchain”. The specification states, in “ [0035]  The electronic devices ED4 to ED6 belonging to the second domain 200 may  mutually check certificates and public keys included in the certificates through the certification chain formed by the CAs CA1 to CA3 and the intermediate CA ICAl. However, in the case where an upper CA allowing the second domain 200 and the third domain 300 to perform mutual certification does not exist…”. The specification in paragraph [0105] recites, “may transmit a certification request and the received certificate to an upper CA. The electronic device 3000 may transmit a certificate of the electronic device 3000 and certificates of upper CAs through the interface 3100 such that any other electronic device certifies the electronic device 3000”. The term “upper node” is not a well-known term. There is no description as to what “an upper node” refers to since either does not exist or of how the “upper” node differs from another node or what makes the entity an upper node. As in MPEP 2161.01 (I), "The description requirement of the patent statute requires a description of an invention, not an indication of a result that one might achieve if one made that invention."). It is not enough that one skilled in the art could write a program to achieve the claimed function because the specification must explain how the inventor intends to achieve the claimed function to satisfy the written description requirement. See, e.g., Vasudevan Software, Inc. v. MicroStrategy, Inc., 782 F.3d 671, 681-683, 114 USPQ2d 1349, 1356, 1357 (Fed. Cir. 2015).
Regarding claim 18, Similarly to above, recite “the second CA being a lower node of the CA”. The specification in paragraph [0061] recites, “the first and second electronic devices ED1 and ED2 of the first domain 2100 may verify a certificate of the intermediate CA ICA1 which is a node of the blockchain network 2110, and may then certificates of the entities of the lower layer”. The term “lower node” is not a well-known term. There is no support nor structure in the specification of what a “lower node” is or what it comprises of. Please see LizardTech, Inc. v. Earth Res. Mapping, Inc., 424 F.3d 1336, 1343-46, 76 USPQ2d 1724, 1730-33 (Fed. Cir. 2005); Regents of the Univ. of Cal. v. Eli Lilly & Co., 119 F.3d 1559, 1568, 43 USPQ2d 1398, 1405-06 (Fed. Cir. 1997)("The description requirement of the patent statute requires a description of an invention, not an indication of a result that one might achieve if one made that invention.").

Claims 2-9, 11-13, and 15-20 fall together accordingly as they do not cure the deficiencies of the independent claims.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Duccini et al. (US 10547457, hereinafter Duccini) in view of Wang et al. (“BlockCAM: A Blockchain-based Cross-domain Authentication Model”).
Re. claim 1, Duccini discloses an electronic device of a first domain which is a blockchain-based public key infrastructure (PKI) domain (Duccini discloses a PKI management system allows users and relying parties to conduct secure transactions using a blockchain [Col 2 lines 38-45]), the electronic device comprising: 
an interface configured to receive, from a first entity belonging to a second domain which is a certification authority (CA)-based PKI domain, a first certificate of the first entity and a second certificate of a second entity (Duccini discloses the system contains an interface [Col 1 line 62 – Col 2 line 11]. the user 102 may be a party requesting and receiving a digital certificate from a CA 112 to accomplish secure communication with the relying party 104 [Col 3 lines 24-34]. if a first certificate is issued from a first CA and a second certificate is issued from a second CA under the same common name, the first and second certificates can be linked to each other regardless of whether both certificates have the same public key.  [Col 6 lines 1-15]. the digital certificate blockchain 121 includes a listing of digital certificates of various users 102 issued by the CA 112 [Col 6 lines 16-47], the CA issues a plurality of certificates from various users (acting like first and second entities)), 
wherein the second entity is an upper node of the first entity and is a node of a blockchain (Duccini discloses the digital certificate blockchain 121 includes a listing of digital certificates of various users 102 issued by the CA 112 [Col 6 lines 16-47], the CA issues a plurality of certificates from various users (acting like first and second entities); 
a memory configured to store the first certificate and the second certificate (Duccini discloses the PKI blockchain system 160 is structured to store a plurality of digital certificates [Col 6 lines 16-47]. An exemplary system for implementing the overall system or portions of the embodiments might include a general purpose computing computers in the form of computers, including a processing unit, a system memory, and a system bus that couples various system components including the system memory to the processing unit. Each respective memory device may be operable to maintain or otherwise store information relating to the operations performed by one or more associated circuits, including processor instructions and related data [Col 16 lines 1-27]); a processor (Duccini discloses one or more processors configured to execute instructions stored in a memory, send and receive data stored in the memory, and perform other operations to implement the digital certificate services [Col 7 lines 26-35]).
Duccini discloses a processor dealing with certificates, Duccini does not explicitly teach but Wang teaches look up a transaction corresponding to the second entity at a distributed ledger of the first domain based on an identifier of the second entity, verify the second certificate based on the transaction, and verify the first certificate based on the second certificate (Wang teaches lookup the latest status of the record in the blockchain. Verify the certificate (this verifying the certificate is after the transaction which acts as the verify the second certificate based on the transaction) [C. Cross-Domain Authentication Protocol, Page 899]. BlockCAM stores the hash of the certificate in the blockchain and compares the user’s certificate hash with the hash record in the blockchain [D. Protocol Analysis, Page 899], comparing (verifying) the hash of the certificate with another hash of the certificate).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by Duccini to include look up a transaction corresponding to the second entity at a distributed ledger of the first domain based on an identifier of the second entity, verify the second certificate based on the transaction, and verify the first certificate based on the second certificate as disclosed by Wang. One of ordinary skill in the art would have been motivated for the purpose of ensuring safety and efficiency for access in different domain (Wang [abstract]).

Re. claim 5, the combination of Duccini-Wang teach the electronic device of claim 1, Duccini discloses processor, Duccini does not explicitly teach but Wang teaches wherein the processor is configured to verify the second certificate by obtaining a first hash value, which is a hash value of the second certificate, from the transaction, obtaining a second hash value by hashing the second certificate, and comparing the first hash value and the second hash value  (Wang teaches BlockCAM stores the hash of the certificate in the blockchain and compares the user’s certificate hash with the hash record in the blockchain. The authentication server determines the user accessing the domain according to whether the two hash values are the same. Compares the hash with the hash of the cert [C. Cross-Domain Authentication Protocol, Page 899]. Hash(k,m1)=Hash(k,m2)[D. Protocol Analysis, Page 899]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by Duccini to include look up a transaction corresponding to the second entity at a distributed ledger of the first domain based on an identifier of the second entity, verify the second certificate based on the transaction, and verify the first certificate based on the second certificate as disclosed by Wang. One of ordinary skill in the art would have been motivated for the purpose of ensuring safety and efficiency for access in different domain. (Wang [abstract]).


Claim(s) 2 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Duccini et al. (US 10547457, hereinafter Duccini) in view of Wang et al. (“BlockCAM: A Blockchain-based Cross-domain Authentication Model”), and in further view of Anderson (US 20200211011).

Re. claim 2, the combination of Duccini-Wang teach the electronic device of claim 1, furthermore Wang teaches wherein the processor is configured to obtaining a second hash value by hashing a message of the transaction (Wang teaches Given a hash value h, it should be hard to find any message m such that h=HASH(k,m) [D. Protocol Analysis, Page 899]), and comparing the first hash value and the second hash value (Wang teaches compares the hash with the hash of the cert [C. Cross-Domain Authentication Protocol, Page 899]. Hash(k,m1)=Hash(k,m2)[D. Protocol Analysis, Page 899]).
The combination of Duccini-Wang do not explicitly teach but Anderson teaches verify the transaction by obtaining a public key of the second entity from the transaction (Anderson teaches to verify the Alice-Bob transaction, VA uses Alice's public key to decrypt Alice's signature, which produces H1. Then VA hashes the Alice-Bob transaction, which produces H2. If H1 equals H2, then the transaction is appropriately signed [0201]), obtaining a first hash value by decrypting a signature of the transaction with the public key (Anderson teaches to verify the Alice-Bob transaction, VA uses Alice's public key to decrypt Alice's signature, which produces H1. Then VA hashes the Alice-Bob transaction, which produces H2. If H1 equals H2, then the transaction is appropriately signed [0201]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by the combination of Duccini-Wang to include verify the transaction by obtaining a public key of the second entity from the transaction, obtaining a first hash value by decrypting a signature of the transaction with the public key as disclosed by Anderson. One of ordinary skill in the art would have been motivated for the purpose of verifying the transaction (Anderson [0201]).
Re. claim 6, the combination of Duccini-Wang teach the electronic device of claim 1, wherein the interface is further configured to receive, from the first entity, a third certificate of a third entity which is a CA issuing the first certificate (Duccini discloses the system contains an interface [Col 1 line 62 – Col 2 line 11].The user 102 may be a party requesting and receiving a digital certificate from a CA 112 to accomplish secure communication with the relying party 104 [Col 3 lines 24-34]. The digital certificate blockchain 121 includes a listing of digital certificates of various users 102 issued by the CA 112 [Col 6 lines 16-47], the CA issues a plurality of certificates from various users), wherein the memory is further configured to store the third certificate (Duccini discloses the PKI blockchain system 160 is structured to store a plurality of digital certificates [Col 6 lines 16-47]. The system contains memory [Col 16 lines 1-27]), and wherein the processor is further configured (Duccini discloses one or more processors configured to execute instructions stored in a memory, send and receive data stored in the memory, and perform other operations to implement the digital certificate services [Col 7 lines 26-35]).
Although Duccini discloses the uses of multiple certificate and verifying them, the combination of Duccini-Wang do not explicitly teach but Anderson teaches verify the third certificate based on a public key of the second entity obtained from the second certificate and verify the first certificate based on a public key of the third entity obtained from the third certificate (Anderson teaches to verify the Alice-Bob transaction, VA uses Alice's public key to decrypt Alice's signature, which produces H1. Then VA hashes the Alice-Bob transaction, which produces H2. If H1 equals H2, then the transaction is appropriately signed [0201]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by the combination of Duccini-Wang to include verify the transaction by obtaining a public key of the second entity from the transaction, obtaining a first hash value by decrypting a signature of the transaction with the public key as disclosed by Anderson. One of ordinary skill in the art would have been motivated for the purpose of verifying the transaction (Anderson [0201]).


Claim(s) 3 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Duccini et al. (US 10547457, hereinafter Duccini) in view of Wang et al. (“BlockCAM: A Blockchain-based Cross-domain Authentication Model”), and in further view of Sobel (US 8656490).

Re. claim 3, the combination of Duccini-Wang teach the combination of Duccini-Wang teach the electronic device of claim 1, Wang further teaches wherein the processor is configured to comparing the first hash value and the second hash value (Wang teaches compares the hash with the hash of the cert [C. Cross-Domain Authentication Protocol, Page 899]. Hash(k,m1)=Hash(k,m2)[D. Protocol Analysis, Page 899]).
The combination of Duccini-Wang do not explicitly teach but Sobel teaches verify the second certificate by obtaining a first hash value by decrypting a signature of the second certificate with a public key of the second entity, obtaining a second hash value by hashing identity information of the second certificate (Sobel teaches decrypts the digital signature of the certificate authority using the public key of the certificate authority, to get a first message digest. Then certificate verification module 420 compares the first message digest with a second message digest that it calculates by applying to the certificate proper the same hash function (e.g., MD-5) that the certificate authority used to calculate its version of the message digest [Col 8 lines 49-64]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by the combination of Duccini-Wang to include v verify the second certificate by obtaining a first hash value by decrypting a signature of the second certificate with a public key of the second entity, obtaining a second hash value by hashing identity information of the second certificate as disclosed by Sobel. One of ordinary skill in the art would have been motivated for the purpose of concludes that digital certificate has not been tampered with (Sobel [Col 8 lines 49-64]).

Re. claim 7, the combination of Duccini-Wang teach the electronic device of claim 6, wherein the processor is further configured to: Wang further teaches comparing the first hash value and the second hash value  (Wang teaches BlockCAM stores the hash of the certificate in the blockchain and compares the user’s certificate hash with the hash record in the blockchain. The authentication server determines the user accessing the domain according to whether the two hash values are the same. Compares the hash with the hash of the cert [C. Cross-Domain Authentication Protocol, Page 899]. Hash(k,m1)=Hash(k,m2)[D. Protocol Analysis, Page 899]. The hash values of the authorized certificates are stored in each block and the verification process only needs to compare whether the hash calculated by the certificate provided by the user is consistent with the hash stored in the blockchain [Abstract]); and comparing the third hash value and the fourth hash value (Wang teaches BlockCAM stores the hash of the certificate in the blockchain and compares the user’s certificate hash with the hash record in the blockchain. The authentication server determines the user accessing the domain according to whether the two hash values are the same. Compares the hash with the hash of the cert [C. Cross-Domain Authentication Protocol, Page 899]. Hash(k,m1)=Hash(k,m2)[D. Protocol Analysis, Page 899]. The hash values of the authorized certificates are stored in each block and the verification process only needs to compare whether the hash calculated by the certificate provided by the user is consistent with the hash stored in the blockchain [Abstract]).
The combination of Duccini-Wang do not explicitly teach but Sobel teaches verify the third certificate by obtaining a first hash value by decrypting a signature of the third certificate with the public key of the second entity, obtaining a second hash value by hashing identity information of the third certificate (Sobel teaches determines legitimacy by comparing the digital certificate with legitimate digital certificates stored in digital certificate [Col 5 lines 51-65]. decrypts the digital signature of the certificate authority using the public key of the certificate authority, to get a first message digest. Then certificate verification module 420 compares the first message digest with a second message digest that it calculates by applying to the certificate proper the same hash function (e.g., MD-5) that the certificate authority used to calculate its version of the message digest [Col 8 lines 49-64]), and verify the first certificate by obtaining a third hash value by decrypting a signature of the first certificate with the public key of the third entity, obtaining a fourth hash value by hashing identity information of the first certificate(Sobel teaches determines legitimacy by comparing the digital certificate with legitimate digital certificates stored in digital certificate [Col 5 lines 51-65]. decrypts the digital signature of the certificate authority using the public key of the certificate authority, to get a first message digest. Then certificate verification module 420 compares the first message digest with a second message digest that it calculates by applying to the certificate proper the same hash function (e.g., MD-5) that the certificate authority used to calculate its version of the message digest [Col 8 lines 49-64]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by the combination of Duccini-Wang to include verify multiple certificates by obtaining a first hash value by decrypting a signature of the second certificate with a public key of the second entity, obtaining a second hash value by hashing identity information of the second certificate as disclosed by Sobel. One of ordinary skill in the art would have been motivated for the purpose of concludes that digital certificate has not been tampered with (Sobel [Col 8 lines 49-64]).


Claim(s) 4 is rejected under 35 U.S.C. 103 as being unpatentable over Duccini et al. (US 10547457, hereinafter Duccini) in view of Wang et al. (“BlockCAM: A Blockchain-based Cross-domain Authentication Model”), and in further view of Pan (US 20210158347).

Re. claim 4, the combination of Duccini-Wang teach the electronic device of claim 1, although Duccini discloses processor, identity and public key of the certificate (Duccini [Col 4 lines 19-55]), the combination of Duccini-Wang do not explicitly teach but Pan teaches compare an identifier and a public key included in the transaction with an identifier and a public key included in the second certificate to verify the second certificate (Pan teaches the verification on the target transaction usually includes the verification on the content of the target transaction, for example, verifying the certificate of the new node by using a public key of a node identity certification authority, and verifying whether the node identity certification authority is a node identity certification authority approved by the blockchain [0044], verifying the certificate and transaction by the use of the public key along with identity of the node)
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by the combination of Duccini-Wang to include compare an identifier and a public key included in the transaction with an identifier and a public key included in the second certificate to verify the second certificate as disclosed by Pan. One of ordinary skill in the art would have been motivated for the purpose of pass validation to update the table (Pan [0044]).

Claim(s) 8 is rejected under 35 U.S.C. 103 as being unpatentable over Duccini et al. (US 10547457, hereinafter Duccini) in view of Wang et al. (“BlockCAM: A Blockchain-based Cross-domain Authentication Model”), and in further view of Winklevoss et al. (US 10158480, hereinafter Winklevoss).
Re. claim 8, the combination of Duccini-Wang teach the electronic device of claim 1, Duccini further discloses wherein a public key of the electronic device is registered at the distributed ledger (Duccini discloses In addition, the blockchain publishing circuit 130 can link multiple certificates from the same issuing CA and user with differing public keys [Col 10 lines 28-48]).
The combination of Duccini-Wang do not explicitly teach but Winklevoss teaches generate a certificate of the electronic device, wherein the certificate is signed with a private key of the electronic device (Winklevoss teaches certificate may be signed with a private key of the digital asset transaction computer system. The certificate may have an expiration date and/or may comprise a timestamp associated with the certificate creation time [Col 15 lines 36-58]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by the combination of Duccini-Wang to include generate a certificate of the electronic device, wherein the certificate is signed with a private key of the electronic device as disclosed by Winklevoss. One of ordinary skill in the art would have been motivated for the purpose of provide confirmation of an entity’s identity (Winklevoss [Col 15 lines 36-58]).

Claim(s) 9 is rejected under 35 U.S.C. 103 as being unpatentable over Duccini et al. (US 10547457, hereinafter Duccini) in view of Wang et al. (“BlockCAM: A Blockchain-based Cross-domain Authentication Model”), and in further view of Chen et al. (“Trust Enhancement Scheme for Cross Domain Authentication of PKI system”).
Re. claim 9, the combination of Duccini-Wang teach the electronic device of claim 1, the combination of Duccini-Wang discloses interface, the combination of Duccini-Wang do not explicitly teach but Chen teaches receive a registration transaction and a third certificate from a third entity belonging to a third domain different from the first domain and the second domain (Chen teaches different trust domains such as A domain, B domain and C domain. Figure 3 [A. System model, Page 105]. User submits a cross-domain application to the authentication server and presents X.509 certificate [B. Protocol design, Page 107]), and wherein the processor is configured to verify the registration transaction and the third certificate (Chen teaches User submits a cross-domain application to the authentication server and presents X.509 certificate. Verify the user’s request and marking the X.509 with cross-domain id and verifies the certificate [B. Protocol design, Page 107]); and add the registration transaction to the distributed ledger (Chen teaches Cross-authentication enables cross-domain authentication of users in different domains by issuing cross-certificates between CAs [1. Introduction, Page 103]. All the CAs of PKI systems that join the federation are equipped with blockchain nodes [B. Cross-Domain Authentication Structure, page 106]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by the combination of Duccini-Wang to include receive a registration transaction and a third certificate from a third entity belonging to a third domain different from the first domain and the second domain, and wherein the processor is configured to verify the registration transaction and the third certificate; add the registration transaction to the distributed ledger as disclosed by Chen. One of ordinary skill in the art would have been motivated for the purpose of trusting transfer requirements of multiple PKI systems and maintaining security (Chen [Abstract]).

Claim(s) 10 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Duccini et al. (US 10547457, hereinafter Duccini) in view of Chen et al. (“Trust Enhancement Scheme for Cross Domain Authentication of PKI system”) and in further view of Qiu (US 20190036712).
Re. claim 10, Duccini discloses an electronic device of a first domain which is a certification authority (CA)- based public key infrastructure (PKI) domain (Duccini discloses Management of the PKI blockchain system 160 occurs throughout the interaction between the user 102, relying party 104, and CA 112 [Col 4 lines 56-65]), the electronic device comprising: 
an interface configured to receive a first certificate from a first entity belonging to a second domain which is a blockchain-based PKI domain (Duccini discloses The user 102 generates a public/private key pair and sends the public key with the digital certificate request to be validated by the CA 112 [Col 3 lines 24-34]), 
a memory configured to store a second certificate of the second entity (Duccini discloses the PKI blockchain system 160 is structured to store a plurality of digital certificates [Col 6 lines 16-47]. An exemplary system for implementing the overall system or portions of the embodiments might include a general purpose computing computers in the form of computers, including a processing unit, a system memory, and a system bus that couples various system components including the system memory to the processing unit. Each respective memory device may be operable to maintain or otherwise store information relating to the operations performed by one or more associated circuits, including processor instructions and related data [Col 16 lines 1-27]); a processor (Duccini discloses one or more processors configured to execute instructions stored in a memory, send and receive data stored in the memory, and perform other operations to implement the digital certificate services [Col 7 lines 26-35]).
Although Duccini teaches different domains, Duccini does not explicitly teach but Chen teaches transmit a verification request and the first certificate to a second entity, which is an upper node of the electronic device (Chen teaches submits a cross-domain application to the authentication server and presents X.509 certificate. Verify the user’s request and marking the X.509 with cross-domain id and verifies the certificate [B. Protocol design, Page 107]), 
registered at a blockchain network of the second domain (Chen teaches Cross-authentication enables cross-domain authentication of users in different domains by issuing cross-certificates between CAs [1. Introduction, Page 103]. All the CAs of PKI systems that join the federation are equipped with blockchain nodes [B. Cross-Domain Authentication Structure, page 106]), 
and receive a response message, from the second entity, based on the verification request  (Chen teaches the blockchain smart contract will return to AS2 whether the certificate chain is valid or not, as well as the status information and revocation information of each certificate [B. Protocol design, Page 108]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by Duccini to include transmit a verification request and the first certificate to a second entity, which is an upper node of the electronic device, registered at a blockchain network of the second domain, and receive a response message, from the second entity, based on the verification request  as disclosed by Chen. One of ordinary skill in the art would have been motivated for the purpose of trusting transfer requirements of multiple PKI systems and maintaining security (Chen [Abstract]).
The combination of Duccini-Chen do not explicitly teach but Qiu teaches verify the response message based on the second certificate (Qiu teaches a node sends a digital certificate of the transaction initiation node to the CA, and the CA verifies the permission of the digital certificate based on a stored revocation list, and returns a verification result to the node [0094] [0018] [0058]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by the combination of Duccini-Chen to include verify the response message based on the second certificate as disclosed by Qiu. One of ordinary skill in the art would have been motivated for the purpose of improving stability and security (Qiu [0111]).

Re. claim 12, the combination of Duccini-Chen-Qiu teach the electronic device of claim 10, wherein the memory is further configured to store a third certificate of a third entity being a CA issuing a certificate of the electronic device (Duccini discloses the PKI blockchain system 160 is structured to store a plurality of digital certificates [Col 6 lines 16-47]. The system contains memory [Col 16 lines 1-27]), and wherein, for cryptographic communication with the first entity, the interface is configured to transmit the certificate of the electronic device, the second certificate, and the third certificate to the first entity (Duccini discloses the system contains an interface [Col 1 line 62 – Col 2 line 11].The user 102 may be a party requesting and receiving a digital certificate from a CA 112 to accomplish secure communication with the relying party 104 [Col 3 lines 24-34]. The digital certificate blockchain 121 includes a listing of digital certificates of various users 102 issued by the CA 112 [Col 6 lines 16-47], the CA issues a plurality of certificates from various users).

Claim(s) 13 is rejected under 35 U.S.C. 103 as being unpatentable over Duccini et al. (US 10547457, hereinafter Duccini), in view of Chen et al. (“Trust Enhancement Scheme for Cross Domain Authentication of PKI system”), in view of Qiu (US 20190036712), and in further view of Winklevoss et al. (US 10158480, hereinafter Winklevoss).
Re. claim 13, the combination of Duccini-Chen-Qiu teach the electronic device of claim 12, Duccini further discloses a public key of the second entity is registered at a distributed ledger of the second domain (Duccini discloses In addition, the blockchain publishing circuit 130 can link multiple certificates from the same issuing CA and user with differing public keys [Col 10 lines 28-48]), 
The combination of Duccini-Chen-Qiu do not explicitly teach but Winklevoss teaches wherein the second certificate is signed with a private key of the second entity (Winklevoss teaches certificate may be signed with a private key of the digital asset transaction computer system. The certificate may have an expiration date and/or may comprise a timestamp associated with the certificate creation time [Col 15 lines 36-58]), wherein the third certificate is signed with the private key of the second entity  , and wherein the certificate of the electronic device is signed with a private key of the third entity  (Winklevoss teaches certificate may be signed with a private key of the digital asset transaction computer system. The certificate may have an expiration date and/or may comprise a timestamp associated with the certificate creation time [Col 15 lines 36-58]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by the combination of Duccini-Chen-Qiu to include generate a certificate of the electronic device, wherein the certificate is signed with a private key of the electronic device as disclosed by Winklevoss. One of ordinary skill in the art would have been motivated for the purpose of provide confirmation of an entity’s identity (Winklevoss [Col 15 lines 36-58]).

Claim(s) 14, 17, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Duccini et al. (US 10547457, hereinafter Duccini) in view of Chen et al. (“Trust Enhancement Scheme for Cross Domain Authentication of PKI system”).
Re. claim 14, Duccini teaches a cryptographic communication system comprising: a first electronic device belonging to a first domain, which is a blockchain-based public key infrastructure (PKI) domain, registered at a distributed ledger of the first domain (Duccini discloses a PKI management system allows users and relying parties to conduct secure transactions using a blockchain [Col 2 lines 38-45]. ny revoked certificates can be published to the blockchain system 160 and can be made publicly available such that a relying party 104 and user 102 can view such information [Col 4 lines 56-65]); a second electronic device belonging to a second domain which is a certification authority (CA)-based PKI domain (Duccini discloses Management of the PKI blockchain system 160 occurs throughout the interaction between the user 102, relying party 104, and CA 112 [Col 4 lines 56-65]); and a third certificate of the second electronic device (Duccini discloses the PKI blockchain system 160 is structured to store a plurality of digital certificates [Col 6 lines 16-47]. The system contains memory [Col 16 lines 1-27]).

Duccini discloses CA with blockchain, Duccini do not explicitly teach but Chen teaches a CA, which is an upper node of the second electronic device, registered at the distributed ledger (Chen teaches Cross-authentication enables cross-domain authentication of users in different domains by issuing cross-certificates between CAs [1. Introduction, Page 103]. All the CAs of PKI systems that join the federation are equipped with blockchain nodes [B. Cross-Domain Authentication Structure, page 106]), wherein, depending on a request of the second electronic device, the CA is configured to certify the first electronic device based on a first certificate of the first electronic device and a first transaction corresponding to the first electronic device registered at the distributed ledger (Chen teaches user can access services of other PKI systems participating in the federation from the system to which they belong. Submits a cross-domain application to the authentication server and presents X.509 certificate. Verify the user’s request and marking the X.509 with cross-domain id and verifies the certificate. Confirms information and passes verification [B. Protocol design, Page 107]), 
and wherein the first electronic device is configured to certify the second electronic device based on a second certificate of the CA (Chen teaches cross-domain authentication for users in CA2 domain to access the CA1 domain. when a user(authenticated party) needs cross-domain access, it is necessary to present a certificate to the relying party to verify its identity. [A. PKI cross-domain authentication theory, page 104], accessing the other domain with certificate), a second transaction corresponding to the CA registered at the distributed ledger (Chen teaches Cross-authentication enables cross-domain authentication of users in different domains by issuing cross-certificates between CAs [1. Introduction, Page 103]. All the CAs of PKI systems that join the federation are equipped with blockchain nodes [B. Cross-Domain Authentication Structure, page 106]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by Duccini to include a CA, which is an upper node of the second electronic device, registered at the distributed ledger, wherein, depending on a request of the second electronic device, the CA is configured to certify the first electronic device based on a first certificate of the first electronic device and a first transaction corresponding to the first electronic device registered at the distributed ledger, and wherein the first electronic device is configured to certify the second electronic device based on a second certificate of the CA, a second transaction corresponding to the CA registered at the distributed ledger as disclosed by Chen. One of ordinary skill in the art would have been motivated for the purpose of trusting transfer requirements of multiple PKI systems and maintaining security (Chen [Abstract]).

Re. claim 17, the combination of Duccini-Chen teach the cryptographic communication system of claim 14, Chen further teaches wherein the CA is configured to transmit, to the second electronic device, a response message including a verification result of certifying the first electronic device  (Chen teaches submits a cross-domain application to the authentication server and presents X.509 certificate. Verify the user’s request and marking the X.509 with cross-domain id and verifies the certificate [B. Protocol design, Page 107]), and wherein the second electronic device is configured to verify a signature of the response message based on the second certificate (Chen teaches systems participating in the federation from the system to which they belong. When initiating an access, the user needs to present her certificate to the corresponding server. The authentication server initiates a request to the blockchain according to the link of the presented certificate to verify whether each certificate in the chain is revoked, if not revoked, it will then verify signatures and others [B. Protocol Design, Page 107]. the blockchain smart contract will return to AS2 whether the certificate chain is valid or not, as well as the status information and revocation information of each certificate[B. Protocol Design, Page 108]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by Duccini to include transmit, to the second electronic device, a response message including a verification result of certifying the first electronic device, and wherein the second electronic device is configured to verify a signature of the response message based on the second certificate as disclosed by Chen. One of ordinary skill in the art would have been motivated for the purpose of trusting transfer requirements of multiple PKI systems and maintaining security (Chen [Abstract]).

Re. claim 18, the combination of Duccini-Chen teach the cryptographic communication system of claim 14, further comprising: a second CA belonging to the second domain, the second CA being a lower node of the CA (Duccini discloses the CA 112 can include one or more Cas [Col 3 lines 51-67]), and issuing the third certificate (Duccini discloses the digital certificate blockchain 121 includes a listing of digital certificates of various users 102 issued by the CA 112 [Col 6 lines 16-47], wherein the first electronic device is configured to certify the second electronic device further based on a fourth certificate of the second CA issued from the CA (Duccini discloses publish a cross-reference between multiple CAs such that certificates with the same common name are linked to each other. In addition, the blockchain publishing circuit 130 can link multiple certificates from the same issuing CA and user with differing public keys [Col 10 lines 28-48]. generate a cross-reference link between an existing digital certificate chain that a digital certificate is being published to and a different certificate chain generated for a different CA that may be related to the digital certificate either by user or common name, as described above [Col 10 lines 49-67]).

Re. claim 20, the combination of Duccini-Chen teach the cryptographic communication system of claim 14, Chen further discloses wherein, based on the CA certifying the first electronic device, the first electronic device is configured to transmit first application data to the second electronic device, and wherein, based on the first electronic device certifying the second electronic device, the second electronic device is configured to transmit second application data to the first electronic device (Chen teaches submits a cross-domain application to the authentication server and presents X.509 certificate. Verify the user’s request and marking the X.509 with cross-domain id and verifies the certificate [B. Protocol design, Page 107]. the blockchain smart contract will return to AS2 whether the certificate chain is valid or not, as well as the status information and revocation information of each certificate [B. Protocol design, Page 108]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by Duccini to include transmit first application data to the second electronic device, and wherein, based on the first electronic device certifying the second electronic device, the second electronic device is configured to transmit second application data to the first electronic device as disclosed by Chen. One of ordinary skill in the art would have been motivated for the purpose of trusting transfer requirements of multiple PKI systems and maintaining security (Chen [Abstract]).



Claim(s)  15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Duccini et al. (US 10547457, hereinafter Duccini) in view of Chen et al. (“Trust Enhancement Scheme for Cross Domain Authentication of PKI system”), and in further view of Wang et al. (“BlockCAM: A Blockchain-based Cross-domain Authentication Model”).
Re. claim 15, the combination of Duccini-Chen teach the cryptographic communication system of claim 14, the combination of Duccini-Chen discloses certificates, the combination of Duccini-Chen do not explicitly teach but Wang teaches wherein the CA is configured to look up the first transaction at the distributed ledger based on an identifier of the first electronic device, verify the first certificate based on the first transaction, and transmit a response message to the second electronic device based on the verification of the first certificate (Wang teaches lookup the latest status of the record in the blockchain. Verify the certificate (this verifying the certificate is after the transaction which acts as the verify the second certificate based on the transaction) [C. Cross-Domain Authentication Protocol, Page 899]. BlockCAM stores the hash of the certificate in the blockchain and compares the user’s certificate hash with the hash record in the blockchain [D. Protocol Analysis, Page 899], comparing (verifying) the hash of the certificate with another hash of the certificate).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by the combination of Duccini-Chen to include o look up the first transaction at the distributed ledger based on an identifier of the first electronic device, verify the first certificate based on the first transaction, and transmit a response message to the second electronic device based on the verification of the first certificate as disclosed by Wang. One of ordinary skill in the art would have been motivated for the purpose of ensuring safety and efficiency for access in different domain (Wang [abstract]).

Claim(s) 16 is rejected under 35 U.S.C. 103 as being unpatentable over Duccini et al. (US 10547457, hereinafter Duccini) in view of Chen et al. (“Trust Enhancement Scheme for Cross Domain Authentication of PKI system”), and in further view of Pan (US 20210158347).
Re. claim 16, the combination of Duccini-Chen teach the cryptographic communication system of claim 14, Chen further teaches wherein the CA is configured to certify the first electronic device by verifying a signature of the first transaction based on a public key of the first electronic device (Chen teaches CA1 is required to securely transmit the public key used to verify the signature to CA2 [A. PKI cross-doamin authentication theory, Page 104]), certify a signature of the first certificate based on the public key of the first electronic device (Chen teaches CA1 is required to securely transmit the public key used to verify the signature to CA2 [A. PKI cross-doamin authentication theory, Page 104]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by Duccini to include certify the first electronic device by verifying a signature of the first transaction based on a public key of the first electronic device, certify a signature of the first certificate based on the public key of the first electronic device as disclosed by Chen. One of ordinary skill in the art would have been motivated for the purpose of trusting transfer requirements of multiple PKI systems and maintaining security (Chen [Abstract]).
Although Duccini discloses processor, identity and public key of the certificate (Duccini [Col 4 lines 19-55]), the combination of Duccini-Wang do not explicitly teach but Pan teaches determine whether an identifier included in the first transaction is identical to an identifier included in the first certificate, and determine whether a hash value obtained by hashing the first certificate is identical to a hash value of the first certificate included in the first transaction (Pan teaches the verification on the target transaction usually includes the verification on the content of the target transaction, for example, verifying the certificate of the new node by using a public key of a node identity certification authority, and verifying whether the node identity certification authority is a node identity certification authority approved by the blockchain [0044], verifying the certificate and transaction by the use of the public key along with identity of the node)
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by the combination of Duccini-Wang to include compare an identifier and a public key included in the transaction with an identifier and a public key included in the second certificate to verify the second certificate as disclosed by Pan. One of ordinary skill in the art would have been motivated for the purpose of pass validation to update the table (Pan [0044]).

Claim(s) 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Duccini et al. (US 10547457, hereinafter Duccini) in view of Chen et al. (“Trust Enhancement Scheme for Cross Domain Authentication of PKI system”), in view of Wang et al. (“BlockCAM: A Blockchain-based Cross-domain Authentication Model”) and in further view of Pan et al. (US 20190253265, hereinafter Pan).
Re. claim 19, the combination of Duccini-Chen teach the cryptographic communication system of claim 18, wherein the first electronic device is configured to certify the second electronic device by looking up the second transaction, corresponding to the CA, at the distributed ledger based on an identifier of the CA, verifying the second certificate based on the second transaction (Wang teaches lookup the latest status of the record in the blockchain. Verify the certificate (this verifying the certificate is after the transaction which acts as the verify the second certificate based on the transaction) [C. Cross-Domain Authentication Protocol, Page 899]. BlockCAM stores the hash of the certificate in the blockchain and compares the user’s certificate hash with the hash record in the blockchain [D. Protocol Analysis, Page 899], comparing (verifying) the hash of the certificate with another hash of the certificate).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by the combination of Duccini-Chen to include wherein the first electronic device is configured to certify the second electronic device by looking up the second transaction, corresponding to the CA, at the distributed ledger based on an identifier of the CA, verifying the second certificate based on the second transaction as disclosed by Wang. One of ordinary skill in the art would have been motivated for the purpose of ensuring safety and efficiency for access in different domain (Wang [abstract]).
The combination of Duccini-Chen-Wang do not explicitly teach but Pan teaches verifying the fourth certificate based on a public key of the CA obtained from the second certificate, and verifying the third certificate based on a public key of the second CA obtained from the fourth certificate (Pan teaches receive root certificates from the first one or more CAs, and the second one or more CAs, and verify the root certificates based on respective public keys of the first one or more CAs, and the second one or more Cas [0055], shows verifying the certificate with respective public keys).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to modify the device and system disclosed by the combination of Duccini-Chen-Wang to include verifying the fourth certificate based on a public key of the CA obtained from the second certificate, and verifying the third certificate based on a public key of the second CA obtained from the fourth certificate as disclosed by Wang. One of ordinary skill in the art would have been motivated for the purpose of verifying certificates (Pan [0055]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Venable (US 20210083882) discloses the electronic document (e.g. X.509 certificate) is added to the blockchain by the combiner as a transaction object; the smart contracts can verify the electronic document has the correct signature just like typical PKI to accept the transaction.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday:Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.A./Examiner, Art Unit 2496                                                                                                                                                                                                        
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496