DETAILED ACTION
Status of Claims
This is a first office action on the merits in response to the application filed on 11/21/2020.
Claims 1-14 are pending and have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 02/12/2021, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.

Claim Objections
Claim 1 is objected to because of the following informalities:
	Claim 1 recites “the resource receiver is a server with the resource transaction application client installed thereon, the resource issuer and the resource receiver serve as both parties of a transaction; after obtaining the consent of both parties through bidirectional authorization, the resource issuer sends the transaction to the blockchain network; the resource receiver is a server with the resource transaction application client installed thereon.” The second underlined limitation repeats the language of the first underlined limitation. Either the “resource receiver” in the first underlined limitation should be changed to “resource issuer” or the second underlined limitation should be removed. 
	Claim 1 recites “the resource certificate generating module receives pre-issued RC and ROA information from the resource transaction module, and generates a resource certificate RC with the same definition as that of the RPKI according to the pre-issued RC.” The “RPKI” should be corrected to “RPKIB” which is recited in the limitation “constructing a resource public key infrastructure RPKIB system.”
	Claim 1 recites “one effective ROA comprises three parts: one AS number, one IP address prefix list, and an optional content for limiting an IP address prefix,” “the resource certificate generating module receives pre-issued RC and ROA information from the resource transaction module, and generates a resource certificate RC with the same definition as that of the RPKI according to the pre-issued RC,” and “4.2.1.5.1: constructing, by the resource transaction module of the resource issuer of the RC1, an RC1 issuance request message rc_issue_request based on a UDP.” The whole names, autonomous system for AS, resource certificate for RC, user datagram protocol for UDP, should be spelled out at their first references. 
	Claim 1 recites “4.2.5: at the moment, the resource transaction module of the resource transaction clientreceiving the message issued by the ROA1 from the resource issuer.” The “the resource transaction clientreceiving” should be corrected to “the resource transaction application client receiving.” 
	Claim 6 recites “overwriting information of a parent node of the RC1 node, i.e., the node where the certificate RCissuerheld by the resource issuer is located.” The “RCissuerheld” should be corrected to “RCissuer held.”
	Appropriate correction is required.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-14 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
	Claim 1 recites the following:
	a.	“the resource issuer and the resource receiver take various operations of the resource certificate and the route origin authorization ROA as transactions that are carried out through the blockchain network,”
	b.	“after obtaining the consent of both parties through bidirectional authorization,”
	
	c.	“an IP address prefix contained in the certificate and an AS number contained in the certificate,”
	d.	“and issuing the certificate RC1 according to the certificate issuing method in 4.2.1.1 to 4.2.1.12: 4.2.1.1,”
	e.	“at the moment, the resource transaction module of the resource transaction application client receiving the message of modifying the RC4 related to resource allocation adjustment from the resource issuer, the resource transaction module of the resource issuer needing to revoke the old certificate RC4,”
	f.	“and then generating a new ROA3' according to the modified content, and issuing a new certificate ROA3' via a method comprising.”
	There is insufficient antecedent basis for the limitations listed above.

	Claim 1 recites “the transfer attribute represents whether an IP address resource allocated to an institution is capable of being reallocated to another resource authorization entity, the transfer attribute being 0 indicates that the resource issuer does not want to sub-allocate an IP address prefix resource which is allocated to an institution, and the institution at the moment is called a terminal node.” It is unclear whether the second institution recited is the same as the first recited institution.
	Claim 1 recites “carrying out, by the blockchain-based resource public key infrastructure system RPKIB, bidirectional authorization on a resource operation between the resource issuer and the resource receiver, and after each bidirectional authorization passes, conducting, by the resource issuer and the resource receiver, a transaction corresponding to the resource operation.” It is unclear whether the bidirectional authorization is performed once or multiple times.
	Dependent claims 2-14 are rejected because they depend on the rejected independent claim 1.

Allowable Subject Matter
Claims 1-14 would be allowable if rewritten or amended to overcome the claim objections and the rejections under 35 U.S.C. 112(b), set forth in this office action.

The following is an examiner’s statement of reasons of allowance over prior arts:
	Claim 1 discloses a method for certificate transaction validation of a resource public key infrastructure based on a blockchain. The resource public key infrastructure blockchain system RPKIB comprises a resource issuer, a resource transaction application client, a resource receiver, a blockchain network, and a validation node. A resource transaction application client, which processes the transactions associated with the resource certificates, is installed on the resource issuer and the resource receiver. After the RPKIB system is constructed, the resource transaction structure and the resource tree are defined. The resource transaction structure comprises a transaction initiator, a transaction receiver, a transaction type, a transaction content, a transaction attribute, a transaction evidence, and a transaction signature given by the transaction initiator. The resource tree is constructed according to a valid resource certificate RC, and each node of the resource tree comprises seven domains: the resource issuer, the resource receiver, the RC, a parent certificate identifier, a child certificate identifier, an IP address prefix, and an autonomous system (AS) number. A transaction corresponding to a resource operation is conducted when the bidirectional authorization on the resource operation between the resource issuer and the resource receiver is granted. A transaction type is determined after a message is received from the resource issuer. The transaction type includes issuing an RC, revoking an RC, overwriting an RC, modifying an RC, issuing a route origin authorization (ROA), revoking an ROA, and modifying an ROA. The different types of transaction are processed by the modules of the resource transaction application client installed on the resource issuer and/or resource receiver following the different disclosed procedures. The validation node of the blockchain network executes a smart contract for the resource operation to verify the corresponding transaction after it is received. 
	The closest prior arts of records are as following:
Huston et al. (“Resource Certification - A Public Key Infrastructure for IP Addresses and AS's”) (“Huston”)
Angieri et al. (“An experiment in distributed Internet address management using blockchains”) (“Angieri”)
Lepinski et al. (“An Infrastructure to Support Secure Internet Routing”) (“Lepinski”)
Guo et al. (CN 106384236 A) (“Guo”)
Smith et al. (US 20180006826 A1) (“Smith”)
Geng et al. (CN 105681345 A) (“Geng”)
Michaelson et al. (“Resource Public Key Infrastructure (RPKI) Validation Reconsidered”) (“Michaelson”)
Qiu et al. (US 20190036712 A1) (“Qiu”)
	Huston discloses a form of a public key certificate that is used to bind IP address and AS number resources to a public/private key pair. These certificates are used to attest to resource allocation actions, so that digitally signed attestations relating to a party’s right-of-use of IP addresses and AS numbers can be validated by relying parities, using a related resource certificate public key infrastructure. The intent of the Resource Public Key Infrastructure (RPKI) is to support a hierarchy of X.509 certificates that allows relying parties to validate assertions about IP addresses and AS Numbers and their use. A Resource Certificate describes an action by the certificate issuer that binds a list of IP address blocks and AS numbers to the subject of the certificate. The RPKI allows a relying party to determine if an address is valid to use in the context of the public Internet, and to validate assertions relating to the current "right-of-use" holder of an AS number or IP address. A CA certificate may be revoked by an issuing authority for a number of reasons, including key rollover, the reduction in the resource set associated with the certificate's subject, or termination of the resource allocation. The route origination authorization (ROAs) can be used to validate origination information and the sequence of ASes that describe the path from the origin to the recipient router.
	Angieri discloses a blockchain-based distributed autonomous internet address registry to perform the IPv6 address registry functions. The system also aims to fulfil the same objectives as the current IP address allocation system, namely, uniqueness, fairness, conservation, aggregation, registration and minimized overhead. The system is implemented as a Decentralized Autonomous Organization, i.e., as a set of blockchain’s smart contracts in Ethereum. Any entity may request an allocation of addresses to the system registry by solely performing a (crypto)currency transfer to the system. The system has a block of globally routable IP addresses to allocate. To request an
address allocation, an entity transfers a fee to the system. Once the fee transaction has been verified, the system annotates in the blockchain the allocation of a prefix to the requester, serving as a ledger of the address assignment for any interested party accessing to the blockchain. The behavior of the registry is governed by the code of the smart contract. Modifications to the information regarding the registry of IPv6 address blocks are triggered by blockchain transactions and subject to the consensus mechanism of the blockchain. Therefore, the smart contracts define what a valid transaction is and then all the nodes of the blockchain will enforce that only valid transactions modify the address allocation registry information. Once included in the blockchain, the allocation of a block is irrevocable.
	Lepinski discloses an architecture for an infrastructure to support improved security of internet routing. The foundation of this architecture is a Resource Public Key Infrastructure (RPKI) that represents the allocation hierarchy of IP address space and Autonomous System (AS) numbers, a distributed repository system for storing and disseminating the data objects that comprise the RPKI, and other signed objects necessary for improved routing security. As an initial application of this architecture, it describes how a legitimate holder of IP address space can explicitly and verifiably authorize one or more ASes to originate routes to that address space. Such verifiable authorizations could be used, for example, to more securely construct BGP route filters. A CA certificate is required to enable a resource holder to issue ROAs, because it must issue the corresponding end-entity (EE) certificate used to validate each ROA. In order for an ROA to be valid, its corresponding end-entity certificate must be valid, and the IP address prefixes of the ROA must exactly match the IP address prefix(es) specified in the EE certificate’s extension. An ROA is revoked by revoking the corresponding EE certificate.
	Guo discloses a method for a blockchain-based CA certification management. The blockchain includes a genesis block and a conventional block. The genesis block is used to store the root CA certificate. A certificate request transaction, which includes an unsigned certificate, a blockchain address of the node to be authenticated, and the blockchain address of the authentication node, is broadcasted. The unsigned certificate included in the pending certificate request transaction is verified based on the verification information associated with the unsigned certificate. The unsigned certificate is signed after the verification is passed. A certificate issuance transaction containing the signed certificate is broadcasted and appended to the blockchain. A signed certificate can be revoked by recording a revocation transaction, which includes the signed certificate to be revoked and the revocation identifier used to identify the certificate, in the blockchain. 
	Smith discloses using a blockchain as a scalable infrastructure to implement distributed PKI, referred to as public key ledger PKL. A blockchain may be used as a repository for any public information that requires integrity; using a blockchain as a repository for CA certificates/public-keys may address the PKI issues described above. Transactions posted to a blockchain are public and immutable. Furthermore, the sequence of transactions posted to the blockchain is also immutable; thus, the transaction path between any two transactions on the blockchain is verifiable. The blockchain enables chains of trust (e.g., a first key signing a second key, the second key signing a third key, etc.), which is similar to digital certificate path validation in PKI. However, there is no requirement to create chains of trust because any blockchain participant may verify any public key by searching the blockchain. A public key, by itself, is untrusted until it is introduced to the blockchain by a trusted public key. A trusted public key essentially becomes a CA when it introduces another public key. If a trusted key K1 wants to introduce an untrusted public key K2, K1 signs K2 with K1's private key. Thus, an X.509 certificate may be thought of as a blockchain transaction where the contents of the transaction include a second public key.
	Geng discloses a pre-control mechanism for ensuring the safety and accuracy of CA operation in the authentication authority resource allocation process in RPKI. The basic principle of the pre-control mechanism is that a correct resource allocation and certificate issuance process should satisfy the following two conditions: (i) all resources allocated to subordinate CA entities must all belong to the current CA entity itself, thereby preventing unauthorized resource allocation, and (ii) all resources that satisfy the condition (i) cannot be allocated twice or more to different subordinate CA entities, thereby preventing the occurrence of repeated allocation of resources. The resources to be allocated will be detected in the process of resource allocation (before the certificate is issued) to prevent the duplication of resources.
	Michaelson discloses an alternative to the certificate validation procedure specified in RFC 6487 that reduces aspects of operational fragility in the management of certificates in the Resource Public Key Infrastructure (RPKI), while retaining essential security features. A validation algorithm is provided that verifies a prospective certification pass with pre-defined conditions. The invalid certificates and/or ROAs could be identified via RPKI trees that consist of certificates.
	Qiu discloses a digital certificate management via the blockchain technologies. A transaction request with a digital certificate is received from a certificate authority at a node in a blockchain network, The transaction request is to write the digital certificate into a blockchain associated with the blockchain network, and the digital certificate is issued to a node in the blockchain network. A consensus verification result is determined for the transaction request, and the consensus verification result is produced by nodes in the blockchain network. In response to determining the consensus verification result is greater than or equal to the predetermined threshold value, the digital certificate is stored in the blockchain associated with the blockchain network.
	The cited references, alone or in combination, do not teach the particular combination of steps and/or elements of constructing an RPKIB system, defining a resource transaction structure, defining a resource tree, carrying out a bidirectional authorization, initializing a root node of the resource tree, determining a transaction type among seven different transaction types, and processing the resource transaction via one of the disclosed detailed procedures associated with the determined transaction type. Additionally, the cited references, alone or in combination, fails to teach the combination of the lengthy and specific details found in the limitations clearly described in the claim 1. Therefore, the claim of the instant application is not obvious over the recited references for the reasons given above.
		
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHUNLING DING, whose telephone number is (571)270-3605. The examiner can normally be reached 9:30 - 7:30 M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, an applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel, can be reached on 571-270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.D./Examiner, Art Unit 3685                                                                                                                                                                                                        

/NEHA PATEL/Supervisory Patent Examiner, Art Unit 3685