Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detailed Action
	This action is responsive to communication filed on: 15 July 2022 with acknowledgement of an original application filed on 21 December 2018.

Claims 1, 2, 5-9, 11-16, and 19 are pending; claims 1, 11 and 15 are independent claims.  

Response to Arguments

Applicant’s arguments filed 28 June 2022 have been fully considered and they are persuasive.

Examiner’s Amendment
An examiner's amendment to the record is attached.  Please enter entire claim set.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.  The examiner's amendment was authorized by attorney of record John Kacvinsky in phone interview on 21 July 2022 and confirming email sent on 26 July 2022.   

	The application has been amended as follows:


Amend the following claims 1, 11, and 15. 

1.	(Currently Amended) An apparatus, comprising:
a data storage device to store ledger keys; and
a trusted execution environment (TEE) comprising:
a processor; and
memory coupled to the processor, the memory comprising instructions that when executed by the processor cause the processor to:
receive an encrypted transaction from a node of a plurality of nodes of a public network, the encrypted transaction having been encrypted using ledger keys and distributed to a public ledger on a blockchain maintained and accessible by the plurality of nodes of the public network,
wherein the ledger keys for the encrypted transaction are known to only a subset of the nodes of the public network, the subset including the node,
wherein the encrypted transaction comprises encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature,
identify the node based on the public part of the existing node key,
verify the encrypted transaction originated from the identified node based on the signature,
generate a one-time symmetric key based on the public part of the one-time key, and
decrypt the encrypted data based on the one-time symmetric key and the ledger keys.


2. (Previously presented) The apparatus of claim 1, wherein the decrypted version of the transaction comprises a clear text version of the transaction. 

3-4. (Canceled)

5. (Previously presented) The apparatus of claim 1, the instructions when executed by the processor, cause the processor to:
verify that the node is allowed to participate in the transaction; and
confirm the node is able to access data associated with the transaction.

6. (Previously presented) The apparatus of claim 5, the memory comprising an access control list and the instructions, when executed by the processor cause the processor to indicate which of the plurality of nodes of the public network are allowed to participate in the transaction.

7. (Original) The apparatus of claim 6, the access control list further to indicate what data related to the transaction is accessible.

8. (Previously presented) The apparatus of claim 1, the instructions when executed by the processor, cause the processor to:
establish a secure connection to the node in response to receiving a join request from the node; and

share the ledger keys with the node in response to the node proving its identity.

9. (Previously presented) The apparatus of claim 8, wherein the node proves its identity using remote attestation.

10. (Canceled)


11.	(Currently Amended) An apparatus, comprising:
a trusted execution environment (TEE) comprising:
a processor; and
memory coupled to the processor, the memory comprising instructions that when executed by the processor cause the processor to:
receive an encrypted transaction from a node of a plurality of nodes of a public network, wherein the encrypted transaction was encrypted using ledger keys distributed to only a subset of the plurality of nodes of the public network, the subset including the node, the encrypted transaction distributed to a public ledger on a blockchain maintained and accessible by the plurality of nodes of the public network and comprising encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature,
identify the node based on the public part of the existing node key,
verify the encrypted transaction originated from the identified node based on the signature,
generate a one-time symmetric key based on the public part of the one-time key, and
decrypt the encrypted data based on the one-time symmetric key and the ledger keys.


12. (Previously presented) The apparatus of claim 11, the memory comprising a cryptographic library and the instructions, when executed by the processor cause the processor to decrypt the encrypted transaction.

13. (Previously presented) The apparatus of claim 11, the instructions when executed by the processor, cause the processor to: verify that the node is allowed to participate in the transaction; and confirm, based on an access control list, the node is able to access data associated with the transaction.

14. (Previously presented) The apparatus of claim 11, the instructions when executed by the processor, cause the processor to:
establish a secure connection to the node in response to receiving a join request; and
share the ledger keys with the node in response to the node proving its identity.


15.	(Currently Amended) At least one machine-readable storage medium comprising instructions that, when executed by a processor, cause the processor to:
receive an encrypted transaction from a node of a plurality of nodes of a public network, the encrypted transaction encrypted using ledger keys and distributed to a public ledger on a blockchain maintained and accessible by the plurality of nodes of the public network and comprising encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature, wherein the ledger keys for the encrypted transaction are known to only a subset of the nodes of the public network, the subset including the node;
identify the node based on the public part of the existing node key;
verify the encrypted transaction originated from the identified node based on the signature;
generate, within a trusted execution environment (TEE), a one-time symmetric key based on the public part of the one-time key;
decrypt, within the TEE, the encrypted data based on the one-time symmetric key and the ledger keys;
generate, within the TEE, an updated transaction from the decrypted transaction;
encrypt, within the TEE, the updated transaction using the ledger keys; and
distribute the encrypted updated transaction to the public ledger maintained by the plurality of nodes of the public network.

16. (Previously presented) The at least one machine-readable storage medium of claim 15, comprising instructions that further cause the processor to:
obtain the ledger keys based on a cryptographic library located inside the TEE, wherein the ledger keys are used to: decrypt the encrypted transaction and encrypt the updated transaction. 

17-18. (Canceled)

19. (Previously presented) The at least one machine-readable storage medium of claim 15, comprising instructions that further cause the processor to:
establish, by a key synchronizer inside the TEE, a secure connection to the node in response to receiving a join request from the node; and
share the ledger keys with the node in response to the node proving its identity.

20. (Canceled)








Allowable Subject Matter
Claims 1, 2, 5-9, 11-16, and 19 are allowed.

The following is an examiner’s statement of reasons for allowance: the combination of Ventura and Liu et al. discloses node computing entity, a trusted execution environment, secure ledge/blockchain database that store encrypted information/data accessible by secure domain and submitting a private key and a public key used for crypto and digital signature.  Ventura whether alone or in combination with the other prior arts of record fail to teach or render obvious

“receive an encrypted transaction from a node of a plurality of nodes of a public network, the encrypted transaction having been encrypted using ledger keys and distributed to a public ledger on a blockchain maintained and accessible by the plurality of nodes of the public network,
wherein the ledger keys for the encrypted transaction are known to only a subset of the nodes of the public network, the subset including the node,
wherein the encrypted transaction comprises encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature,
identify the node based on the public part of the existing node key,
verify the encrypted transaction originated from the identified node based on the signature,
generate a one-time symmetric key based on the public part of the one-time key, and
decrypt the encrypted data based on the one-time symmetric key and the ledger keys” as recited in claims 1 and  

“receive an encrypted transaction from a node of a plurality of nodes of a public network, wherein the encrypted transaction was encrypted using ledger keys distributed to only a subset of the plurality of nodes of the public network, the subset including the node, the encrypted transaction distributed to a public ledger on a blockchain maintained and accessible by the plurality of nodes of the public network and comprising encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature,
identify the node based on the public part of the existing node key,
verify the encrypted transaction originated from the identified node based on the signature,
generate a one-time symmetric key based on the public part of the one-time key, and
decrypt the encrypted data based on the one-time symmetric key and the ledger keys” as recited in claim 11 and 


“receive an encrypted transaction from a node of a plurality of nodes of a public network, the encrypted transaction encrypted using ledger keys and distributed to a public ledger on a blockchain maintained and accessible by the plurality of nodes of the public network and comprising encrypted data, a public part of a one-time key, a public part of an existing node key, and a signature, wherein the ledger keys for the encrypted transaction are known to only a subset of the nodes of the public network, the subset including the node;
identify the node based on the public part of the existing node key;
verify the encrypted transaction originated from the identified node based on the signature;
generate, within a trusted execution environment (TEE), a one-time symmetric key based on the public part of the one-time key;
decrypt, within the TEE, the encrypted data based on the one-time symmetric key and the ledger keys;
generate, within the TEE, an updated transaction from the decrypted transaction;
encrypt, within the TEE, the updated transaction using the ledger keys; and
distribute the encrypted updated transaction to the public ledger maintained by the plurality of nodes of the public network” as recited in claim 15.


Therefore, independent claims 1, 11 and 15 are allowable over the prior arts of record.
Consequently claims 2, 5-9, 12-14, 16, and 19 are directly or indirectly dependent upon claims 1, 6, and 11 and therefore, they are also allowable over the prior arts of record.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance." 
Conclusion

Any inquiry concerning this communication or earlier communications from the
examiner should be directed to HELAI SALEHI whose telephone number is (571 )270-7468. The examiner can normally be reached on Monday-Friday, 9am – 5pm, every other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571- 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HELAI SALEHI/           Examiner, Art Unit 2433                                                                                                                                                                                             

/BRANDON HOFFMAN/Primary Examiner, Art Unit 2433