DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the application filed on 03/09/2021. Claims 1-20 are examined.

Claim Rejections


Claim 1 is objected to because of the following informalities:  Claim 1 at line 9 reads “receiving a confirmation message” and at line 11 reads “an encrypted confirmation salt”. The limitation at line 11 is “encrypted confirmation salt” while the limitation at line 15 is directed to “decrypting the confirmation message”.  Applicant might have intended to recite decrypting the encrypted confirmation salt and not the confirmation message, the limitation as best understood in light of the specification and earlier recited limitation using part of the contents of the message is used to decrypt the “salt” see for e.g. claim 1 line 9-10 “receiving a confirmation which includes…. A confirmation open return”, claim 1 line 15-16 “decrypting… using… the confirmation open return”. Appropriate correction is required. 


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 1 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claim 1 at line 9 reads “receiving a confirmation message” at line 11 reads “an encrypted confirmation salt”. Claim 1 at line 15 reads “decrypting the confirmation message”. The limitation at line 11 reads “encrypted confirmation salt” while the limitation at line 15 is directed to “decrypting the confirmation message”. 
Additionally, Applicant might have intended to recite decrypting the encrypted confirmation salt and not the message because Applicant is using part of the contents of the message to decrypt the “salt” e.g. claim 1 line 9-10 “receiving a confirmation which includes…. A confirmation open return”, claim 1 line 15-16 “decrypting… using… the confirmation open return”.

Claim 1 also recites the limitation "receiver client open identification" in line 13-16 Pg. 2.  There is insufficient antecedent basis for this limitation in the claim. Examiner respectfully would like to point out that claim 1 at line 31 reads “a receiver open identification” and lines 34, 35, 26 and 37 read “the receiver client open identification”. 
Additionally, Examiner believes Applicant may have indented to recite “a receiver client open identification” at line 31 and would interpret the limitation for examination purpose accordingly. 
Dependent claims 2-20 are rejected are also rejected for inheriting the deficiencies of the parent claim 1 as set forth above.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1-20 is/are rejected under 35 U.S.C. 102(a)(1) as being Anticipated by Qwyit Authentication and Encryption Service (QwyitTalk) Security As A Service, March 14, 2018.

Regarding claim 1,
QwyitTalk discloses: A method for operating an anonymous registration server as part of a participant- managed, independent-trust authentication service for secure messaging comprising: 
a) performing an anonymous registration by: receiving a setup request from a sender client for anonymous registration ([Pg. 4 Qwyit Verified Setup image] Step 1 Client Request); upon receiving the setup request, generating a sender client credentials for the sender client said sender client credentials including a sender client open identification, a sender client first key and a sender client second key ([Pg. 4 Qwyit Verified Setup image] Upon VSU request receipt, generates Qwyit credentials OpenID, DSK (MQK, MEK) per Email Address/IP combination); sending the sender client credentials to the sender client ([Pg. 4 Qwyit Verified Setup image] Step 2 or Step 3); receiving a confirmation message from the sender client, which includes the sender client open identification, a confirmation open return ([Pg. 4 Qwyit Verified Setup image] Step 4), a sender client generated authentication identification for publication by the server ([Pg. 6] Insert into use (store DSK, OpenID in cookie, file, db – method?), and an encrypted confirmation salt generated by the sender client using a predetermined algorithm ([Pg. 6 Qwyit] Confirmation Salt), wherein the encrypted confirmation salt is encrypted using the sender client first key, the sender client second key and the confirmation open return ([Pg. 4 Qwyit Verified Setup image] Step 2 and Step 3, 1st half 2nd half of the MEK); [Pg. 6] Use message key to encrypt confirmation message, which is a 128-bit, 32 hex digit ID salt created by using the last 32 digits (128-bits) of the MQK in a PDAF with the last 32 digits (128-bits) of the MEK; Send 9VSC5) output (OpenID, OR, CSe) to DS); decrypting the encrypted confirmation message ([Pg. 6 Qwyit] DS decryption of the confirmation message) using the sender client first key, the sender client second key and the confirmation open return to reveal the sender client generated confirmation salt ([Qwyit Pg. 6 Use message to decrypt confirmation; Perform QwyitTalk™ decrypt using W and CSe, result is CS received decrypted (CS)); generating a server generated confirmation salt using said predetermined algorithm and the sender client first key, and the sender client second key ([Qwyit Pg. 6] Perform a PDAF(MQK last 128-bits, MEK last 128-bits); result is Confirmation Salt generated; comparing the server generated confirmation salt to the sender client generated confirmation salt (([Qwyit Pg. 6] Compare CS received decrypted with CS generated); upon determining that the server generated confirmation salt matches the sender client generated confirmation salt, publishing the sender client generated authentication identification ([Qwyit Pg. 6] If match confirmed, store IP Address, OpenID, DSK, email address, SMS (and whatever other required session ID was collected) into DS KDC); and 
b) performing an authentication request operation by: receiving an authentication request by the sender client ([Pg. 7] Client Sender sends Authorization Request to Directory Service/Server; [Pg. 7 Figure Step 1] Client Request) for a recipient-only secure authentication bundle ([Qwyit Pg. 7 NOTE:] No one has the SSK but you and your intended recipient, so your communications will be secure) for use in initiating messaging operations between the sender client and a receiver client ([Qwyit Pg. 7] Send Authorization Request (AUTR) to DS in order to receive an SSK for communication w/intended Client; [Qwyit Pg. 15] the sender will initiate a private real-time Authentication Handshake (AH) with a shared QwyitTalk™ Directory Server in order to create a QwyitTalk™ VPN tunnel with multiple intended receivers (based on their OpenIDs)), wherein said authentication request includes the sender client open identification, an authentication request open return, and a first cipher text, which said first cipher text is encrypted using the sender client first key, the sender client second key and the authentication request open return ([Qwyit Pg. 7] Send AHC1: SenderOpenID, ReceiverOpenID, CS encrypted in The Qwyit™ Cipher using DSK to DS [AHC1: SenderOpenID, ReceiverOpenID, OR, CT] where CT is the encrypted CS), wherein the first cipher text includes a receiver open identification and a first part of a session start key ([Qwyit Pg. 7] Send AHC1:SenderOpenID, ReceiverOpenID, CS encrypted); decrypting the first cipher text using the sender client first key, the sender client second key and the authentication request open return ([Qwyit Pg. 8] Decrypt AHC1 from Client using respective OpenID and DSK in the Qwyit™ Cipher) to reveal the receiver client open identification and the first part of a session start key ([Qwyit Pg. 7] AHC1: SenderOpenID, ReceiverOpenID, OR, CT); determining whether the receiver client open identification is valid; if the receiver client open identification is valid ([Qwyit Pg. 8] Check that Sender client has submitted a correct, meaningful CS (integrity, authentication), then: creating an initialization vector for the sender client and receiver client messaging pair ([Qwyit Pg. 8] Create Session Start Key (SSK, 128 hex digits, 512-bits); creating an authentication bundle for the receiver client, which authentication bundle includes the sender client authentication identification, the first part of the session start key, and the initialization vector ([Qwyit Pg. 8] The AHQ3 includes 2 different CT; The SSK is encrypted using the Sender Client’s DSK and the; The SSK is twice-encrypted using the Receiver Client’s DSK and the same; [AHQ3: OpenID, OR, CT1, CT2] where OpenID is the Sender Clients, CT1 is the SSK-encrypted ciphertext using the Sender’s DSK and CT2 is the twice-encrypted SSK ciphertext using the Receiver’s DSK); encrypting the authentication bundle to create an encrypted authentication bundle using a receiver client first key, a receiver client second key, and an authentication bundle open return ([Qwyit Pg. 8] Send SSK Accept (AHQ3) to Sender, with wrapped Receiver Clients’ msg; SSK-encrypted ciphertext using the Sender’s DSK and CT2 is the twice-encrypted SSK ciphertext using the Receiver’s DSK); creating a second cipher text by encrypting the initialization vector, the authentication bundle open return, and the encrypted authentication bundle using the sender client first key, the sender client second key and an authentication reply open return ([Qwyit Pg. 8] The AHQ3 includes 2 different CTs; The SSK is encrypted using the Sender Client’s DSK and the; The SSK is twice-encrypted using the Receiver Client’s DSK and the same; As per the QT Cipher, a 2nd Msg Key is created and used again on the 1st encryption’s CT (this is to obscure the Msg Key chain from the Sender who is aware of the PT and could derive the 1st Msg Key)); and sending an authentication reply to the sender client ([Qwyit Pg. 8] Send SSK Accept (AHQ3) to Sender, with wrapped Receiver Clients’ msg), which authentication reply includes the sender open identification, the authentication reply open return, and the second cipher text ([Qwyit Pg. 8] AHQ3: OpenID, OR, CT1, CT2).

Regarding claim 2, 
Qwyit discloses: The method according to claim 1, wherein the first part of the session start key is generated by the sender client along with a second part of the session start key ([Qwyit Pg. 24] Client1...Next, I'll use the SSK from the QDS and the just created QR to create a Session Master Key (SMK,in 2 halves, SQK and SEK).

	Regarding claim 3,
	Qwyit discloses: The method according to claim 2, wherein the second part of the session start key is not sent to the server ([Qwyit Pg. 8] Create Session Start Key (SSK, 128 hex digits, 512-bits); As per the QT Cipher, a 2nd Msg Key is created and used again on the 1st encryption’s CT (this is to obscure the Msg Key chain from the Sender who is aware of the PT and could derive the 1st Msg Key)).

	Regarding claim 4, 
Qwyit discloses: The method according to claim 2, wherein the sender client receives the authentication reply from the server and then: 
Qwyit further discloses: decrypts the second cipher text using the sender client first key, the sender client second key and the authentication reply open return to reveal the initialization vector, the authentication bundle open return, and the encrypted authentication bundle ([Qwyit Pg. 8] Sender Client decrypts SSK; Sender and Receiver Clients commence QwyitTalk messaging with Sender initiating contact with QwyitTalk™ Start message (including OR, CT2 for Receiver to derive SSK) in Normal Operation; Directory Service/Server and Sender Client perform a PDAF PFS NIL communication DSK key update; Perform a PDAF(MQK 256-bits, MEK 256-bits) for two rounds, creating 512-bit result w/MQK, MEK halves; Optionally, extend the above PDAF for 2 rounds (doubling length) and perform an OWC).
	
	Regarding claim 5, 
Qwyit discloses: The method according to claim 4, wherein the sender client further: 
Qwyit further discloses: sends an authentication start message to the receiver client, which authentication start message includes the sender open identification, the sender authentication identification, the authentication bundle open return, and the encrypted authentication bundle ([Qwyit Pg. 7] AHC1: SenderOpenID, ReceiverOpenID, CS encrypted in The Qwyit™ Cipher using DSK to DS [AHC1: SenderOpenID, ReceiverOpenID, OR, CT] where CT is the encrypted CS).

	Regrading claim 6, 
	Qwyit discloses: The method according to claim 5, wherein the sender client further: 
Qwyit further discloses: performs a modular addition of the second part of the session start key and the initialization vector to obtain an open return authentication ([Qwyit Pg. 10] simple MOD16 addition; [Pg. 9] Perform MOD16(SSK,QR); result is the Session Master Key (SMK, in 2 halves, SQK and SEK)).

	Regarding claim 7, 
	Qwyit discloses: The method according to claim 6, wherein the sender client further: 
Qwyit further discloses: sends an additional authentication message to the receiver client, which additional authentication message includes the sender client open identification, the open return authentication, and an encrypted initial message ([Qwyit Pg. 9] Create new message content (IMSG, the Initial Message opening communication); Send QTQS:OpenID, QR, OR1, OR2, CT2, Ciphertext of IMSG).

	Regrading claim 8, 
	Qwyit discloses: The method according to claim 7, wherein the sender client further: 
Qwyit further discloses: encrypts an initial message to obtain the encrypted initial message using the first part of the session start key, the second part of the session start key and the open return authentication ([Qwyit Pg. 9] Sending Client sends QwyitTalk™ Start to Client Receiver (QwyitTalk™ Start, QTQS) o Sending Client generates a QT™ Return (QR, 128 hex digits, 512-bits); Using the AH SSK from the DS for this communication:  Perform MOD16(SSK,QR); result is the Session Master Key (SMK, in 2 halves, SQK and SEK); Create new message content (IMSG, the Initial Message opening communication); Perform Normal Trusted Operation using The Qwyit™ Cipher on IMSG with SMK (SQK and SEK); Send QwyitTalk™ Start (QTQS) message  Send QTQS:OpenID, QR, OR1, OR2, CT2).

	Regarding claim 9,
	Qwyit discloses: The method according to claim 4, wherein the sender client further: 
Qwyit further discloses: performs a modular addition of the second part of the session start key and the initialization vector to obtain an open return authentication ([Qwyit Pg. 10] simple MOD16 addition; [Pg. 9] Perform MOD16(SSK,QR); result is the Session Master Key (SMK, in 2 halves, SQK and SEK)); sends an authentication start message to the receiver client, which authentication start message includes the sender open identification, the sender authentication identification, the authentication bundle open return, the encrypted authentication bundle, the open return authentication, and an encrypted initial message ([Qwyit Pg. 7] AHC1: SenderOpenID, ReceiverOpenID, CS encrypted in The Qwyit™ Cipher using DSK to DS [AHC1: SenderOpenID, ReceiverOpenID, OR, CT] where CT is the encrypted CS [Pg. 9] Send QTQS:OpenID, QR, OR1, OR2, CT2, Ciphertext of IMSG).
	
	Regarding claim 10,
	Qwyit discloses: The method according to claim 9, wherein the sender client further: 
Qwyit further discloses encrypts an initial message to obtain the encrypted initial message using the first part of the session start key, the second part of the session start key and the open return authentication ([Qwyit Pg. 9] Sending Client sends QwyitTalk™ Start to Client Receiver (QwyitTalk™ Start, QTQS) o Sending Client generates a QT™ Return (QR, 128 hex digits, 512-bits); Using the AH SSK from the DS for this communication:  Perform MOD16(SSK,QR); result is the Session Master Key (SMK, in 2 halves, SQK and SEK); Create new message content (IMSG, the Initial Message opening communication); Perform Normal Trusted Operation using The Qwyit™ Cipher on IMSG with SMK (SQK and SEK); Send QwyitTalk™ Start (QTQS) message  Send QTQS:OpenID, QR, OR1, OR2, CT2).

	Regarding claim 11,
	Qwyit discloses: The method according to claim 8, wherein the receiver client further: 
Qwyit further discloses: decrypts the encrypted authentication bundle using the receiver client first key, the receiver client second key, and the authentication bundle open return to reveal the sender authentication identification sent from the server, the first part of the session start key, and the initialization vector ([Qwyit Pg. 8] Sender Client decrypts SSK (Step 4, AHC4) o Sender Client decrypts AHQ3 from DS using DSK in the Qwyit™ Cipher  Client only replies to DS if unable to decrypt key (for whatever reason), sending an AHE for error  Sender and Receiver Clients commence QwyitTalk messaging with Sender initiating contact with QwyitTalk™ Start message (including OR, CT2 for Receiver to derive SSK) in Normal Operation).

	Regarding claim 12, 
	Qwyit discloses: The method according to claim 11, wherein the receiver client further: 
Qwyit further discloses: performs an inverse modular addition of the open return authentication and the initialization vector to obtain the second part of the session start key ([Qwyit Pg. 10] simple MOD16 addition; [Pg. 9] Perform MOD16(SSK,QR); result is the Session Master Key (SMK, in 2 halves, SQK and SEK); Receiving Client decrypts QTQS (QT™ Talk, QTQS)).
	
	Regarding claim 13,
	Qwyit discloses: The method according to claim 12, wherein the receiver client further: 
Qwyit further discloses: decrypts the encrypted initial message using the first part of the session start key, the second part of the session start key and the open return authentication to reveal the initial message (Qwyit Pg 9. Receiving Client decrypts QTQS (QT™ Talk, QTQS); using OR2 and their DSK to derive the SSK – this requires two Msg Key decryptions as noted in the AH above;  [Pg. 8] Directory Service/Server and Sender Client perform a PDAF PFS NIL communication DSK key update; Perform a PDAF(MQK 256-bits, MEK 256-bits) for two rounds, creating 512-bit result w/MQK, MEK halves; Optionally, extend the above PDAF for 2 rounds (doubling length) and perform an OWC).

	Regarding claim 14, 
	Qwyit discloses: The method according to claim 13, 
Qwyit further discloses: wherein the sender client and receiver client subsequently communicate in an encrypted manner encrypting each new message using the first part of the session start key, the second part of the session start key and a new open return for each new message ([Qwyit Pg. 9] Clients continue communication by performing Normal Trusted Operation messaging w/Qywit™ Cipher using SMK (QwyitTalk, QTQT Encrypt/Decrypt)).
	
	Regarding claim 15,
	Qwyit discloses: The method according to claim 12, wherein the receiver client further: 
Qwyit further discloses: compares the sender authentication identification received from the sender client to the sender authentication identification received encrypted from the server in the encrypted authentication bundle ([Qwyit Pg. 6] Use message to decrypt confirmation (by creating the correct same ID salt and comparing).

	Regarding claim 16, 
	Qwyit discloses: The method according to claim 15, wherein the receiver client further: 
Qwyit further discloses: compares the sender authentication identification received from the sender client and the sender authentication identification received encrypted from the server in the encrypted authentication bundle to a published version of the sender authentication identification that is published by the server in association with the sender open identification ([Qwyit Pg. 6] Use message to decrypt confirmation (by creating the correct same ID salt and comparing; Compare CS received decrypted with CS generated o If doesn’t match, error sent; If match confirmed, store IP Address, OpenID, DSK, email address, SMS (and whatever other required session ID was collected) into DS KDC)).
	
	Regarding claim 17 and 19,
	Qwyit discloses: The method according to claim 14, wherein the receiver client and the sender client at predetermined key end of lifetime further ([Qwyit Pg. 8] (The SMK (SQK, SEK) must be handled and stored securely, only for this particular session): 
Qwyit further discloses: perform two rounds of a position digit algebraic function operation using the first part of the session start key and the second part of the session start key to create a first part of a client master key, and a second part of a client master key, which are then used in subsequent encryption operations between the sender and receiver clients ([Qwyit Pg. 9] Directory Service/Server reply to Client Directory Service/Server reply to Client (Step 3, AHQ3); The AHQ3 includes 2 different CTs; The SSK is twice-encrypted using the Receiver Client’s DSK and the same; Perform MOD16(SSK,QR); result is the Session Master Key (SMK, in 2 halves, SQK and SEK); Perform a PDAF (SQK 256-bits, SEK 256-bits) for two rounds, creating 512-bit SMK result w/SQK, SEK halves)).
	
	Regarding claim 18 and 20,
	Qwyit discloses: The method according to claim 14, wherein the receiver client and the sender client at predetermined intervals further ([Qwyit Pg. 5 NOTE. 3] Each participant pair (QT™/Client, Client/Client) performs a PDAF with the MQK and MEK after an AH, at QT session end (updating SQK, SEK), etc. at the designated interval): 
Qwyit further discloses: perform four rounds of a position digit algebraic function operation using the first part of the session start key and the second part of the session start key to create double length keys, followed by a one way cut function to create a first part of a client master key, and a second part of a client master key, which are then used in subsequent encryption operations between the sender and receiver clients ([Qwyit Pg. 9] Directory Service/Server reply to Client Directory Service/Server reply to Client (Step 3, AHQ3); The AHQ3 includes 2 different CTs; The SSK is twice-encrypted using the Receiver Client’s DSK and the same; Perform MOD16(SSK,QR); result is the Session Master Key (SMK, in 2 halves, SQK and SEK); Perform a PDAF (SQK 256-bits, SEK 256-bits) for two rounds, creating 512-bit SMK result w/SQK, SEK halves)).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's
disclosure.
Bhattacharyya 10/20/2015 (US 20160112381) teaches methods for secure data exchange.
Kim 9/11/2019 (US 11277444) teaches authentication key exchange with transport layer communications.

Any inquiry concerning this communication or earlier communications from the examiner
should be directed to THOMAS A CARNES whose telephone number is (571)272-4378. The examiner can
normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a
USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use
the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor,
Shewaye Gelagay can be reached on (571) 272-4219. The fax phone number for the organization where
this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from
Patent Center. Unpublished application information in Patent Center is available to registered users. To
file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit
https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and
https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional
questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like
assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or
571-272-1000.
/T.A.C./
Examiner, Art Unit 2436

/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436