DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Claims 1 and 3-21 are pending. Claim 2 is canceled. Claims 1, 3 and 5-9 are currently amended. Claims 10-21 are newly added. 
Applicant’s amendments to the claims and specification/abstract will overcome the objections and 112(b), 102 & 103 rejections set forth in the Non-Final Office Action mailed 06/09/2022. 

Claim Objections
Claim 10 is objected to because of the following informalities:  The examiner suggest amending the limitation “the key” in line 1 to “a key” to correspond with the other claim language and provide better clarity.  Appropriate correction is requested.


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 3-6 and 10-12 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1, 3-5, 8-11, 13-15 and 18-20 of US Patent No. 11,438,146. Although the claims at issue are not identical, they are not patentably distinct from each other because the instant application claims is anticipated by the copending application claims. Independent claim 1 of the instant application is mapped to claims 1, 10, 11, & 20 of the patent, claims 3-4 & 11 of the instant application are mapped to claims 8-9 & 18-19 of the patent and claims 5-6, 10 & 12 of the instant application are mapped to claims 1, 3-5 & 13-15 of the patent. 
Instant Application No. 16/945,948
US Patent No. 11,438,146
1. A method of computing shares of an output of a function having multiple shares of a secret as input, the method comprising:
1. (Currently Amended) A method of securely exchanging messages, over the Internet, between users with mobile devices through a messaging application by performing cryptographic key exchange while overcoming a malicious adversary party, said cryptographic key exchange is performed between multiple parties using a multi-party computation (MPC) process performed by the multiple parties, said method comprising:
with respect to initial key shares of a key that are collectively held by multiple parties and together operate as the key, receiving, from each party of the multiple parties, an output of an arithmetic function performed on an initial key share of the initial key shares, the initial key share held by the party being different from one or more other initial key shares of the initial key shares held by one or more other parties of the multiple parties
obtaining, by each of the multiple parties, on a respective mobile device, an initial share of a secret, wherein the initial shares are used as an exponentiation of the key exchange; performing, using a respective messaging application on the respective mobile device of each of the multiple parties in order to exchange a message,  multiple times:
each party of the multiple parties performing an arithmetic operator on the initial shares of the secret;
a first MPC process by the multiple parties, wherein each of the multiple parties receives a share n of a random value r; a computation by each of the parties of an arithmetic function using the received share n of a random value r;
providing the outputs from the multiple parties as input for a Multi-Party Computation (MPC) process, the MPC process outputting final key shares in connection with the outputs from the multiple parties being provided as input for the MPC process; and
a second MPC process, wherein the second MPC process receives  as input the output of the arithmetic function (G^ri) as computed by each party; a verification  that in at least one of the second MPC processes, the outputs of the arithmetic function (G^ri) as computed by each party is correct;
 with respect to each party of the multiple parties, sending a final key share of the final key shares to the party, the final key share being different from one or more other final key shares of the final key shares sent to one or more other parties of the multiple parties
performing a third MPC process outputting to the each of the multiple parties a function of the initial shares and the random value r; receiving from the each of the multiple parties an output of an arithmetic function based on the output of the third MPC process;

 computing, the key exchange (G exponentiated by a multiplication of both shares), without the parties revealing the shares to the MPC process; -2- 156413835.1Attorney Docket No. 128218-8042.US00 wherein none of the multiple parties can extract the secret share held by any other party.



Allowable Subject Matter
Claims 1-15 would be allowable if the Double Patenting Rejection is overcome.
Claims 16-21 are allowed.
Examiner’s Statement of Reasons for Indicating Allowable Subject Matter
The following is a statement of reasons for the indication of allowable subject matter:  The prior art Gryb et al. (US Pub No. 2021/0273784) discloses managing cryptographic keys in on-premises and cloud computing environments and performing multi-party cryptography are disclosed. A cryptographic key can be retrieved from a hardware security module by a key management computer. The key management computer can generate key shares from the cryptographic key, and securely distribute the key shares to computer nodes or key share databases. The computer nodes can use the key shares in order to perform secure multi-party cryptography. (Gryb, Abstract), Masny et al. (US Pub No. 2020/0259800) discloses implementing fast oblivious transfer between two computing devices may improve data security and computational efficiency. The various aspects may use random oracles with or without key agreements to improve the security of oblivious transfer key exchanges. Some techniques may include public/private key strategies for oblivious transfer, while other techniques may use key agreements to achieve simultaneous and efficient cryptographic key exchange. (Masny, Abstract), RANELLUCCI et al. (US Pub No. 2020/0153640) discloses signing a message, comprising performing a first Multi-Party Computation (MPC) process by multiple parties to compute a pseudorandom function, an input of the first MPC process comprises shares of a private signing key, each share is held by each party, the message is an input value to the pseudorandom function. The output of the first MPC process comprises multiple pairs of shares, each party holding a pair of shares, wherein each pair comprises a first value used for the MPC signing process and a second verifying value used for verifying correctness of the values provided by the multiple parties for the MPC signing process, and computing the signature on the message by performing an MPC signing protocol on the message, the MPC signing protocol receives as input shares of the output of the pseudorandom function from the multiple parties, and the message to be signed. (RANELLUCCI, Abstract), Lindell et al. (US Patent No. 10,630,471) discloses a system for enforcing correctness of a derivation key, comprising multiple computerized nodes, comprising a storage module configured to store a share of a key used as an input of a function generating the derivation key, a communication module configured to exchange information between the multiple computerized nodes, and a processing module configured to receiving a request to create the derivation key, performing an MPC process between the multiple computerized nodes, said MPC process is performed multiple times, in each time the MPC process comprises receiving the key shares as input, randomly selecting a function, outputting the outputs of the selected function to the multiple computerized nodes, the multiple computerized nodes lack access to the selected function, the multiple computerized nodes perform computations on the received outputs and exchange outputs of the computations to estimate correction of the key shares inputted into the MPC process. (Lindell, Abstract) and Bitan et al. (US Pub No. 2021/0167946) discloses performing, in a single round of communication and by a distributed computational system, Secure MultiParty Computation (SMPC) of an arithmetic function ƒ:custom-character.sub.p.sup.k.fwdarw.custom-character.sub.p represented as a multivariate polynomial over secret shares for a user, comprising the steps of sharing secrets among participants being distributed computerized systems, using multiplicative shares, the product of which is the secret, or additive shares, that sum up to the secret by partitioning secrets to sums or products of random elements of the field; implementing sequences of additions of secrets locally by addition of local shares or sequences of multiplications of secrets locally by multiplication of local shares; separately evaluating the monomials of ƒ by the participants; adding the monomials to obtain secret shares of ƒ. (Bitan, Abstract), however, the prior art taken alone or in combination does not teach or suggest “providing the outputs from the multiple parties as input for a Multi-Party Computation (MPC) process, the MPC process outputting final key shares in connection with the outputs from the multiple parties being provided as input for the MPC process; with respect to each party of the multiple parties, sending a final key share of the final key shares to the party, the final key share being different from one or more other final key shares of the final key shares sent to one or more other parties of the multiple parties” (as recited in claim 1), “with respect to each party of the multiple parties: sending a fresh key share of the fresh key shares to the party, the fresh key share sent to the party being different from one or more other fresh key shares of the fresh key shares sent to one or more other parties of the multiple parties; in response to sending the fresh key share to the party, receiving, from the party, an output of an arithmetic function performed on the fresh key share sent to the party; providing the outputs from the multiple parties as input for a second MPC process, the second MPC process outputting final key shares in connection with the outputs from the multiple parties being provided as input for the second MPC process; and with respect to each party of the multiple parties, sending a final key share of the final key shares to the party, the final key share being different from one or more other final key shares of the final key shares sent to one or more other parties of the multiple parties” (claim 10), and “providing the outputs from the multiple parties as input for a Multi-Party Computation (MPC) process, the MPC process using a garbled circuit and outputting final key shares by performing a mathematical operation, wherein the mathematical operation is an exponentiation having a random generator of an elliptical curve as base and accumulation of the outputs of the arithmetic function as exponent; and with respect to each party of the multiple parties, sending a final key share of the final key shares to the party, the final key share being different from one or more other final key shares of the final key shares sent to one or more other parties of the multiple parties” (claim 16) in combination in the remaining claim limitations. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357. The examiner can normally be reached M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAQUEAL D WADE-WRIGHT/Primary Examiner, Art Unit 2437