DETAILED ACTION
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	This communication is in response to applicant's application filed dated 2/4/2019 and interview dated 3/13/2021.
EXAMINER’S AMENDMENT
3.1.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. 
Authorization for this examiner’s amendment was given in a telephone interview by Applicant's Representative on the record on 3/13/2021.

4.2.	This listing of claims will replace all prior versions and listings of claims in the application:

(Currently Amended)  A method comprising:
receiving, by one or more server computers of a cryptoasset custodial system, a request to take an action in [[a]] the cryptoasset custodial system;
identifying, by the one or more server computers, for the action an associated private-keys group out of multiple different private-keys groups managed by the cryptoasset custodial system, wherein each of the multiple different private-keys groups has an associated cryptographic group key;
transmitting, by the one or more server computers, at least a doubly encrypted private key associated with the action to a corresponding one of two or more physical datacenters, each of the two or more physical datacenters employing an air gap to isolate internal components from an outside network and including a first computer and two or more hardware security modules connected with the first computer, each of the two or more hardware security modules comprising at least one secure storage device and at least one physical computing device coupled with the at least one secure storage device;
decrypting, at [[a]] the first computer within the corresponding physical datacenter and protected by the air gap, a first level of encryption of [[a]] the doubly encrypted private key associated with the action using the associated cryptographic group key for the associated private-keys group out of the multiple different private-keys groups managed by the cryptoasset custodial system;
transmitting, by the first computer within the corresponding physical datacenter, the partially decrypted private key to one of the two or more hardware security modules within the corresponding physical datacenter; 
decrypting, at the one of the two or more hardware security modules within the corresponding physical datacenter and protected by the air gap, a second level of encryption of the doubly encrypted private key associated with the action using a hardware-based cryptographic key used by the  one of the two or more hardware security modules, wherein the hardware-based cryptographic key is shared among multiple hardware security modules located in the two more physical datacenters;
one of the two or more hardware security modules, the fully decrypted private key associated with the action in a process of digitally signing data to authorize the action; and
transmitting, by the one of the two or more hardware security modules, the digitally signed data to a third computer to effect the action.

2.	(Canceled)  

3.	(Currently Amended)  The method of claim 1, wherein the air gap comprises:
each of the two or more hardware security modules having no direct access to any network outside the cryptoasset custodial system, and all communications from the two or more hardware security modules to any network outside the cryptoasset custodial system [[go]] going through the first computer; and
the first computer disconnecting from any network outside the cryptoasset custodial system when communicating with the two or more hardware security modules.

4.	(Currently Amended)  The method of claim 3, wherein the first computer comprises a host computer for the two or more hardware security modules.

claim 1, wherein the action comprises a deposit of a cryptoasset into the cryptoasset custodial system, and using the private key associated with the action in the process of digitally signing data to authorize the action comprises:
deriving an asymmetric cryptographic key pair for the cryptoasset from at least the private key;
generating a blockchain address in accordance with the asymmetric cryptographic key pair for the cryptoasset; and
digitally signing the blockchain address with the private key.

6.	(Currently Amended)  The method of claim 1, wherein the action comprises a withdrawal of a cryptoasset from the cryptoasset custodial system, and using the private key associated with the action in the process of digitally signing data to authorize the action comprises:
deriving a blockchain private key for the cryptoasset from at least the private key, and
digitally signing the withdrawal with the blockchain private key.

7.	(Currently Amended)  The method of claim 1, wherein the action comprises a withdrawal of a cryptoasset from the cryptoasset custodial system, and using the private key associated with the action in the process of digitally signing data to authorize the action comprises digitally signing the withdrawal with the private key.

claim 1, wherein the action comprises an update to access rules associated with a logical grouping of cryptoassets in the cryptoasset custodial system, and using the private key associated with the action in the process of digitally signing data to authorize the action comprises digitally signing the update to the access rules with the private key associated with the action.

9.	(Currently Amended)  The method of claim 1, wherein 

10.	(Original)  The method of claim 1, comprising assigning private keys to respective ones of the multiple different private-keys groups based on an amount of cryptoassets associated with the respective ones of the multiple different private-keys groups managed by the cryptoasset custodial system.

11.	(Canceled)  

12.	(Currently Amended)  The method of claim 10, comprising:
reassigning the private keys to the respective ones of the multiple different private-keys groups based on the amount of cryptoassets associated with the 
for each private key reassigned from one group to another group[[,]]: 
first-level decrypting the reassigned private key at a computer with access to a cryptographic group key for the one group, and
first-level encrypting the reassigned private key, without second-level decrypting the reassigned private key, at a computer with access to a cryptographic group key for the another group.

13.	(Original)  The method of claim 10, wherein the private keys assigned to respective ones of the multiple different private-keys groups are root keys for customers of the cryptoasset custodial system.

14.	(Original)  The method of claim 13,  wherein the assigning comprises:
distributing cryptoassets accessible using an individual private key of an individual customer among the multiple different private-keys groups; and
excluding any private-keys group of the multiple different private-keys groups from consideration for a deposit when an amount of cryptoassets associated with the private-keys group exceeds a threshold.

15.	(Original)  The method of claim 1, comprising assigning private keys to respective ones of the multiple different private-keys groups based on customer or 

16.	(Currently Amended)  The method of claim 15, comprising:
reassigning the private keys to the respective ones of the multiple different private-keys groups based on customer or customer type, geographic distribution sets, risk profile, usage pattern, or a combination thereof; and
for each private key reassigned from one group to another group[[,]]: 
first-level decrypting the reassigned private key at a computer with access to a cryptographic group key for the one group, and
first-level encrypting the reassigned private key, without second-level decrypting the reassigned private key, at a computer with access to a cryptographic group key for the another group.

17.	(Currently Amended)  A cryptoasset custodial system comprising:
two or more physical datacenters, wherein each of the two or more physical datacenters employs an air gap to isolate internal components from an outside network, and each of the two or more physical datacenters comprises:
at least one first computer configured to provide cryptographic processing using a cryptographic group key associated with one private-keys group from different private-keys groups, and
two or more hardware security modules connected with each of the at least one first computer and configured to provide cryptographic processing using a hardware-wherein the hardware-based cryptographic key is shared among multiple hardware security modules located in the two more physical datacenters, and wherein each of the two or more hardware security modules comprises at least one secure storage device and at least one physical computing device coupled with the at least one secure storage device; and
one or more server computers communicatively coupled with the two or more physical datacenters and configured to receive requests to take actions in the cryptoasset custodial system;
wherein for each request,
the one or more server computers are configured to identify for the action an associated private-keys group and send at least a doubly encrypted private key associated with the action to a corresponding one of the two or more physical datacenters,
the at least one first computer is configured to, within the physical datacenter and protected by the air gap, decrypt a first level of encryption of the doubly encrypted private key using the associated cryptographic group key and send the partially decrypted private key to a hardware security module within the physical datacenter, and
the hardware security module within the physical datacenter is configured to, within the physical datacenter and protected by the air gap, decrypt a second level of encryption of the doubly encrypted private key using the hardware-based cryptographic key and use the fully decrypted private key in a process of digitally signing data to authorize the action.

18.	(Currently Amended)  The cryptoasset custodial system of claim 17, wherein at least one of the one or more server computers is further configured to assign private keys to respective ones of the multiple different private-keys groups based on an amount of cryptoassets associated with the respective ones of the multiple different private-keys groups managed by the cryptoasset custodial system.

19.	(Canceled)

20.	(Currently Amended)  The cryptoasset custodial system of claim 18, wherein 
at least one of the one or more server computers is further configured to reassign the private keys to the respective ones of the multiple different private-keys groups based on the amount of cryptoassets associated with the respective ones of the multiple different private-keys groups managed by the cryptoasset custodial system, and wherein 
for each private key reassigned from one group to another group, a computer with access to a cryptographic group key for the one group is configured to first-level decrypt the reassigned private key, and a computer with access to a cryptographic group key for the another group is configured to first-level encrypt the reassigned private key without second-level decrypting the reassigned private key.



22.	(Original)  The cryptoasset custodial system of claim 21, wherein at least a first physical datacenter of the two or more physical datacenters is physically placed in a different geographic location than that of at least a second physical datacenter of the two or more physical datacenters.

23.	(Currently Amended)  The cryptoasset custodial system of claim 22, wherein the one or more server computers comprise a key storage facility from which the doubly encrypted private key is retrieved, [[and]] the key storage facility [[has]] having at least one geographic location that is different from that of both the first physical datacenter and the second physical datacenter.
Allowable Subject Matter
5.1.	Claims 1, 3-10, 12-18, 20-23 are allowed.
5.2	The following is an examiner's statement of reasons for allowance: thecombination of Cheng et al., Winklevoss et al., Yang et. al., whether alone or in combination with the other prior arts of record fail to teach or render obvious “identifying, … server computers, for the action an associated private-keys group out of multiple different private-keys groups managed by the cryptoasset custodial system, …transmitting, by the one or more server computers, at least a doubly encrypted private key associated with the action to a corresponding one of two or more physical datacenters, each of the two or more physical datacenters employing an air gap to isolate internal components from an outside network and including a first computer and two or more hardware security modules connected with the first computer, each of the two or more hardware security modules comprising at least one secure storage device and at least one physical computing device coupled with the at least one secure storage device; decrypting, at the first computer within the corresponding physical datacenter and protected by the air gap, a first level of encryption of the doubly encrypted private key associated with the action using the associated cryptographic group key for the associated private-keys group out of the multiple different private-keys groups managed by the cryptoasset custodial system;… decrypting, at the one of the two or more hardware security modules within the corresponding physical datacenter and protected by the air gap, a second level of encryption of the doubly encrypted private key associated with the action using a hardware-based cryptographic key used by the  one of the two or more hardware security modules, wherein the hardware-based cryptographic key is shared among multiple hardware security modules located in the two more physical datacenters…” as recited in claim 1.
Therefore independent claim 1 is allowable over the prior arts of record.  The other independent claims 17 recite similar subject matter. Consequently, independent claims 17 are also allowable over the prior arts of record.
Claims 3-10, 12-16, 18, 20-23 are directly or indirectly dependent upon claims 1 and 17 therefore, they are also allowable over the prior arts of record.

Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


HARUNUR . RASHID
Primary Examiner
Art Unit 2497



/HARUNUR RASHID/Primary Examiner, Art Unit 2497