DETAILED ACTION
The instant application having Application No. 16/588139 filed on September 30, 2019 is presented for examination by the examiner.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Oath/Declaration
The applicant’s oath/declaration has been reviewed by the examiner and is found to conform to the requirements prescribed in 37 C.F.R. 1.63.

Drawings
The applicant’s drawings submitted are acceptable for examination purposes.

Claim Objections
Claims 2, 3-18, and 21 objected to because of the following informalities:
Claim 2 recites “information data”, “a session key”, “a polynomial”, “a distinct point”, and “n other distinct points”, which should be “the information data”, “the session key”, “the polynomial”, “the distinct point”, and “the n other distinct points”. 
Claims 3-18 and 21 recite “a method”, which should be “the method”.
Claim 14 recites “a distinct point”, which should be “the distinct point”.
Claim 16 recites “new quorum key fragments”, which should be “the new quorum key fragments”.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 2-3, 5, 7, 9-10, and 15-17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Claim 2 recites “itself has been encrypted”; however, it is not clear what “itself” is referring to. Claim 2 also recites “the remaining k ciphertexts”; however, this limitation does not have antecedent basis in the claim.
Claim 3 recites “using it”; however, it is not clear what “it” is referring to. Claim 3 also recites “the reconstructed key” and “the original respective key fragment”; however, these limitations do not have antecedent basis in the claim.
Claim 5 recites “the initial vector”; however, this limitation does not have antecedent basis in the claim.
Claim 7 recites “the encryption system”; however, this limitation does not have antecedent basis in the claim.
Claim 9 recites “the k polynomial evaluation points” and “the new key fragment”; however, these limitations do not have antecedent basis in the claim.
Claim 10 recites “the weighting factor”; however, this limitation does not have antecedent basis in the claim.
Claim 15 recites “the session encryption key” and “the original polynomial”; however, these limitations do not have antecedent basis in the claim.
Claim 16 recites “the existing key fragment values” and “said updates”; however, these limitations do not have antecedent basis in the claim. Claim 16 also recites “the polynomial of degree k-1”; however, it is unclear if this is referring to the polynomial defined in claim 1 or the polynomial defined in claim 15.
Claim 17 recites “the quorum size”; however, this limitation does not have antecedent basis in the claim.

The examiner has cited particular examples of 35 U.S.C. 112 rejections above. It is respectfully requested that, in preparing responses, the applicant check the claims for further 35 U.S.C. 112 rejections in the event that it was inadvertently missed by the  Presently, the pending claims do not adequately reflect what the disclosed invention is. The following prior art rejections are based upon the examiner’s best interpretation of the claims.  In light of the precedence set forth in In re Steele, 305 F.2d 859, 862 (CCPA 1962) and In re Wilson, 424 F.2d 1382, 1385 (CCPA 1970), the Examiner applies cited art in accordance with a position as best understood in the context of the claims and the invention as a whole to expedite compact prosecution.  Such interpretations of the claims versus the cited art cannot be used as a basis for overcoming the objections or rejections set forth supra. Any claim not objected or rejected in view of art does not ascribe allowable subject matter, but remains pending and rejected under their respective titles supra. 
 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1, 4-6, 8-10, 14, and 18-21 are rejected under 35 U.S.C. 103 as being unpatentable over Tomlinson et al. (US Pre-Grant Publication 2018/0054316) hereinafter referred to as Tomlinson in view of Fenster (US Pre-Grant Publication 2016/0241391) and further in view of Patnala et al. (US Pre-Grant Publication 2009/0252330) hereinafter referred to as Patnala.

As per claims 1 and 19, Tomlinson discloses A method of quorum-based information recovery, comprising: 
receiving a plurality of [fragments], including at least a predetermined minimum number k 5out of n key fragment[s] …, and at least one message ciphertext that is generated by encrypting information data using a session key … [and] a polynomial of predetermined degree, k-1 at a distinct point, and in which the value of the polynomial evaluated at each one of n other distinct points … (Tomlinson, Figure 1 and associated texts such as paragraphs 3, 6-8, 11, 13, and 38-44, teaches distributing multiple polynomials evaluated at random coefficients to different users. These are the key fragments and they are later retrieved to generate the secret key. Tomlinson, abstract and paragraphs 3, 11, 13, 37, teaches using the key generated from the quorum to encrypt or decrypt data.);  
10determining a reconstructed session key from said k received key fragment[s] …, by [weighing] the key fragment[s] … which are weighted and added together to reconstruct the session key (Tomlinson, Figure 2 and paragraphs 8 and 46-49, teaches receiving the polynomials from the users to reconstruct the key by multiplying/weighing the key fragments with a Lagrange constant.); and 
using said reconstructed session key to decrypt the message ciphertext (Tomlinson, abstract and paragraphs 3, 11, 13, 37, teaches using the key generated from the quorum to encrypt or decrypt data.)
Tomlinson, paragraph 38, teaches having a secret value that is a part of the polynomial. This appears to be the secret key that is later reconstructed. However, the 
Fenster discloses receiving a plurality of [fragments], including at least a predetermined minimum number k 5out of n key fragment[s] …, and at least one message ciphertext that is generated by encrypting information data using a session key whose value is equal to the value of a polynomial of predetermined degree, k-1 at a distinct point, and in which the value of the polynomial evaluated at each one of n other distinct points … (Fenster, Figure 4 and associated texts, teaches a secret that is based on a polynomial with a degree of k-1. The polynomial is evaluated at an identifier/point for each user and the derived values are stored. Fenster, paragraph 17, teaches that the secret can be a secret key. Fenster, paragraphs 72, 94-95, and 125, teaches encrypting and decrypting data using the secret key.);
10determining a reconstructed session key from said k received key fragment[s] … to reconstruct the session key (Fenster, Figure 5 and associated texts, teaches retrieving k derived values, reconstructing the polynomial to obtain the secret. Fenster, paragraph 17, teaches that the secret can be a secret key.); and 
using said reconstructed session key to decrypt the message ciphertext (Fenster, paragraphs 72, 94-95, and 125, teaches encrypting and decrypting data using the secret key.)
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Fenster with the teachings of Tomlinson. 
However, Tomlinson in view of Fenster does not specifically teach that the key fragments are “encrypted to produce a respective key fragment ciphertext”.
Patnala discloses receiving a plurality of ciphertexts, including at least a predetermined minimum number k 5out of n key fragment ciphertexts, and at least one message ciphertext that is generated by encrypting information data using a … key … [the key fragments are] encrypted to produce a respective key fragment ciphertext; 10determining a reconstructed session key from said k received key fragment ciphertexts, by decrypting the key fragment ciphertexts which are … added together to reconstruct the … key; and using said reconstructed … key to decrypt the message ciphertext (Patnala, paragraphs 23-24, teaches that the shares/fragments can be encrypted using symmetric or asymmetric keys. The shares would have to be decrypted before they could be reconstructed back into the key.)
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Patnala with the teachings of Tomlinson in view of Fenster. Tomlinson in view of Fenster teaches dividing a secret key into shares 

As per claim 4, Tomlinson in view of Fenster and Patnala discloses A method according to claim 1 in which the ciphertexts are produced using symmetric key encryption (Patnala, paragraphs 23-24, teaches that the shares/fragments can be encrypted using symmetric or asymmetric keys. Fenster, paragraphs 72, 94-95, and 125, teaches encrypting and decrypting data using the secret key i.e. symmetric encryption as the same key is used for encryption and decryption. Tomlinson, paragraphs 62 and 83, teaches symmetric encryption.)  

As per claim 5, Tomlinson in view of Fenster and Patnala discloses A method according to claim 4 in which the symmetric key encryption is an authenticated symmetric key encryption method using a key derivation function which generates the initial vector and symmetric key (Tomlinson, paragraph 12, teaches using a key derivation function and initialization vector to generate keys.)

As per claim 6, Tomlinson in view of Fenster and Patnala discloses A method according to claim 1 in which some of the ciphertexts are generated using public key encryption (Patnala, paragraphs 23-24, teaches that the shares/fragments can be encrypted using symmetric or asymmetric keys. Tomlinson, paragraphs 34-35 and 109, teaches public key encryption.)

As per claim 8, Tomlinson in view of Fenster and Patnala discloses A method according to claim 1 in which some of the ciphertexts are generated using public key encryption which is resistant to attack by a quantum computer (Patnala, paragraphs 23-24, teaches that the shares/fragments can be encrypted using symmetric or asymmetric keys. Tomlinson, paragraphs 34-35 and 109, teaches public key encryption.)

As per claim  159, Tomlinson in view of Fenster and Patnala discloses A method according to claim 1 in which the number of ciphertexts available to fragment holders is increased by forming a quorum by determining k key fragments from k ciphertexts and summing the key fragments after multiplying each one of these by a distinct factor which is a function of the k polynomial evaluation points xi for i= 1 to k and a new evaluation point xo and then encrypting the new key fragment into a new key fragment ciphertext (Tomlinson, Figure 5 and associated texts such as paragraphs 52-54 and 76-77, teaches multiplying/weighing using the Lagrange coefficients.) 

As per claim 10, Tomlinson in view of Fenster and Patnala discloses A method as in claim 9 in which the weighting factor used for generating the new key fragment is given by: 
    PNG
    media_image1.png
    38
    84
    media_image1.png
    Greyscale
  (Tomlinson, Figure 5 and associated texts such as paragraphs 52-54 and 76-77, teaches multiplying/weighing using the Lagrange coefficients.)

As per claim 14, Tomlinson in view of Fenster and Patnala discloses A method according to claim 1 in which the polynomial of degree k-1 initially has 5random coefficients and in which one or more coefficients are adjusted so that the value of the polynomial at a distinct point is equal to a given session encryption key (Tomlinson, paragraphs 7 and 38, teaches that some coefficients are random numbers while others are based on the secret value/secret key.)

As per claim 18, Tomlinson in view of Fenster and Patnala discloses A method according to claim 1, wherein a new, ephemeral, session key is used for each instance of information data to be encrypted (Fenster, Figure 7 and paragraphs 33, 117-119, teaches using new secret keys for security purposes.)

As per claim 20, Tomlinson in view of Fenster and Patnala discloses A system comprising a computer processor configured to carry out the steps of the method of claim 1 (See the rejection to claim 1 as shown above. Tomlinson, paragraph 74, teaches a processor and a memory.)  

As per claim 21, Tomlinson in view of Fenster and Patnala discloses A non-transitory computer-readable medium comprising computer-executable 10instructions that, when executed, perform a method in accordance with claim 1 (See the rejection to claim 1 as shown above. Tomlinson, paragraph 74, teaches a processor and a memory.)

Claims 7 and 11-13 are rejected under 35 U.S.C. 103 as being unpatentable over Tomlinson, Fenster, Patnala, and further in view of Alwen (US Pre-Grant Publication 2019/0245681).

As per claim 7, Tomlinson in view of Fenster and Patnala discloses A method according to claim 4.
However, Tomlinson in view of Fenster and Patnala does not specifically teach in which an encryption or decryption key is encapsulated 10by the encryption system in a key encapsulation mechanism.
Alwen discloses an encryption or decryption key is encapsulated 10by the encryption system in a key encapsulation mechanism (Alwen, paragraph 6, teaches encrypting the session key using a key encrypting key.)
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Alwen with the teachings of Tomlinson in view of Fenster and Patnala. Tomlinson in view of Fenster and Patnala teaches dividing a secret key into shares for later reconstruction using polynomial secret sharing. Alwen also teaches secret sharing but additionally encrypts the secret key using key encrypting key. Therefore, it would have been obvious to have improved upon the teachings of Tomlinson in view of Fenster and Patnala for the purpose of encrypting the 

As per claim  2511, Tomlinson in view of Fenster and Patnala discloses A method according to claim 1.
However, Tomlinson in view of Fenster and Patnala does not specifically teach in which as an intermediate step the session key used to produce a key fragment ciphertext is key wrapped using an administration encryption key.
Alwen discloses an intermediate step the session key used to produce a key fragment ciphertext is key wrapped using an administration encryption key (Alwen, paragraph 6, teaches encrypting the session key using a key encrypting key.)
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Alwen with the teachings of Tomlinson in view of Fenster and Patnala. Tomlinson in view of Fenster and Patnala teaches dividing a secret key into shares for later reconstruction using polynomial secret sharing. Alwen also teaches secret sharing but additionally encrypts the secret key using key encrypting key. Therefore, it would have been obvious to have improved upon the teachings of Tomlinson in view of Fenster and Patnala for the purpose of encrypting the secret key to increase the security of the system and prevent unauthorized access to the secret key.

As per claim 12, Tomlinson in view of Fenster, Patnala, and Alwen discloses A method according to claim 11 in which the key wrapped session key is rewrapped using (Alwen, paragraph 6, teaches encrypting the session key using a key encrypting key. It would have additionally been obvious to perform another level of key encrypting key for the purpose of adding additional security to the system and prevent unauthorized access to the session key.)

As per claim 13, Tomlinson in view of Fenster, Patnala, and Alwen discloses A method according to claim 11 in which the key wrapping is achieved by using a key encapsulation mechanism (Alwen, paragraph 6, teaches encrypting the session key using a key encrypting key.) 

Allowable Subject Matter
Claim 2 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims as well as overcoming the 35 USC 112 Rejections. The following is an examiner’s statement of reasons for allowance: The primary reason for the allowance of the claims is the inclusion of the limitation, inter alia, “wherein the received plurality of ciphertexts includes 2k out of n key fragment ciphertexts, and wherein the at least one message ciphertext is generated by encrypting information data using a session key whose value is equal to the value of a polynomial of predetermined degree, k-1 at a distinct point, and in which the value of the polynomial evaluated at each one of n other distinct points is encrypted to produce a key 20fragment ciphertext using an encryption key which itself has been encrypted into a ciphertext; and 
Tomlinson teaches polynomial secret sharing to generate a secret key.
Fenster teaches polynomial secret sharing to share a secret key.
Patnala teaches encrypting the shares used during secret sharing.
Alwen teaches encrypting the secret key used during secret sharing.
However, the combination of limitations as currently claimed cannot be found in the cited prior art of record.

Claim 3 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims as well as overcoming the 35 USC 112 Rejections. The following is an examiner’s statement of reasons for allowance: The primary reason for the allowance of the claims is the inclusion of the limitation, inter alia, “the reconstructed key is checked for accuracy by using it to reconstruct a key fragment which is compared to the original respective key fragment 30obtained by decryption of a ciphertext”. The closest prior art of record includes:
Tomlinson teaches polynomial secret sharing to generate a secret key.
Fenster teaches polynomial secret sharing to share a secret key.
Patnala teaches encrypting the shares used during secret sharing.
Alwen teaches encrypting the secret key used during secret sharing.
Schneider (US 2010/0054458) – teaches verifying the shares to ensure that the secret can be reconstructed.
However, the combination of limitations as currently claimed cannot be found in the cited prior art of record.

Claim 15 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims as well as overcoming the 35 USC 112 Rejections. The following is an examiner’s statement of reasons for allowance: The primary reason for the allowance of the claims is the inclusion of the limitation, inter alia, “new quorum key fragments are produced without changing the session encryption key by adding a polynomial of degree k-1 which has a 10root at xo to the original polynomial used to generate the session key at the distinct point xo”. The closest prior art of record includes:
Tomlinson teaches polynomial secret sharing to generate a secret key.
Fenster teaches polynomial secret sharing to share a secret key. Fenster, Figure 8, teaches creating a new polynomial based on a new secret key.
Patnala teaches encrypting the shares used during secret sharing.
Alwen teaches encrypting the secret key used during secret sharing.
However, the combination of limitations as currently claimed cannot be found in the cited prior art of record.
Claims 16-17 are objected to for the same reasons as cited above and for being dependent on a previously objected to base claim.

Related Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure includes:
Tomlinson (US 2015/0378842) – teaches secret sharing.
Joye (US 2015/0381350) – teaches encrypting data using polynomials.
Jueneman (US 2008/0263363) - paragraph 149, teaches encrypting the file encryption key with a key encrypting key.
Bernat (US 2017/0093564) – teaches generating shares and encrypting a subset of the shares.
Kumar (US 20160154963) – teaches secret sharing and key encrypting key.
Herzberg (US 5625692) – teaches secret sharing.
Hosaka (US 8077863) – teaches secret sharing.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN B KING whose telephone number is (571)270-7310.  The examiner can normally be reached on Monday-Friday 10AM-6PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 5712728878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/John B King/
Primary Examiner, Art Unit 2498