DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
 The present application, filed on November 15, 2019, is accepted.
Claims 1 – 34 are being considered on the merits.

Drawings
The drawings, filed on November 15, 2019, are accepted.

Specification
The specification, filed on November 15, 2019, is accepted.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 –3,  5, 9, and 17 – 19 are rejected under 35 U.S.C. 103 as being unpatentable over WO 2017145010 A1 to Wright et al., (hereinafter, “Wright”), provided by the Applicant’s IDS, in view of US 20190372765 A1 to Tegeder et al., (hereinafter, “Tegeder”).
Regarding claim 1, Wright teaches a method for transferring control of an asset private key from an initiating user to a group of users by use of a key management system, the key management system including a key management computing device configured to provide a web-based key management service and an initiating user computing device [Wright, page 17 lines 16 – 26 discloses the secret splitting plus safe storage technique, in combination with a secure transmission technique such as described below, provides a secure key-management solution. The secure transmission technique of the present invention involves the CS being generated at each end of the transmission in an independent manner, so that while both nodes know the CS it has not had to travel over potentially unsecure communication channels. Once that CS has been established at both ends, it can be used to generate a secure encryption key that both nodes can use for communication thereafter. This is of particular benefit during the wallet registration process, for transmission of the split private key from one party to another], the method comprising: defining a threshold number, T, of the subkeys that are required to restore the asset private key; [Wright, page 11 lines 19 – 26 discloses One known cryptographic algorithm, known as "Shamir's secret sharing scheme" (4S), teaches splitting the secret up into unique parts or shares which are then distributed to different parties. The shares can be used to reconstruct the secret thereafter. Each individual share is of no value or use on its own until it is combined with one or more other shares. The number of shares required to reconstruct the secret can vary according to the needs of the situation. In some cases, all shares may be required, while in other cases only a sufficient number are required. This is known as the threshold scheme, where any k of the shares are sufficient to reconstruct the original secret. "Threshold" (k) is the minimum number of shares that one needs to regenerate or recover the secret. Page 12 lines 8 – 9 discloses the secret can be regenerated only when you have >= k shares] identifying a first portion of the subkeys to be transferred to the group of users, wherein a number of the subkeys in the first portion is less than T; [Wright, page 4 lines 31 – 32 to page 5 lines 1 – 9 discloses any two shares may be sufficient for restoration of the verification element. Another aspect of the invention may relate to safe handling or storage of the respective shares. The shares may be sent to, and stored by, different parties. Some or all of these parties may be nodes on the network. In one embodiment, the method may comprise the step of storing at least three shares of the verification element at different locations relative to each other] storing the first portion of the subkeys on at least one storage device; [Wright, page 5 lines 6 – 15 discloses the shares may be sent to, and stored by, different parties. Some or all of these parties may be nodes on the network. In one embodiment, the method may comprise the step of storing at least three shares of the verification element at different locations relative to each other. At least one of the shares may be stored in or on a back-up or "safe-storage" facility. This may be separate, independent and/or distinct from any other location which stores a share. This provides an important advantage, because it enables restoration of the verification element in the event that one of the other shares becomes unavailable. In such a situation, the share may be retrieved from the safe-storage facility], but Wright does not teach splitting, with the initiating user computing device, the asset private key into a plurality of subkeys; identifying at least one of the subkeys as a validator subkey; randomly generating, with the initiating user computing device, a validator private key; encrypting the validator subkey with the validator private key to generate an encrypted validator subkey; storing the encrypted validator subkey on a distributed file system; and storing the validator private key on a validator storage device.
	However, Tegeder does teach splitting, with the initiating user computing device, the asset private key into a plurality of subkeys; [Tegeder, para. 41 discloses the first party system encrypts the secret p using the first object key γ of the object key pair to generate the encrypted secret γ(p). Controlling access to the secret p via the object key pair γ, γ* has numerous advantages; however, as explained above, the present system also functions when the secret p is directly split into the secret shares σi. Para. 46 discloses the first party system 101 generates a plurality of secret shares σi in a k, n secret sharing scheme, as described above with respect to FIG. 1, such that each secret share σi includes an element of the second object key γ*, i.e. the key that can be used to decrypt the encrypted secret γ(p). As also mentioned above, the second object key γ* may be encrypted using the third party's public key, α.sub.3P*, or the second validation key β*, which is provided to the trustee system before being split into the secret shares σi by the first party system 101] identifying at least one of the subkeys as a validator subkey; [Tegeder, para. 7 discloses each published request for the secret shares may comprise a validation token and an encrypted validation token. Para. 9 discloses each secret share may also pertain to a share of an identifier associated with the third party system such that the identifier can be derived from the secret shares] randomly generating, with the initiating user computing device, a validator private key; [Tegeder, para. 40 discloses the first party system 101 generates two pairs of asymmetric encryption keys: the object key pair γ, γ* and a validation key pair β, β*.] encrypting the validator subkey with the validator private key to generate an encrypted validator subkey; [Tegeder, para. 53 discloses the request message 113 includes an arbitrary token T and β(T), a copy of the same token T that has been encrypted using the first validation key β of the validation key pair β, β* that is securely held by the third party system 103. As explained above, a copy of the second validation key β* is held by each of the trustee systems 102a, 102c, 102d that were selected by the first party to hold the secret shares σi. Para. 55 discloses If the second validation key β* held in the given record is the counterpart of the first validation key β that was used by the third party to encrypt the token T when generating the request message 113, then the decrypted token β*(β(T)) will be identical to the unencrypted token T of the request message] storing the encrypted validator subkey on a distributed file system; [Tegeder, para. 53 discloses the request message 113 includes an arbitrary token T and β(T), a copy of the same token T that has been encrypted using the first validation key β of the validation key pair β, β* that is securely held by the third party system 103. Para. 54 discloses Request messages 113 are published to a ledger 104a, which is at least accessible by the trustee systems 102 and the first party system 101. At step 206, each trustee system 102 monitors the ledger 104a on an ongoing basis for request messages 113 that correspond to secret shares σi held by the trustee system] and storing the validator private key on a validator storage device. [Tegeder, para. 65 discloses the third party system can be configured to restrict the validation means of the request message 113 to comprise only the encrypted token β(W), using the first validation key β, rather than including the unencrypted token W too. Each trustee system is then configured to compare the decryption of such encrypted token, using the second validation key β*, to the token W stored securely in its memory and in this way determine that the request message 113 corresponds to the secret share that the trustee systems holds and at the same time validate that the request message 113 had been posted by the designated first party.]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Tegeder’s system with Wright’s system, with a motivation to enable a first party to provide overt ledger secured key escrow (“OLSKE”) access to a secret p, controlled by the first party, to a designated third party. [Tegeder, para. 28]

Regarding claim 2, modified Wright teaches the method of claim 1, but Wright does not teach further comprising: identifying at least one of the subkeys as a backup subkey; randomly generating, with the initiating user computing device, a backup private key; encrypting the backup subkey with the backup private key; and storing the encrypted backup subkey on the distributed file system.
However, Tegeder does teach identifying at least one of the subkeys as a backup subkey; [Tegeder, para. 7 discloses each published request for the secret shares may comprise a validation token and an encrypted validation token. Para. 9 discloses each secret share may also pertain to a share of an identifier associated with the third party system such that the identifier can be derived from the secret shares. Para. 53 discloses a copy of the same token T that has been encrypted using the first validation key β of the validation key pair β, β* that is securely held by the third party system] randomly generating, with the initiating user computing device, a backup private key; [Tegeder, para. 53 discloses a copy of the second validation key β* is held by each of the trustee systems 102a, 102c, 102d that were selected by the first party to hold the secret shares σi.] encrypting the backup subkey with the backup private key; [Tegeder, para. 11 discloses the first party system may be configured to encrypt the secret or secret shares using a public encryption key associated with the third party system, or the first party system may be configured to encrypt the secret or secret shares using the second validation key of the validation key pair, such that the key required to decrypt the encrypted secret or encrypted secret shares is the first validation key of the validation key pair] and storing the encrypted backup subkey on the distributed file system. [Tegeder, para. 53 discloses The request message 113 includes an arbitrary token T and β(T), a copy of the same token T that has been encrypted using the first validation key β of the validation key pair β, β* that is securely held by the third party system 103. Para. 54 discloses Request messages 113 are published to a ledger 104a, which is at least accessible by the trustee systems 102 and the first party system 101. At step 206, each trustee system 102 monitors the ledger 104a on an ongoing basis for request messages 113 that correspond to secret shares σi held by the trustee system]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Tegeder’s system with Wright’s system, with a motivation to enable a first party to provide overt ledger secured key escrow (“OLSKE”) access to a secret p, controlled by the first party, to a designated third party. [Tegeder, para. 28]

As per claim 3, modified Wright teaches the method of claim 1, wherein the step of randomly generating the validator private key further includes generating a passphrase for encrypting the validator private key, [Wright, page 5 lines 31 – 32 to page 6 lines 1 – 2 discloses the common secret may then be used to generate an encryption key, and that encryption key may be used for the safe transmission of the share(s). Other data may also be transmitted using the encryption key. Page 17 lines 7 – 10 discloses a common secret (CS) can be established between two parties and then used to generate a secure encryption key for transmission of one or more of the shares. This common secret (CS) is not to be confused with the secret (S) referred to above. The Common Secret (CS) is generated and used to enable secure exchange of the Secret (S) e.g. key or share thereof] the method further comprising transferring the passphrase to the key management computing device for storage. [Wright, page 5 lines 26 – 31 discloses the common secret may be determined at the at least two nodes independently of each other. Thus, each node may determine or generate the secret for themselves, without input from or communication with the other node or another party. Page 30 lines 7 - 9 discloses the common secret (CS) could be stored in the first data store (X) associated with the first node provided the common secret (CS) is kept as secure as the first node master private key (Vic).]

Regarding claim 5, modified Wright teaches the method of claim 1, but Wright does not teach wherein the step of storing the encrypted validator subkey on a distributed file system includes storing a unique ID with the encrypted validator subkey on the distributed file system, the method further comprising storing, in a storage medium of the key management device, group mapping information that includes the unique ID, wherein the key management device securely stores the group mapping information and does not transfer the group mapping information to the initiating user device or other entity to thereby prevent third parties from locating the encrypted validator subkey on the distributed file system.
However, Tegeder does teach wherein the step of storing the encrypted validator subkey on a distributed file system includes storing a unique ID with the encrypted validator subkey on the distributed file system, [Tegeder, para. 52 When the third party wishes to gain access to second object key γ* in order to access the secret p, the third party system 103 creates a request message 113, as described above. The request message 113 includes an arbitrary token T and β(T), a copy of the same token T that has been encrypted using the first validation key β of the validation key pair β, β* that is securely held by the third party system 103. As explained above, a copy of the second validation key β* is held by each of the trustee systems 102a, 102c, 102d that were selected by the first party to hold the secret shares σi. Para. 54 discloses request messages 113 are published to a ledger 104a, which is at least accessible by the trustee systems 102 and the first party system 101. At step 206, each trustee system 102 monitors the ledger 104a on an ongoing basis for request messages 113 that correspond to secret shares σi held by the trustee system. At step 207, the third party system 103 publishes the request message 113 to a ledger 104a, which is at least accessible by the trustee systems 102 and the first party system 101] the method further comprising storing, in a storage medium of the key management device, group mapping information that includes the unique ID, [Tegeder, para. 55 discloses It will be appreciated that each trustee system 102 may maintain a large number of records, each comprising a different validation key and secret share that has been transmitted to the trustee system 102 from various first parties. Thus, as part of the monitoring process of step 206, each trustee system attempts to validate the request messages published to the ledger in order to determine whether each request published to the ledger 104a is a request for a secret share that the given trustee system 102 holds. For each record held by the trustee system 102, the trustee system 102 attempts to decrypt the encrypted token β(T) of the request message using the validation key held in that record, i.e. performing the operation β*(β(T)). The output of the operation β*(β(T)) is then compared with the unencrypted token T of the request message. If the second validation key β* held in the given record is the counterpart of the first validation key β that was used by the third party to encrypt the token T when generating the request message 113, then the decrypted token β*(β(T)) will be identical to the unencrypted token T of the request message. In this way, each trustee system 102 is able to determine whether a record that it holds is associated with the request published to the ledger 104a by the third party system 103] wherein the key management device securely stores the group mapping information and does not transfer the group mapping information to the initiating user device or other entity to thereby prevent third parties from locating the encrypted validator subkey on the distributed file system. [Tegeder, para. 76 discloses when the first party wishes to recover the secret p, the first party publishes a request message to ledger comprising the encrypted version of the token α.sub.1P(Y), which was encrypted with the first party's private key. The validation method outlined above may then be performed with the necessary changes to use the first party's public key α.sub.1P* rather than the second validation key β*. The first party can retrieve the secret shares published in response to the request message and decrypt the secret or secret shares using their private key α.sub.1P. This arrangement, using the first party's public and private keys, means that the first party needs only to retain access to their private key α.sub.1P in order to recover the secret. Para. 35 discloses In order to prevent collusion by the trustee systems or a Sybil attack from revealing the second object key γ* maliciously in order to compromise the system 100 as a whole, and in order to allow the secret shares σi to be published publicly on a need-to-know basis, the second object key γ* may therefore be encrypted using a public key α.sub.3P* that is associated with the third party. Since the private key α.sub.3P is then required to decrypt the second object key γ*, only the third party can recover the second object key γ* from the reassembled secret shares σi.]
	Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Tegeder’s system with Wright’s system, with a motivation to enable a first party to provide overt ledger secured key escrow (“OLSKE”) access to a secret p, controlled by the first party, to a designated third party. [Tegeder, para. 28]

Regarding claim 9, modified Wright teaches the method of claim 1, but Wright does not teach wherein a number of the subkeys transferred to each user in the group of users is greater than a number of the at least one subkey identified as the validator subkey(s). 
However, Tegeder does teach wherein a number of the subkeys transferred to each user in the group of users is greater than a number of the at least one subkey identified as the validator subkey(s). [Tegeder, para. 34 discloses Each trustee system 102a-d monitors a ledger 104 for request messages 113 that indicate a request for access to the second object key γ*. It will be appreciated that the system 100 may be used by more than one first party and more than one third party to provide OLSKE access to different secrets, and that each trustee system 102a-d may hold multiple secret shares, each pertaining to a share of a different object key corresponding to different secrets. Para. 54 discloses The request message 113 includes an arbitrary token T and β(T), a copy of the same token T that has been encrypted using the first validation key β of the validation key pair β, β* that is securely held by the third party system 103. Para. 55 discloses Request messages 113 are published to a ledger 104a, which is at least accessible by the trustee systems 102 and the first party system 101. At step 206, each trustee system 102 monitors the ledger 104a on an ongoing basis for request messages 113 that correspond to secret shares σi held by the trustee system.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Tegeder’s system with Wright’s system, with a motivation to enable a first party to provide overt ledger secured key escrow (“OLSKE”) access to a secret p, controlled by the first party, to a designated third party. [Tegeder, para. 28]

As per claim 17, modified Wright teaches the method of claim 1, wherein the distributed file system is a blockchain platform. [Wright, page 1 lines 11 – 18 discloses Cryptography involves techniques for secure storage of sensitive data as well as its communication between two or more nodes in a network. A node may include a mobile communication device, a tablet computer, a laptop computer, desktop, other forms of computing devices and communication devices, a server device in a network, a client device in a network, one or more nodes in a distributed network, etc. The nodes may be associated with, for example, a natural person, a group of people such as employees of a company, a system such as a banking system, or a distributed, peer-to-peer ledger (i.e. blockchain). Page 10 lines 1 – 2 discloses the system may comprise or utilise a blockchain network or platform. Additionally or alternatively, it may comprise a digital wallet provider or management system.]

As per claim 18, modified Wright does teach the method of claim 1, wherein the distributed file system is a peer-to-peer network. [Wright, page 1 lines 11 – 18 discloses Cryptography involves techniques for secure storage of sensitive data as well as its communication between two or more nodes in a network. A node may include a mobile communication device, a tablet computer, a laptop computer, desktop, other forms of computing devices and communication devices, a server device in a network, a client device in a network, one or more nodes in a distributed network, etc. The nodes may be associated with, for example, a natural person, a group of people such as employees of a company, a system such as a banking system, or a distributed, peer-to-peer ledger (i.e. blockchain). Page 28 lines 8 – 14 discloses the first node 3 may be a client and the second node 7 may be a server trusted by the client such as a wallet provider. Thus the server (second node 7) may need to authenticate the credentials of the client (first node 3) in order to allow the client access to the server system. It may not be necessary for the server to be authenticate the credentials of the server to the client. However in some scenarios, it may be desirable for both nodes to be authenticated to each other, such as in a peer-to-peer scenario.]

As per claim 19, modified Wright teaches the method of claim 1, wherein the asset private key is a cryptographic key, seed, passphrase, or other digital data string that is used to gain access to an asset. [Wright, page 4 lines 20 – 24 discloses the verification element may be a cryptographic key. It may be a private key in an asymmetric cryptography pair. Additionally or alternatively, it may be a representation of a cryptographic key, or some item which may be used to access, calculate, derive or retrieve a cryptographic key. It may be some secret or value which can be used in a verification process such as, for example, a mnemonic or a seed.]

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over WO 2017145010 A1 to Wright et al., (hereinafter, “Wright”) in view of US 20190372765 A1 to Tegeder et al., (hereinafter, “Tegeder”) in further view of US 20180316495 A1 to Wall et al., (hereinafter, “Wall”).
Regarding claim 4, modified Wright teaches the method of claim 3, but Wright does not teach wherein the step of storing the validator private key on a validator storage device includes communicatively coupling a validator cold storage device to the initiating user computing device and transferring the validator private key to the validator cold storage device for secure long term storage by one of the group of users or a trusted third party. 
However, Wall does teach wherein the step of storing the validator private key on a validator storage device includes communicatively coupling a validator cold storage device to the initiating user computing device and transferring the validator private key to the validator cold storage device for secure long term storage by one of the group of users or a trusted third party. [Wall, para. 127 discloses prompt the user to provide a removable storage device such as a USB memory stick. The client application could generate a random key that it uses with a symmetric-key encryption algorithm such as AES256-GCM to encrypt the private key, then store the random key on the removable storage device.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Wall’s system with modified Wright’s system, with a motivation to store the private keys for the device and the user and provide a method to encrypt the user's private key so it can be escrowed securely by the key server. [Wall, para. 125]

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over WO 2017145010 A1 to Wright et al., (hereinafter, “Wright”) in view of US 20190372765 A1 to Tegeder et al., (hereinafter, “Tegeder”) in further view of US 20180137299 A1 to Porter et al., (hereinafter, “Porter”).
Regarding claim 6, modified Wright teaches the method of claim 1, but modified Wright does not teach further comprising, executing a web browser software program with the initiating user computing device to communicate with the key management system over a network, wherein the step of splitting is performed with the web browser software program according to instructions received from the key management device.
However, Porter does teach further comprising, executing a web browser software program with the initiating user computing device to communicate with the key management system over a network, [Porter, para. 68 discloses The process 600 associates N customers with a rendezvous enclave (602). For example, assume multiple organizations agree to provide their confidential input to the cloud provider without revealing their data with the goal to compute their common algorithm on the combined data inputs and share the results. Each customer out of N group sign up for enclave management service from a public cloud provider, selects the task to provision cloud enclave pod (e.g., component enclave pods 520 for that customer), and specifies how the enclaves are to be managed, the configuration properties, etc] wherein the step of splitting is performed with the web browser software program according to instructions received from the key management device. [Porter, para. 73 discloses a cloud key management system generates the enclave signing key and, using a key splitting technique, provides all N participants a respective portion or fragment of the entire key. The key splitting technique enables the participants to vote on the access to the rendezvous enclave pod 502 and allow them to control as a group the enclave use of their respective data from their storage bucket for the algorithm computation. Para. 74 discloses a cloud key management service split of a signing enclave private key into a N-of-N quorum fragments. For each customer, its respective nth fragment of the key is associated with a project ID of the customer and wrapped by the customer's supplied encryption key KEK. When customers agreed to start the process in the rendezvous enclave, they will use their nth fragment to sign the enclave manifest 512 and share the partially signed message with the cloud enclave management system.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Porter’s system with modified Wright’s system, with a motivation to provide an additional level of protection, resiliency and high availability, and ensures that critical decisions cannot be reverted by untrusted code or root-privileged adversary. [Porter, para. 9]

Claims 7 - 8 are rejected under 35 U.S.C. 103 as being unpatentable over WO 2017145010 A1 to Wright et al., (hereinafter, “Wright”) in view of US 20190372765 A1 to Tegeder et al., (hereinafter, “Tegeder”) in further view of US 20190124081 A1 to Nowak et al., (hereinafter, “Nowak”).
Regarding claim 7, modified Wright teaches the method of claim 1, but modified Wright does not teach wherein the at least one storage device is an encrypted cold storage device.
	However, Nowak does teach wherein the at least one storage device is an encrypted cold storage device. [Nowak, para. 7 discloses With U2F, user authentication requires a strong second factor such as a Near Field Communication (NFC) tap, or by connecting a USB security token to the user device. Both FIDO standards define a common interface at the client for the local authentication method that the user exercises. The client can be pre-installed on the operating system or web browser]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Nowak’s system with modified Tegeder’s system, with a motivation to registers the user to a server by registering a public key, and to authenticate the user, the device signs a challenge from the server using the private key that it holds. [Nowak, para. 5]

Regarding claim 8, modified Wright teaches the method of claim 7, but modified Wright does not teach wherein the encrypted cold storage device is configured to communicate with the initiating user computing device and key management device according to a FIDO protocol and transfer the subkeys between the cold storage device and initiating user computing device via a transport layer of the FIDO protocol.
	However, Nowak does teach wherein the encrypted cold storage device is configured to communicate with the initiating user computing device and key management device according to a FIDO protocol [Nowak, para. 7 discloses With U2F, user authentication requires a strong second factor such as a Near Field Communication (NFC) tap, or by connecting a USB security token to the user device. Both FIDO standards define a common interface at the client for the local authentication method that the user exercises. The client can be pre-installed on the operating system or web browser] and transfer the subkeys between the cold storage device and initiating user computing device via a transport layer of the FIDO protocol. [Nowak, para. 5 discloses the FIDO specifications also support existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE), smart cards, and near-field communication (NFC). For example, a USB security token device may be used to authenticate using a simple password (such as a four-digit PIN) or by pressing a button. The FIDO specifications emphasize a device-centric model, and authentication over the wire happens using public key cryptography.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Nowak’s system with modified Tegeder’s system, with a motivation to registers the user to a server by registering a public key, and to authenticate the user, the device signs a challenge from the server using the private key that it holds. [Nowak, para. 5]

Claims 10 – 13 are rejected under 35 U.S.C. 103 as being unpatentable over WO 2017145010 A1 to Wright et al., (hereinafter, “Wright”) in view of US 20190372765 A1 to Tegeder et al., (hereinafter, “Tegeder”) in further view of US 20190268149 A1 to Kariv et al., (hereinafter, “Kariv”) and in further view of US 20180316495 A1 to Wall et al., (hereinafter, “Wall”).
Regarding claim 10, modified Wright teaches the method of claim 1, but modified Wright does not teach further comprising receiving a selection, via a web browser of the initiating user computing device, of a key management plan; wherein the step of storing the validator private key on a validator storage device includes transferring the validator private key to the key management device if a first key management plan is selected or to a cold storage device communicatively coupled to the initiating computing device if a second key management plan is selected.
However, Kariv does teach further comprising receiving a selection, via a web browser of the initiating user computing device, of a key management plan; [Kariv, para. 46 discloses computational services were generally provided by computer systems and data centers purchased, configured, managed, and maintained by service-provider organizations. For example, an e-commerce retailer generally purchased, configured, managed, and maintained a data center including numerous web servers, back-end computer systems, and data-storage systems for serving web pages to remote customers, receiving orders through the web-page interface, processing the orders, tracking completed orders, and other myriad different tasks associated with an e-commerce enterprise], but modified Wright in view of Kariv does not teach wherein the step of storing the validator private key on a validator storage device includes transferring the validator private key to the key management device if a first key management plan is selected or to a cold storage device communicatively coupled to the initiating computing device if a second key management plan is selected. 
However, Wall does teach wherein the step of storing the validator private key on a validator storage device includes transferring the validator private key to the key management device if a first key management plan is selected or to a cold storage device communicatively coupled to the initiating computing device if a second key management plan is selected. [Wall, para. 127 discloses prompt the user to provide a removable storage device such as a USB memory stick. The client application could generate a random key that it uses with a symmetric-key encryption algorithm such as AES256-GCM to encrypt the private key, then store the random key on the removable storage device. Para. 128 disclsoe prompt the user to provide a security device such as a Yubikey that could generate and securely store a random key and provide that key to the client application. The client application could use that key with a symmetric key algorithm such as AES256-GCM to encrypt the private key.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Kariv’s system and Wall’s system  with modified Wright’s system, with a motivation to provide an extra level of security for a secure storage of secrets without relying on specialized secure-storage hardware devices, such as HSMs, although specialized secure-storage hardware devices [Kariv, para. 69] and store the private keys for the device and the user and provide a method to encrypt the user's private key so it can be escrowed securely by the key server. [Wall, para. 125]

As per claim 11, modified Wright teaches the method of claim 10, wherein the first key management plan includes automatic restoration of the asset private key when the key management device receives an authorized restoration request. [Wright, page 11 lines 28 – 32 discloses 4S is used to split a secret such as a private key or mnemonic seed into a number of parts. It is then also used to regenerate the key or mnemonic seed from a certain number of parts. The use of mnemonics is known in conjunction with digital wallets. The mnemonic is a human-friendly code or group of words which can be turned into a binary seed for the generation of a wallet or data.]

As per claim 12, modified Wright teaches the method of claim 10, wherein the second key management plan includes verification by one of the users in the group of users or a trusted third party that a specified condition has been met prior to restoration of the asset private key. [Wright, page 4 lines 32 to page 5 lines 1 – 3 discloses the split may be performed such that the verification element can only be restored upon combination of a predetermined number of shares. In one embodiment, any two shares may be sufficient for restoration of the verification element. Page 14 lines 21 – 28 discloses the secret needs to be an integer. Hence if the secret is in some other format (ex. String, hex etc.) it must be converted into an integer first. If the secret is already an integer, this step can be omitted. For this example, let S = 1234. Decide number of shares (n) and threshold (k) Note that k parts will be required to regenerate the secret. Hence, choose S and k such that k parts can always be obtained while recovering the secret.]

As per claim 13, modified Wright teaches the method of claim 12, wherein the specified condition includes one of verification of death or incapacitance, a transfer of ownership, or a request from a minimum number of the group of users to restore the asset private key. [Wright, page 14 lines 21 – 28 discloses the secret needs to be an integer. Hence if the secret is in some other format (ex. String, hex etc.) it must be converted into an integer first. If the secret is already an integer, this step can be omitted. For this example, let S = 1234. Decide number of shares (n) and threshold (k) Note that k parts will be required to regenerate the secret. Hence, choose S and k such that k parts can always be obtained while recovering the secret.]

Claims 14 - 16 are rejected under 35 U.S.C. 103 as being unpatentable over WO 2017145010 A1 to Wright et al., (hereinafter, “Wright”) in view of US 20190372765 A1 to Tegeder et al., (hereinafter, “Tegeder”) in further view of US 20180137299 A1 to Porter et al., (hereinafter, “Porter”).
Regarding claim 14, modified Wright teaches the method of claim 1, sending confirmation to the key management device that a number of the first portion of the subkeys greater than T are available; [Wright, page 11 lines 21 – 28 discloses The shares can be used to reconstruct the secret thereafter. Each individual share is of no value or use on its own until it is combined with one or more other shares. The number of shares required to reconstruct the secret can vary according to the needs of the situation. In some cases, all shares may be required, while in other cases only a sufficient number are required. This is known as the threshold scheme, where any k of the shares are sufficient to reconstruct the original secret], but modified Wright does not further comprising: sending, via a web browser of a validator computing device, a restoration request to the key management device; receiving, at the validator computing device, the validator subkey; and restoring, with a restoring algorithm executed in the web browser of the validator computing device, the asset private key from the first portion of the subkeys and the validator subkey. 
	However, Porter does teach further comprising: sending, via a web browser of a validator computing device, a restoration request to the key management device; [Porter, para. 76 discloses a split and delegate model can be used when it is sufficient to use only M out of N split key fragments to regenerate the entire key to use it for the authorization of the main critical operation with enclaves, such as launching, retiring, and attestation] and restoring, with a restoring algorithm executed in the web browser of the validator computing device, the asset private key from the first portion of the subkeys and the validator subkey [Porter, para. 76 discloses this capability may work based on a majority voting algorithm of the participants. In other implementations, a split and delegate model can be used when it is sufficient to use only M out of N split key fragments to regenerate the entire key to use it for the authorization of the main critical operation with enclaves, such as launching, retiring, and attestation], but modified Wright does not teach receiving, at the validator computing device, the validator subkey.
	However, Tegeder does teach receiving, at the validator computing device, the validator subkey. [Tegeder, para. 63 discloses the token V used by a given trustee system 102 in its response message is a unique token, i.e. different to other tokens V used by other trustee systems 102 in their response messages. For example, the token V could be a hash of a public key associated with the individual trustee system 102, i.e. #(α.sub.TS*). By using the secret share σ.sub.i, a hash of the secret share #(σ.sub.i), or a unique token V, the present system and method prevent spoofing of response messages by trustee systems 102, or other actors with access to the ledger, who do not have access to the second validation key β*.. Para. 78 discloses in order to prevent flooding of ledger(s) 104a, 104b with opportunistic or bogus request messages 113 and response messages 114, a computational or financial burden may be imposed upon the posting of a message to the ledger. For example, in order to post a message to the ledger, a trustee system 102 or third party 103 may be required to calculate a hash of existing messages in a block, for example in a blockchain]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Porter’s system and Tegeder’s system with modified Wright’s system, with a motivation to provide an additional level of protection, resiliency and high availability, and ensures that critical decisions cannot be reverted by untrusted code or root-privileged adversary [Porter, para. 9] and to enable a first party to provide overt ledger secured key escrow (“OLSKE”) access to a secret p, controlled by the first party, to a designated third party. [Tegeder, para. 28]

Regarding claim 15, modified Wright teaches the method of claim 14, but modified Wright does not teach wherein the validator subkey is obtained from the distributed file system by the key management device and transmitted from the key management device to the validator computing device.
However, Tegeder does teach wherein the validator subkey is obtained from the distributed file system by the key management device and transmitted from the key management device to the validator computing device. [Tegeder, para. 7 discloses each published request for the secret shares may comprise a validation token and an encrypted validation token. Para. 9 discloses each secret share may also pertain to a share of an identifier associated with the third party system such that the identifier can be derived from the secret shares. Para. 13 discloses the first party system may be further configured to generate a validation token, transmit the validation token to the plurality of trustee systems and transmit the validation token to the third party system.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Tegeder’s system with Wright’s system, with a motivation to enable a first party to provide overt ledger secured key escrow (“OLSKE”) access to a secret p, controlled by the first party, to a designated third party. [Tegeder, para. 28]
	
Regarding claim 16, modified Wright teaches the method of claim 15, but modified Wright does not teach wherein the validator subkey is obtained from the distributed file system by the key management device by accessing blockchain mapping information securely stored by the key management device to determine a storage location of the encrypted validator subkey on the distributed file system.
However, Tegeder does teach wherein the validator subkey is obtained from the distributed file system by the key management device by accessing blockchain mapping information securely stored by the key management device to determine a storage location of the encrypted validator subkey on the distributed file system. [Tegeder, para. 7 discloses each published request for the secret shares may comprise a validation token and an encrypted validation token. Para. 9 discloses each secret share may also pertain to a share of an identifier associated with the third party system such that the identifier can be derived from the secret shares. Para. 63 discloses the token V used by a given trustee system 102 in its response message is a unique token, i.e. different to other tokens V used by other trustee systems 102 in their response messages. For example, the token V could be a hash of a public key associated with the individual trustee system 102, i.e. #(α.sub.TS*). By using the secret share σ.sub.i, a hash of the secret share #(σ.sub.i), or a unique token V, the present system and method prevent spoofing of response messages by trustee systems 102, or other actors with access to the ledger, who do not have access to the second validation key β*.. Para. 78 discloses in order to prevent flooding of ledger(s) 104a, 104b with opportunistic or bogus request messages 113 and response messages 114, a computational or financial burden may be imposed upon the posting of a message to the ledger. For example, in order to post a message to the ledger, a trustee system 102 or third party 103 may be required to calculate a hash of existing messages in a block, for example in a blockchain]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Tegeder’s system with Wright’s system, with a motivation to enable a first party to provide overt ledger secured key escrow (“OLSKE”) access to a secret p, controlled by the first party, to a designated third party. [Tegeder, para. 28]

Claims 20 – 22 are rejected under 35 U.S.C. 103 as being unpatentable over WO 2017145010 A1 to Wright et al., (hereinafter, “Wright”) in view of US 20190372765 A1 to Tegeder et al., (hereinafter, “Tegeder”) and in view of US 10158651 B1 to Nimry et al., (hereinafter, “Nimry”).
Regarding claim 20, Wright teaches a method of providing a key management service with a key management device for transferring control of an asset private key, [Wright, page lines discloses the invention may provide a computer-implemented method. It may enable the control of access to a resource. It may be called a verification or authentication method. It may be referred to as a cryptographic key management solution. The resource may be any type of physical or electronic resource] wherein the key splitting instructions include: splitting the asset private key into a plurality of subkeys with a key splitting algorithm; [Wright, page 4 lines 26 – 29 discloses one aspect of the invention may relate to splitting a secret such as a private key into (unique) shares. The verification element may be split into a plurality of shares such that the verification element can be restored or regenerated from two or more of the shares. Shamir's Secret Sharing Scheme may be used to split the verification element into shares] identifying a first portion of the subkeys for distribution to a plurality of users; [Wright, page 4 lines 31 – 32 to page 5 lines 1 – 9 discloses any two shares may be sufficient for restoration of the verification element. Another aspect of the invention may relate to safe handling or storage of the respective shares. The shares may be sent to, and stored by, different parties. Some or all of these parties may be nodes on the network. In one embodiment, the method may comprise the step of storing at least three shares of the verification element at different locations relative to each other] storing ones of the first portion of the subkeys on a plurality of cold storage devices for transfer to the plurality of users; [Wright, page 5 lines 6 – 15 discloses the shares may be sent to, and stored by, different parties. Some or all of these parties may be nodes on the network. In one embodiment, the method may comprise the step of storing at least three shares of the verification element at different locations relative to each other. At least one of the shares may be stored in or on a back-up or "safe-storage" facility. This may be separate, independent and/or distinct from any other location which stores a share. This provides an important advantage, because it enables restoration of the verification element in the event that one of the other shares becomes unavailable. In such a situation, the share may be retrieved from the safe-storage facility] randomly generating a validator asymmetric public-private key pair and passphrase; [Wright, page 5 lines 31 – 32 discloses the common secret may then be used to generate an encryption key, and that encryption key may be used for the safe transmission of the share(s). Page 17 lines 7 – 10 discloses a common secret (CS) can be established between two parties and then used to generate a secure encryption key for transmission of one or more of the shares. This common secret (CS) is not to be confused with the secret (S) referred to above. The Common Secret (CS) is generated and used to enable secure exchange of the Secret (S) e.g. key or share thereof], but Wright does not teach the method comprising: receiving, at the key management device, an asset private key splitting request from an initiating user computing device; and sending, from the key management device to the initiating user computing device, key splitting instructions for execution in a web browser of the initiating user computing device, identifying a second portion of the subkeys, the second portion including at least one validator subkey; encrypting the at least one validator subkey with the validator private key; and transmitting the at least one encrypted validator subkey to the key management device for storage on a blockchain platform.
However, Nimry does teach the method comprising: receiving, at the key management device, an asset private key splitting request from an initiating user computing device; [Nimry, col. 3 lines discloses  61 – 67 discloses a computer-readable medium, such as a computer-readable storage medium, has stored thereon instructions that, when executed, cause a processor of a client device to construct a key to be used to encrypt or decrypt data of a communication session between the client device and a server device, partition the key into a plurality of key partitions, send, via the network interface] and sending, from the key management device to the initiating user computing device, key splitting instructions for execution in a web browser of the initiating user computing device, [Nimry, pages 5 lines 58 – 61 discloses server device 106 may send instructions to partition the key into key partitions, and send each of the key partitions to a respective one of key verification server devices 108], but Wright in view of Nimry does not teach identifying a second portion of the subkeys, the second portion including at least one validator subkey; encrypting the at least one validator subkey with the validator private key; and transmitting the at least one encrypted validator subkey to the key management device for storage on a blockchain platform.
	However, Tegeder does teach identifying a second portion of the subkeys, the second portion including at least one validator subkey; [Tegeder, para. 7 discloses each published request for the secret shares may comprise a validation token and an encrypted validation token. Para. 9 discloses each secret share may also pertain to a share of an identifier associated with the third party system such that the identifier can be derived from the secret shares] encrypting the at least one validator subkey with the validator private key; [Tegeder, para. 53 discloses the request message 113 includes an arbitrary token T and β(T), a copy of the same token T that has been encrypted using the first validation key β of the validation key pair β, β* that is securely held by the third party system 103. As explained above, a copy of the second validation key β* is held by each of the trustee systems 102a, 102c, 102d that were selected by the first party to hold the secret shares σi. Para. 55 discloses If the second validation key β* held in the given record is the counterpart of the first validation key β that was used by the third party to encrypt the token T when generating the request message 113, then the decrypted token β*(β(T)) will be identical to the unencrypted token T of the request message] and transmitting the at least one encrypted validator subkey to the key management device for storage on a blockchain platform. [Tegeder, para. 53 discloses The request message 113 includes an arbitrary token T and β(T), a copy of the same token T that has been encrypted using the first validation key β of the validation key pair β, β* that is securely held by the third party system 103. Para. 54 discloses Request messages 113 are published to a ledger 104a, which is at least accessible by the trustee systems 102 and the first party system 101. At step 206, each trustee system 102 monitors the ledger 104a on an ongoing basis for request messages 113 that correspond to secret shares σi held by the trustee system]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Tegeder’s system and Nimry’s system with Wright’s system, with a motivation to enable a first party to provide overt ledger secured key escrow (“OLSKE”) access to a secret p, controlled by the first party, to a designated third party [Tegeder, para. 28] and construct the key and send the key to a server device in a secure manner, e.g., using Transport Layer Security (TLS) or Secured Socket Layer (SSL) or other public key infrastructure methodologies. [Nimry, col. 1 lines 39 – 43]

Regarding claim 21, modified Wright does teach the method of claim 20, but modified Wright does not teach further comprising transmitting, from the key management device, the at least one encrypted validator subkey to the blockchain platform for storage.
	However, Tegeder does teach further comprising transmitting, from the key management device, the at least one encrypted validator subkey to the blockchain platform for storage. [Tegeder, para. 53 discloses The request message 113 includes an arbitrary token T and β(T), a copy of the same token T that has been encrypted using the first validation key β of the validation key pair β, β* that is securely held by the third party system 103. Para. 54 discloses Request messages 113 are published to a ledger 104a, which is at least accessible by the trustee systems 102 and the first party system 101. At step 206, each trustee system 102 monitors the ledger 104a on an ongoing basis for request messages 113 that correspond to secret shares σi held by the trustee system]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Tegeder’s system with Wright’s system, with a motivation to provide this OLSKE access to an encrypted secret to a third party that has been designated for such access by the first party, i.e. the original owner/creator/controller of the secret. [Tegeder, para. 29]

Regarding claim 22, modified Wright teaches the method of claim 20, but modified Wright does not teach wherein the splitting instructions further include transmitting the validator asymmetric public-private key pair to the key management device for storage by the key management device in memory.
However, Tegeder does teach wherein the splitting instructions further include transmitting the validator asymmetric public-private key pair to the key management device for storage by the key management device in memory. [Tegeder, para. 65 discloses the third party system can be configured to restrict the validation means of the request message 113 to comprise only the encrypted token β(W), using the first validation key β, rather than including the unencrypted token W too. Each trustee system is then configured to compare the decryption of such encrypted token, using the second validation key β*, to the token W stored securely in its memory and in this way determine that the request message 113 corresponds to the secret share that the trustee systems holds and at the same time validate that the request message 113 had been posted by the designated first party.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Tegeder’s system with Wright’s system, with a motivation to provide this OLSKE access to an encrypted secret to a third party that has been designated for such access by the first party, i.e. the original owner/creator/controller of the secret. [Tegeder, para. 29]

Claims 23 – 24 are rejected under 35 U.S.C. 103 as being unpatentable over WO 2017145010 A1 to Wright et al., (hereinafter, “Wright”) in view of US 20190372765 A1 to Tegeder et al., (hereinafter, “Tegeder”) and in view of US 10158651 B1 to Nimry et al., (hereinafter, “Nimry”) in further view of US 20190124081 A1 to Nowak et al., (hereinafter, “Nowak”).
Regarding claim 23, modified Wright teaches the method of claim 20, but modified Wright does not teach wherein the splitting instructions further include transmitting the validator asymmetric public-private key pair to a cold storage device communicatively coupled to the initiating user computing device for storage.
However, Nowak does teach wherein the splitting instructions further include transmitting the validator asymmetric public-private key pair to a cold storage device communicatively coupled to the initiating user computing device for storage. [Nowak, para. 7 discloses With U2F, user authentication requires a strong second factor such as a Near Field Communication (NFC) tap, or by connecting a USB security token to the user device. Both FIDO standards define a common interface at the client for the local authentication method that the user exercises. The client can be pre-installed on the operating system or web browser]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Nowak’s system with modified Wright’s system, with a motivation to store the authentication keys associated with each of the authenticators and used by the secure communication module 213 to establish secure communication with the relying party. [Nowak, para. 5]

As per claim 24, modified Wright teaches the method of claim 23, wherein the splitting instructions further include transferring the passphrase to the key management device for storage by the key management device in memory. [Wright, page 17 lines 7 – 10 discloses a common secret (CS) can be established between two parties and then used to generate a secure encryption key for transmission of one or more of the shares. This common secret (CS) is not to be confused with the secret (S) referred to above. The Common Secret (CS) is generated and used to enable secure exchange of the Secret (S) e.g. key or share thereof. Page 30 lines 7 - 9 discloses the common secret (CS) could be stored in the first data store (X) associated with the first node provided the common secret (CS) is kept as secure as the first node master private key (Vic).]

Claims 25, 27, and 29 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190372765 A1 to Tegeder et al., (hereinafter, “Tegeder”) in view of WO 2017145010 A1 to Wright et al., (hereinafter, “Wright”) and in view of US 20190268149 A1 to Kariv et al., (hereinafter, “Kariv”).
Regarding claim 25, Tegeder teaches a method of restoring an asset private key from a plurality of subkeys, comprising: sending, with the validator computing device, confirmation to the key management device that the validator computing device has access to a first number of the subkeys; [Tegeder, para. 7 discloses each published request for the secret shares may comprise a validation token and an encrypted validation token. Para. 9 discloses each secret share may also pertain to a share of an identifier associated with the third party system such that the identifier can be derived from the secret shares. Para. 13 discloses the first party system may be further configured to generate a validation token, transmit the validation token to the plurality of trustee systems and transmit the validation token to the third party system] receiving, at the validator computing device, from the key management device, at least one validator subkey; [Tegeder, para. 63 discloses the token V used by a given trustee system 102 in its response message is a unique token, i.e. different to other tokens V used by other trustee systems 102 in their response messages. For example, the token V could be a hash of a public key associated with the individual trustee system 102, i.e. #(α.sub.TS*). By using the secret share σi, a hash of the secret share #( σi), or a unique token V, the present system and method prevent spoofing of response messages by trustee systems 102, or other actors with access to the ledger, who do not have access to the second validation key β*] wherein the at least one validator subkey is required to restore the asset private key, [Tegeder, para. 7 discloses each published request for the secret shares may comprise a validation token and an encrypted validation token. Para. 9 discloses each secret share may also pertain to a share of an identifier associated with the third party system such that the identifier can be derived from the secret shares] wherein the key management device stores an encrypted version of the validator subkey on a blockchain platform [Tegeder, para. 62 discloses the response message 114 posted by each trustee system comprises at least the secret share σ.sub.i held by the trustee system and the validation means that enables the third party system 103 to identify and validate response messages 114 that are associated with the third party system's 103 request message 113. Para. 72 discloses once a sufficient number, i.e. k out of n, of response messages 114 has been published to the ledger 104b, the third party may close the original request message 113 or post a further message to the ledger 104a/104b to indicate that the request message 113 is closed] and uses blockchain mapping information securely stored by the key management device to locate and accesses the encrypted version of the validator subkey in response to receiving the restoration request and confirmation from the validator computing device. [Tegeder, para. 53 discloses the request message 113 includes an arbitrary token T and β(T), a copy of the same token T that has been encrypted using the first validation key β of the validation key pair β, β* that is securely held by the third party system 103. Para. 54 discloses Request messages 113 are published to a ledger 104a, which is at least accessible by the trustee systems 102 and the first party system 101. At step 206, each trustee system 102 monitors the ledger 104a on an ongoing basis for request messages 113 that correspond to secret shares σi held by the trustee system], but Tegeder does not teach sending, with a validator computing device, a restoration request to a key management device to restore the asset private key from the plurality of subkeys; and restoring, with a restoring algorithm executed by the validator computing device, the asset private key from the first number of the subkeys and the validator subkey;
However Kariv does teach sending, with a validator computing device, a restoration request to a key management device to restore the asset private key from the plurality of subkeys; [Kariv, para. 3 discloses an agent within a client device subsequently requests a secret share corresponding to a secret, or a share of data derived from the secret share, from each of the multiple secret-share-storing nodes], but Tegeder in view of Kariv does not teach restoring, with a restoring algorithm executed by the validator computing device, the asset private key from the first number of the subkeys and the validator subkey;
However, Wright does teach restoring, with a restoring algorithm executed by the validator computing device, the asset private key from the first number of the subkeys and the validator subkey; [Wright, page 14 lines 21 – 28 discloses the secret needs to be an integer. Hence if the secret is in some other format (ex. String, hex etc.) it must be converted into an integer first. If the secret is already an integer, this step can be omitted. For this example, let S = 1234. Decide number of shares (n) and threshold (k) Note that k parts will be required to regenerate the secret. Hence, choose S and k such that k parts can always be obtained while recovering the secret]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Kariv’s system and Wright’s system with Tegeder’s system, with a motivation to provide an extra level of security for a secure storage of secrets without relying on specialized secure-storage hardware devices, such as HSMs, although specialized secure-storage hardware devices [Kariv, para. 69] and only restore the verification element from two or more shares. [Wright, pages 4 lines 27 – 28]

As per claim 27, modified Tegeder teaches the method of claim 25, wherein the key management device decrypts the encrypted validator subkey with a passphrase and private key stored in key management device memory. [Tegeder, para. 11 discloses the key required to decrypt the encrypted secret or encrypted secret shares is the first validation key of the validation key pair. Para. 15 discloses a request for secret shares by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token of the validation message and, if the validation token of the validation message matches the decrypted validation token, determine that the request for the secret shares was published by the designated third party system.]

As per claim 29, modified Tegeder teaches the method of claim 28, the method further comprising receiving at the validator computing device from the key management device a passphrase for decrypting the validator private key. [Tegeder, para. 15 discloses a request for secret shares by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token of the validation message and, if the validation token of the validation message matches the decrypted validation token, determine that the request for the secret shares was published by the designated third party system.]

Claims 26 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190372765 A1 to Tegeder et al., (hereinafter, “Tegeder”) in view of WO 2017145010 A1 to Wright et al., (hereinafter, “Wright”) and in view of US 20190268149 A1 to Kariv et al., (hereinafter, “Kariv”) in further view of US 20180316495 A1 to Wall et al., (hereinafter, “Wall”).
Regarding claim 26, modified Tegeder teaches the method of claim 25, but modified Tegeder does not teach further comprising, at the validator computing device, sequentially connecting to a plurality of cold storage devices and downloading ones of the first number of the subkeys from each of the cold storage devices.
However, Wall does teach further comprising, at the validator computing device, sequentially connecting to a plurality of cold storage devices and downloading ones of the first number of the subkeys from each of the cold storage devices. [Wall, para. 127 discloses prompt the user to provide a removable storage device such as a USB memory stick. The client application could generate a random key that it uses with a symmetric-key encryption algorithm such as AES256-GCM to encrypt the private key, then store the random key on the removable storage device.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Wall’s system with modified Tegeder’s system, with a motivation to store the private keys for the device and the user and provide a method to encrypt the user's private key so it can be escrowed securely by the key server. [Wall, para. 125]

Regarding claim 28, modified Tegeder teaches the method of claim 25, wherein the validator subkey received from the key management device is encrypted, [Tegeder, para. 8 discloses each request for the secret shares may comprise an encrypted validation token, and each trustee system may be further configured to receive a second key of a validation key pair from the first party system along with the secret share and store the second key of the validation key pair] and decrypting the encrypted validator subkey with the validator private key [Tegeder, para. 8 discloses receive a validation token from the first party system and store the validation token, and validate that the request for the secret shares was made by the designated third party system by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token that was received from the first party system.], but modified Tegeder does not teach the method further comprising, at the validator computing device: connecting to a cold storage device and accessing a validator private key stored on the cold storage device. 
However, Wall does teach the method further comprising, at the validator computing device: connecting to a cold storage device and accessing a validator private key stored on the cold storage device. [Wall, para. 127 discloses prompt the user to provide a removable storage device such as a USB memory stick. The client application could generate a random key that it uses with a symmetric-key encryption algorithm such as AES256-GCM to encrypt the private key, then store the random key on the removable storage device.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Wall’s system with modified Tegeder’s system, with a motivation to store the private keys for the device and the user and provide a method to encrypt the user's private key so it can be escrowed securely by the key server. [Wall, para. 125]

Claims 30, 32, and 34 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190372765 A1 to Tegeder et al., (hereinafter, “Tegeder”) in view of US 20190268149 A1 to Kariv et al., (hereinafter, “Kariv”).
Regarding claim 30, Tegeder teaches a method of providing a key management service with a key management device for restoring an asset private key from a plurality of subkeys, the method comprising: receiving, from the validator computing device, subkey information for confirming the validator computing device has access to a first number of the subkeys; [Tegeder, para. 63 discloses the token V used by a given trustee system 102 in its response message is a unique token, i.e. different to other tokens V used by other trustee systems 102 in their response messages. For example, the token V could be a hash of a public key associated with the individual trustee system 102, i.e. #(α.sub.TS*). By using the secret share σ.sub.i, a hash of the secret share #(σ.sub.i), or a unique token V, the present system and method prevent spoofing of response messages by trustee systems 102, or other actors with access to the ledger, who do not have access to the second validation key β*] accessing, with the key management device, group mapping information associated with the user ID; [Tegeder, para. 8 discloses receive a validation token from the first party system and store the validation token, and validate that the request for the secret shares was made by the designated third party system by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token that was received from the first party system] determining whether the group mapping information matches the received subkey information; [Tegeder, para. 15 discloses a request for secret shares by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token of the validation message and, if the validation token of the validation message matches the decrypted validation token, determine that the request for the secret shares was published by the designated third party system] accessing at least one validator subkey and sending the at least one validator subkey to the validator computing device in response to determining the group mapping information matches the received subkey information; [Tegeder, para. 16 discloses when a shared validation token is generated by the first party and provided to the trustee system, the first party system may be further configured to analyse the request for secret shares by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the shared validation token held by the first party system. If the validation token held by the first party system matches the decrypted validation token, the first party determines that the request for the secret shares was published by the designated third party system.] and sending instructions to the validator computing device for restoring the asset private key; [Tegeder, para. 65 discloses the third party system can be configured to restrict the validation means of the request message 113 to comprise only the encrypted token β(W), using the first validation key β, rather than including the unencrypted token W too. Each trustee system is then configured to compare the decryption of such encrypted token, using the second validation key β*, to the token W stored securely in its memory and in this way determine that the request message 113 corresponds to the secret share that the trustee systems holds and at the same time validate that the request message 113 had been posted by the designated first party] wherein the accessing the at least one validator subkey includes using the group mapping information for locating and accessing an encrypted version of the at least one validator subkey from a blockchain platform. [Tegeder, para. 63 discloses the token V used by a given trustee system 102 in its response message is a unique token, i.e. different to other tokens V used by other trustee systems 102 in their response messages. For example, the token V could be a hash of a public key associated with the individual trustee system 102, i.e. #(α.sub.TS*). By using the secret share σ.sub.i, a hash of the secret share #(σ.sub.i), or a unique token V, the present system and method prevent spoofing of response messages by trustee systems 102, or other actors with access to the ledger, who do not have access to the second validation key β*], but Tegeder does not teach receiving, at the key management device, a restoration request from a validator computing device to restore the asset private key from the plurality of subkeys, the restoration request including a user ID; wherein the at least one validator subkey is required to restore the asset private key.
However, Kariv does teach receiving, at the key management device, a restoration request from a validator computing device to restore the asset private key from the plurality of subkeys, the restoration request including a user ID; [Kariv, para. 3 discloses an agent within a client device subsequently requests a secret share corresponding to a secret, or a share of data derived from the secret share, from each of the multiple secret-share-storing nodes. Para. 69 discloses when a client system needs to access a service based on a securely stored secret or, in certain implementations, the secret itself, the client system directs the DSS-client agent 1218 to request secret shares or derived-data shares from the CC nodes and reconstructs the secret or the derived data in client memory controlled by the DSS-client agent. Para. 76 discloses a service request 1802 transmitted by a DSS-client agent is illustrated as a dashed rectangle that contains an identifier 1804 as well as additional information 1806. The service request 1802 is forwarded to each of 6 CC nodes, represented by dashed rectangles 1808-1813, which together comprise the secure secret storage components of the DSS system, represented by the enclosing dashed rectangle 1814. Within each CC node, such as in CC node 1808, the service request is processed by using the identifier 1804 to access a secret share 1816 stored by the CC node of the secret identified by the identifier. The secret share is then used, along with the additional information 1818 extracted from the service request, to generate a corresponding result share 1820] wherein the at least one validator subkey is required to restore the asset private key, [Kariv, para. 3 discloses an agent within a client device subsequently requests a secret share corresponding to a secret, or a share of data derived from the secret share, from each of the multiple secret-share-storing nodes. Each secret-share-storing node transmits the requested secret share or derived-data share to the agent, which reconstructs the secret from all or a portion of the secret shares or a data value from all or a portion of the derived-data shares transmitted to the agent. The multiple secret-share-storing nodes additionally cooperate to periodically alter the stored secret shares corresponding to a secret in a way that allows agents to recover the original secret, or derived data, from all or a portion of the altered secret shares or derived-data shares]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Kariv’s system with Tegeder’s system, with a motivation to provide an extra level of security for a secure storage of secrets without relying on specialized secure-storage hardware devices, such as HSMs, although specialized secure-storage hardware devices. [Kariv, para. 69] 

As per claim 32, modified Tegeder teaches the method of claim 30, further comprising, at the key management device, decrypting the encrypted validator subkey with a passphrase and private key stored in key management device memory. [Tegeder, para. 11 discloses the key required to decrypt the encrypted secret or encrypted secret shares is the first validation key of the validation key pair. Para. 15 discloses a request for secret shares by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token of the validation message and, if the validation token of the validation message matches the decrypted validation token, determine that the request for the secret shares was published by the designated third party system.]

As per claim 34, modified Tegeder teaches the method of claim 33, further comprising sending a passphrase to the validator computing device for decrypting the validator private key. [Tegeder, para. 15 discloses a request for secret shares by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token of the validation message and, if the validation token of the validation message matches the decrypted validation token, determine that the request for the secret shares was published by the designated third party system.]

Claims 31 and 33 are rejected under 35 U.S.C. 103 as being unpatentable over being unpatentable over US 20190372765 A1 to Tegeder et al., (hereinafter, “Tegeder”) in view of US 20190268149 A1 to Kariv et al., (hereinafter, “Kariv”) in further view of US 20180316495 A1 to Wall et al., (hereinafter, “Wall”).
Regarding claim 31, modified Tegeder teaches the method of claim 30, but modified Tegeder does not teach wherein the instructions further include instructing the validator computing device to sequentially connect to a plurality of cold storage devices and download ones of the first number of the subkeys from each of the cold storage devices.
However, Wall does teach wherein the instructions further include instructing the validator computing device to sequentially connect to a plurality of cold storage devices and download ones of the first number of the subkeys from each of the cold storage devices. [Wall, para. 127 discloses prompt the user to provide a removable storage device such as a USB memory stick. The client application could generate a random key that it uses with a symmetric-key encryption algorithm such as AES256-GCM to encrypt the private key, then store the random key on the removable storage device.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Wall’s system with modified Tegeder’s system, with a motivation to store the private keys for the device and the user and provide a method to encrypt the user's private key so it can be escrowed securely by the key server. [Wall, para. 125]

Regarding claim 33, modified Tegeder teaches the method of claim 25, wherein the instructions further include instructing the validator computing device to: decrypt the encrypted validator subkey with the validator private key [Tegeder, para. 8 discloses receive a validation token from the first party system and store the validation token, and validate that the request for the secret shares was made by the designated third party system by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token that was received from the first party system], but modified Tegeder does not teach connect to a cold storage device and access a validator private key stored on the cold storage device;
However, Wall does teach connect to a cold storage device and access a validator private key stored on the cold storage device; [Wall, para. 127 discloses prompt the user to provide a removable storage device such as a USB memory stick. The client application could generate a random key that it uses with a symmetric-key encryption algorithm such as AES256-GCM to encrypt the private key, then store the random key on the removable storage device.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Wall’s system with modified Tegeder’s system, with a motivation to store the private keys for the device and the user and provide a method to encrypt the user's private key so it can be escrowed securely by the key server. [Wall, para. 125]
 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893.  The examiner can normally be reached on Monday-Thursday 7:30AM - 4:30PM; Friday 8AM-12PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/P.P./Patent Examiner, Art Unit 2434              
                                                                                                                                                                                          
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434