Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Examiner’s Note
In response to the restriction and election Office Action issued by the office on 04/07/2021, Applicant elected without traverse claims 1-31 of Group I (please see Response to Election/Restriction  dated 5/26/2021). 
	Examiner called the Applicant and proposed amending claim 1 by incorporating limitations of claim 2 & 3. Examiner further proposed canceling claims 28-31 (that has been elected) & claims 32-44 that has not been elected by the Applicant. He further proposed filing of an eTD to overcome potential double patenting issues with Applications 16/703850, 16/703847 & 16/703846. Examiner finally stated if the Applicant accepts Examiner’s proposition and amends claims accordingly and files an eTD as recommended by Examiner, the case will be placed in allowable condition. The Applicant agreed to consider the suggestions and get back with a response in a few days. 
	Subsequently, The Applicant emailed the proposed amendment as suggested by Examiner (please see attached “Email from the Applicant” for details) and also filed an eTD on 7/28/2021 which have accepted and approved. 
The case has now been placed in allowable condition.
EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided 
Authorization for this examiner's amendment was given via email from James Wong (Reg. No.76,723) on 08/06/2021.  
Following listing of claims will replace all prior versions and listings of claims in the application: 
Listing of the Claims:
	
1.  (Currently Amended)  A method, comprising:
participating, by an attestation server, in a data storage system, wherein: 
i) a storage server is configured to obtain and store source-encrypted source data received from a source, the source-encrypted source data comprising source data encrypted by the source with a source encryption key of the source, wherein the storage server is unable to decrypt the source-encrypted source data;
ii) the source is configured to establish and send a recipient-based rekeying key to the storage server, the recipient-based rekeying key established through an encrypting combination of a source decryption key of the source and a recipient public key of a particular recipient; and
iii) the storage server is further configured to re-encrypt the source-encrypted source data with the recipient-based rekeying key in response to a request to share the source data with the particular recipient, the re-encrypting resulting in recipient-based encrypted source data that is the source data encrypted with the recipient public key of 
sharing, by the attestation server, an original attestation server public key to cause the source to i) establish an attestation-server-based rekeying key through an encrypting combination of the source decryption key of the source and the original attestation server public key, and ii) send the attestation-server-based rekeying key to the storage server, wherein an attestation request at the storage server to share the source data with the attestation server causes the storage server to i) re-encrypt the source-encrypted source data with the attestation-server-based rekeying key, the re-encrypting resulting in the source data encrypted with the original attestation server public key, wherein the storage server is unable to decrypt the source data encrypted with the original attestation server public key, ii) send the source data encrypted with the original attestation server public key to the attestation server;
receiving, at the attestation server, the source data encrypted with the original attestation server public key from the storage server;
decrypting, by the attestation server, the source data encrypted with the original attestation server public key using an original attestation server private key of the attestation server;
attesting, by the attestation server, to the decrypted source data;
creating, by the attestation server, a signed certificate based on attesting to the source data by signing the signed certificate with the original attestation server private key, the signed certificate to allow a verifying recipient to confirm that the source data has been attested to by the attestation server based on the signed certificate based on applying the original attestation server public key to the signed certificate, wherein the signed certificate is associated with the source data; 
sharing, from the attestation server, the signed certificate to cause the verifying recipient to confirm that the source data has been attested to by the attestation server based on the signed certificate
updating the original attestation server private key to an updated attestation server private key;
updating the original attestation server public key to an updated attestation server public key;
establishing an attestation server re-encryption key through an encrypting combination of the original attestation server public key and the updated attestation server private key; and
sending the attestation server re-encryption key to the storage server to cause the storage server to apply the attestation server re-encryption key to the signed certificate to generate an updated signed certificate that is signed with the updated attestation server private key, wherein the verifying recipient is caused to confirm that the source data has been attested to by the attestation server based on applying the updated attestation server public key to the signed certificate.

2. - 3.  (Cancelled) 

4.  (Original)  The method as in claim 1, wherein the source encryption key is a public key of the source and wherein the source decryption key is a private key of the source. 

5.  (Currently Amended)  The method as in claim 1, further comprising:
sharing the original attestation server public key with the storage server, wherein the storage server is configured to share the original attestation server public key with the source.

6.  (Original)  The method as in claim 1, wherein the source data attested to by the attestation server comprises personally identifying information.

7.  (Original)  The method as in claim 6, wherein attesting to the source data comprises:
attesting to the personally identifying information based solely on the source data.

8.  (Original)  The method as in claim 6, further comprising:
establishing communication between the source and the attestation server; and
attesting to the personally identifying information based on the source data and user interaction via the established communication.

9.  (Original)  The method as in claim 1, wherein data integrity of the source data is attested to by the attestation server.

10.  (Currently Amended)  The method as in claim 1, wherein the source data comprises two or more sets of data associated together, each of the associated two or more sets individually requiring a respective rekeying key to decrypt 
attesting to only a particular one of the two or more sets of data.

11.  (Original)  The method as in claim 10, wherein the particular one of the two or more sets of data attested to by the attestation server comprises user-identifying information, and wherein one or more other sets of the two or more sets are used for data other than user-identifying information.

12.  (Original)  The method as in claim 10, wherein particular one of the two or more sets of data attested to by the attestation server comprises data related to performance of an action, and wherein one or more other sets of the two or more sets are for use in response to performance of the action.

13.  (Original)  The method as in claim 10, further comprising:
receiving the particular one of the two or more sets of data and a second set of data of the two or more sets of data, wherein the second set of data is unreadable to the attestation server; and
sending the second set of data to a second recipient along with the shared signed certificate attesting to the particular one of the two or more sets of data, wherein the second set of data is readable to the second recipient.

14.  (Original)  The method as in claim 13, further comprising:
sending the particular one of the two or more sets of data to the second recipient in a format also readable by the second recipient.

15.  (Original)  The method as in claim 1, further comprising;
instructing the source to collect the source data.

16.  (Original)  The method as in claim 1, wherein the source is configured to collect the source data as directed by the verifying recipient.

17.  (Original)  The method as in claim 1, wherein the verifying recipient is a controller device that is unable to decrypt the source-encrypted source data and is unable to decrypt the recipient-based encrypted source data.

18.  (Original)  The method as in claim 1, wherein sharing the signed certificate comprises:
sending the signed certificate to the source to cause the source to send the signed certificate to the verifying recipient.

19.  (Original)  The method as in claim 1, wherein sharing the signed certificate comprises:
sending the signed certificate to the storage server to cause the storage server to send the signed certificate to the verifying recipient.

20.  (Original)  The method as in claim 1, wherein sharing the signed certificate comprises:
sending the signed certificate to the verifying recipient.

21.  (Original)  The method as in claim 1, wherein the signed certificate is associated with the source data based on an identification (ID) that pairs the signed certificate to the source data.

22.  (Currently Amended)  The method as in claim 21, wherein the ID comprises a hash of the source-encrypted source data as computed by the storage server

23.  (Original)  The method as in claim 21, wherein the ID comprises a hash of the source data as computed by the source.

24.  (Original)  The method as in claim 21, wherein the verifying recipient initiates the attestation request, and wherein the ID is defined by the verifying recipient.

25.  (Original)  The method as in claim 1, further comprising:
computing a hash of the source data; and
including the hash as part of the signed certificate to cause the verifying recipient to confirm that the source data corresponds to the signed certificate based on matching a hash of the source data as computed by the verifying recipient to the hash included as part of the signed certificate.

26.  (Currently Amended)  The method as in claim 1, wherein the verifying recipient is not the particular recipient

27.  (Original)  The method as in claim 1, wherein the attestation request is initiated by one of: a) the storage server, b) the source, c) the verifying recipient, or d) the particular recipient.

28. – 44.  (Cancelled)

	Allowable Subject Matter
	Claims 1, and 4 - 27 are allowed.
	The following is an examiner’s statement of reasons for allowance:
        Regarding claim 1, although the prior art of record teaches (such as Biswas (US20130111205) teaches in paragraphs 0020-0023 as mentioned in IDS dated 6/24/2020) a storage server is configured to obtain and store source-encrypted source data received from a source, the source-encrypted source data comprising source data encrypted by the source with a source encryption key of the source, wherein the storage server is unable to decrypt the source-encrypted source data; none of the prior art, alone or in combination teaches receiving, at the attestation server, the source data encrypted with the original attestation server public key from the storage server;
decrypting, by the attestation server, the source data encrypted with the original attestation server public key using an original attestation server private key of the attestation server; attesting, by the attestation server, to the decrypted source data;
creating, by the attestation server, a signed certificate based on attesting to the source data by signing the signed certificate with the original attestation server private key, the signed certificate to allow a verifying recipient to confirm that the source data has been attested to by the attestation server based on the signed certificate based on applying the original attestation server public key to the signed certificate, wherein the signed certificate is associated with the source data; 
updating the original attestation server public key to an updated attestation server public key; establishing an attestation server re-encryption key through an encrypting combination of the original attestation server public key and the updated attestation server private key; and sending the attestation server re-encryption key to the storage server to cause the storage server to apply the attestation server re-encryption key to the signed certificate to generate an updated signed certificate that is signed with the updated attestation server private key, wherein the verifying recipient is caused to confirm that the source data has been attested to by the attestation server based on applying the updated attestation server public key to the signed certificate; in view of other limitations of claim 1.
	The closest prior art made of records are:
 Biswas (US20130111205 as mentioned in IDS dated 6/24/2020) teaches improved systems and techniques for secure delivery of data. One or more data providers deliver encrypted data to a storage entity. For each of one or more authorized recipients of data delivered by a data provider, the data provider generates a re-encryption key and delivers it to the storage entity. The storage entity uses a recipient's re-encryption key to re-encrypt data to be delivered to the recipient. The recipient is able to use its own key to decrypt data that has been encrypted with the data provider's key and re-encrypted with the re-encryption key of the recipient. Delivery of data may be managed to insure that it reflects a consistent condition. Data may be homomorphically encrypted by each of a plurality of data providers and processed in aggregate at the storage entity, with a recipient being able to decrypt the aggregated data but not individual elements of the aggregated data. 
Yoshida (US20130339726 as mentioned in IDS dated 6/24/2020 ) teaches a reception unit receives post-office box's encrypted data, which is obtained by encrypting the data by using a post-office box's public key, from the sending apparatus. A re-encryption key storage unit stores a re-encryption key used for re-encrypting the post-office box's encrypted data into recipient's encrypted data, which is obtained by encrypting the data using a recipient's public key that is different from the post-office box's public key. A re-encryption unit re-encrypts the received post-office box's encrypted data to the recipient's encrypted data using the re-encryption key stored in the re-encryption key storage unit. A transmission unit transmits the re-encrypted recipient's encrypted data to the receiving apparatus. 
Haider (US20180013562 as mentioned in IDS dated 6/24/2020) discloses a zero-knowledge distributed application configured to securely share information among groups of users having various roles, such as doctors and patients. Confidential information may be encrypted client-side, with private keys that reside solely client side. Encrypted collections of data may be uploaded to, and hosted by, a server that does not have access to keys suitable to decrypt the data. Other users may retrieve encrypted data from the server and decrypt some or all of the data with keys suitable to gain access to at least part of the encrypted data. The system includes a key hierarchy with multiple entry points to a top layer by which access is selectively granted to various users and keys may be recovered.
Ding (US20180359229) teaches method and apparatus  for homomorphic re-encryption schemes in a system comprising a cloud service provider (CSP), a third authorized party (TAP), a data requestor (DR) and a plurality of data providers (DPs). According to an embodiment, a method implemented at a CSP comprises: in response to a request from a TAP, obtaining from a plurality of DPs cipher texts of their respective data, based on the request, wherein each DP is able to homomorphically encrypt its data; analyzing the cipher texts; and sending the analyzing result to the TAP, wherein the TAP is able to re-encrypt the analyzing result, such that a DR can decrypt the re-encrypted analyzing result with the DR's secret key. According to another embodiment, a method implemented at a CSP comprises: collecting from a plurality of DPs cipher texts of their respective data, wherein each DP is able to homomorphically encrypt its data; analyzing the cipher texts; in response to a request from a TAP, encrypting the analyzing result; and sending the encrypted analyzing result to the TAP, wherein the TAP is able to re-encrypt the encrypted analyzing result, such that a DR can decrypt the re-encrypted analyzing result with the DR's secret key. 
Kounga (US20130227281)  discloses a data manager of a data collector (DCDM) 8 executing on a virtual machine 6 for managing sensitive data. The DCDM 8 can have a conformance certificate that characterizes functionality of the DCDM 8. The DCDM 8 can request sensitive data from a data subject 16, wherein the request for the sensitive data includes the conformance certificate. The DCDM 8 can further receive, in response to the request, the sensitive data encrypted with an encrypted secret key. The secret key can be decrypt-able with a private key stored at a trusted platform module for the data collector (DCTPM) 12.
 Reedy (US2014022573 as mentioned in IDS dated 6/24/2020) discloses an method that includes receiving personal information associated a user and receiving a first request from the user to receive first content digitally. The first content is to be generated by a first content creator. The method includes, based on the personal information and the first request received, registering the user with a content distributor to enable the user to receive the first content digitally, the content distributor being different than the first content creator and conveying the first request to the first content creator for the user to receive first content digitally. 
Schuman (US20160321456) teaches a data management system is disclosed, and comprises a hardware interface, a data retrieval module, an encryption module, and an encrypted database. The hardware interface electronically couples with one or more computer systems. The data retrieval module is configured to access and retrieve data on a third-party electronic network. The encryption module applies encryption to the data such that an at least partially-anonymized subset of the data is available in response to a request for data. The encrypted database stores the data and the at least partially-anonymized subset of the data. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER KHAN whose telephone number is (571)272-8574.  The examiner can normally be reached on Monday-Friday-8:00am-5:00pm (EST).If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHER A KHAN/Primary Examiner, Art Unit 2497