Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Applicant's submission filed on 8/2/2021 has been entered.   Claims 1-21 are pending.
 Response to Arguments
Applicant's arguments filed 8/2/2021 have been fully considered but they are not persuasive. 
On pages 8-12 of the Remarks, the Applicants argue that D’Souza does not teach a data storage system that monitors requests for the secret share.
In response, the Examiner respectfully disagrees.   MPEP § 2111.01-Under a broadest reasonable interpretation (BRI), words of the claim must be given their plain meaning, unless such meaning is inconsistent with the specification. The plain meaning of a term means the ordinary and customary meaning given to the term by those of ordinary skill in the art at the time of the invention. The ordinary and customary meaning of a term may be evidenced by a variety of sources, including the words of the claims themselves, the specification, drawings, and prior art. However, the best source for determining the meaning of a claim term is the specification - the greatest clarity is obtained when the specification serves as a glossary for the claim terms. The words of the claim must be given their plain meaning unless the plain meaning is inconsistent with the specification. In re Zletz, 893 F.2d 319, 321, 13 USPQ2d 1320, 1322 (Fed. Cir. 1989).  "Though understanding the claim language may be aided by explanations Superguide Corp. v. DirecTV Enterprises, Inc., 358 F.3d 870, 875, 69 USPQ2d 1865, 1868 (Fed. Cir. 2004).  
The Examiner submits that D’Souza discloses a storage system receiving and storing data encrypted using a user’s private key in a storage system and securely providing access to the encrypted data according a predefined policy.  The encrypted data and the predefined policy prevent the storage system from unencrypting the encrypted data and permitting the encrypted data to be released to a data requestor or a third party 140 (e.g. a user, a business, a legal entity or governmental entity, etc.) upon receiving a threshold number of requests of release from a number of verified third parties 145 (e.g. judges, notaries public, government officials), wherein the storage system is distributed storage system includes linked computer systems such as cloud system or claimed “ a plurality of trustee systems”, and wherein the encrypted data may be the private key which is divided into many shares and provided to the verified third party 145. Each of the verified third parties publishes his or her own public keys, and encrypts his or her share of the encrypted key using their published public key.  The verified third party shares encrypted according to the published public keys are then stored in the storage system (see FIG. 1, ¶ [0021]-[0022], [0030]-[0032]).  Thus, D’Souza at least discloses the claimed limitation “a plurality of trustee systems” and “receive a secret share of the secret from a first party system and store the secret 
D’Souza further discloses that the user defines a policy with rules governs how the encrypted data can be released.  For example, when one or more requests comes in from the third party 140, which corresponds to the claimed “published requests”, to access user’s encrypted data or the encrypted private key, the storage system sends a query to multiple different verified third parties or trusted parties 145 to request the verified third parties’ approvals to release the encrypted data to the third party 140.  The storage system releases the encrypted data to the third party 140 when a number of responses received from the verified parties 145 meets a threshold set by the policy (see ¶ [0014], [0029]-[0034]).  In other words, the requests from the third party 140 is checked or monitored to meet the requirements or the approvals before the storage system to release the encrypted data to the third party 140.  Thus, D’Souza at least discloses the claimed limitation “monitor published requests for the secret share”.  
On page 12 of the Remarks, the Applicants argue that D’Souza does not teach monitoring of a ledger for published requests occurs.
In response, the Examiner respectfully disagrees and submits that, as discussed above, D’Souza discloses monitoring the published requests for the secret share.  D’Souza discloses a distributed storage system and does not explicitly discloses the ledger; however, similar to D’Souza, Andrade discloses a system storing user’s encrypted data and releasing the encrypted data to a requestor upon confirming user approval by identification verification from a third party occurring in a distributed database such as distributed ledger in a blockchain-based ledger or non-blockchain 
On page 12 of the Remarks, the Applicants argue that Andrade does not teach a trustee system performing the validation step. 
In response, the Examiner respectfully disagrees and submits that Andrade discloses a cross verification (CV) trust utility that includes a blockchain-based ledger storage system that stores user data such as user verified documents or biometric identification data associated with the user in the distributed ledger (see Andrade, ¶ [0105]-[0106]).  The CV or the ledger storage system receives a request from a company B for obtaining the user verified documents and sends the requester verification address or the company B information to the user.  Andrade at least discloses that CV receives a smart contract and “whether the distributed database 730 is configured as a distributed ledger in a blockchain based ledger…the distributed ledger operates to validate the smart contract and record the smart contract, to thereby release the verified documents of the user or client 750 to company B, followed by sending along path #10 the validated smart contract within CV 710 at server 720 to process the delivering of the user’s identification document…”  (see Andrade ¶ [0115]-[0116]). As such, Andrade at least discloses the claimed limitation "validate that a request for the secret share was made by the designated third party system; and if the validation is successful, publish the secret share in response to the validated request for .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5-7, 9, 17 and 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over D’Souza et al. (US 2017/0262639 hereinafter D’Souza) in view of Andrade (US 2018/0343120).
Regarding claim 1, D’Souza discloses a system for providing to a designated third party system access to a secret, the system comprising: 
a plurality of trustee systems (FIG. 1, ¶ [0013], [0021]-[0022]; i.e. cloud data storage system or a vast network of interlinked data storage computer systems), wherein each trustee system is configured to: 
receive a secret share of the secret from a first party system and store the secret share, wherein the secret or the secret share is encrypted such that only a designated 
monitor published requests for the secret share (¶ [0014], [0029]-[0034]; i.e. monitoring whether requests for the encrypted data or encrypted key shares would be allowed based on checking a policy).
D’Souza does not explicitly disclose validate that a request for the secret share was made by the designated third party system; and if the validation is successful, publish the secret share in response to the validated request for the secret share; wherein the secret share is published by the trustee system to a first ledger, and wherein the request for the secret share is published to the first ledger, or to a second ledger.
However, Andrade discloses validate that a request for the secret share was made by the designated third party system (¶ [0108], [0113]-[0120]; i.e. the blockchain server receive a request from a second entity for obtaining the data of the first entity stored in the blockchain server, contacts the first entity regarding the request and validates a smart contract that specifies that the request is from an approved second entity); and if the validation is successful, publish the secret share in response to the validated request for the secret share (¶ [0108], [0115]-[0117]); wherein the secret share is published by the trustee system to a first ledger, and wherein the request for the secret share is published to the first ledger, or to a second ledger (¶ [0108], [0115]-[0117]).

Regarding claim 5, D’Souza in view of Andrade discloses the system of claim 1, further comprising a first party system, wherein the first party system is configured to: encrypt the secret (D’Souza, ¶ [0023]; Andrade, ¶ [0085]); generate the secret share of the encrypted secret (D’Souza, ¶ [0023], [0030]-[0032]); and transmit a secret share of the secret shares to the plurality of trustee systems (D’Souza, ¶ [0022], [0030]-[0032]).
Regarding claim 6, D’Souza in view of Andrade discloses the system of claim 1, further comprising a first party system, wherein the first party system is configured to: generate the secret share of the secret (D’Souza, ¶ [0023], [0030]); encrypt the secret share (D’Souza, ¶ [0023], [0030]-[0032]); and transmit the encrypted secret share to the plurality of trustee systems (D’Souza, ¶ [0023], [0030]-[0032]).
Regarding claim 7, D’Souza in view of Andrade discloses the system of claim 5, wherein the first party system is configured to encrypt the secret or secret share using a public encryption key associated with the third party system (D’Souza, ¶ [0041]).
Regarding claim 9, D’Souza in view of Andrade discloses the system of claim 5, wherein the secret is a second object key of an object key pair (D’Souza, ¶ [0030], [0041]), and wherein the first party system is further configured to: encrypt data using the first object key of the object key pair (D’Souza, ¶ [0041]); and transmit the encrypted data to the third party system (D’Souza, ¶ [0041]).

Regarding claim 20, D’Souza discloses a method for providing to a designated third party system access to a secret, the method comprising: 
receiving, at a trustee system, a secret share of the secret from a first party system and storing the secret share, wherein the secret or the secret share is encrypted such that only a designated third party system can access the secret (FIG. 1, ¶ [0013], [0030]-[0032]; i.e. receiving user’s encrypted data wherein the data is encrypted using the user’s private key that prevents the storage system from gaining access to the encrypted data, the encrypted data is released to verified third parties and/or stored in the data storages); 
monitoring published requests for the secret share (¶ [0014], [0029]-[0034]; i.e. monitoring whether requests for the encrypted data or encrypted key shares would be allowed based on checking a policy).
D’Souza does not explicitly disclose validating that a request for the secret share was made by the designated third party system; and if the validation is successful, publishing the secret share in response to the validated request for the secret share; wherein the secret share is published by the trustee system to a first ledger, and wherein the request for the secret share is published to the first ledger, or to a second ledger.

Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Andrade’s teaching in order to use identification verification to confirm client approval of a second or third party accessing to the client’s data (Andrade, ¶ [0115]-[0120]).
Regarding claim 21, D’Souza discloses a non-transitory computer-readable medium comprising instructions which, when executed by a computer, cause the computer to: 
receive a secret share of the secret from a first party system and store the secret share, wherein the secret or the secret share is encrypted such that only a designated third party system can access the secret (FIG. 1, ¶ [0013], [0030]-[0032]; i.e. receiving user’s encrypted data wherein the data is encrypted using the user’s private key that prevents the storage system from gaining access to the encrypted data, the encrypted data is released to verified third parties and/or stored in the data storages); 

D’Souza does not explicitly disclose validate that a request for the secret share was made by the designated third party system; and if the validation is successful, publish the secret share in response to the validated request for the secret share; wherein the secret share is published by the trustee system to a first ledger, and wherein the request for the secret share is published to the first ledger, or to a second ledger.
However, Andrade discloses validate that a request for the secret share was made by the designated third party system (¶ [0108], [0113]-[0120]; i.e. the blockchain server receive a request from a second entity for obtaining the data of the first entity stored in the bloackchain server, contacts the first entity regarding the request and validates a smart contract that specifies that the request is from an approved second entity); and if the validation is successful, publish the secret share in response to the validated request for the secret share (¶ [0108], [0115]-[0117]); wherein the secret share is published by the trustee system to a first ledger, and wherein the request for the secret share is published to the first ledger, or to a second ledger (¶ [0108], [0115]-[0117]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Andrade’s teaching in order to use identification verification to confirm client approval of a second or third party accessing to the client’s data (Andrade, ¶ [0115]-[0120]).
s 2-4, 8, 10-16 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over D’Souza in view of Andrade and further in view of Bermudez (US 2017/0279807).
Regarding claim 2, D’Souza in view of Andrade discloses the system of claim 1.
D’Souza in view of Andrade does not explicitly disclose wherein the request for the secret share comprises a validation token and an encrypted validation token, and wherein each trustee system is further configured to: receive a second key of a validation key pair from the first party system along with the secret share and store the second key of the validation key pair; validate that the request for the secret share was made by the designated third party system by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token; and if the validation token of a validation message matches the decrypted validation token, publish the associated secret share.
However, Bermudez discloses wherein the request for the secret share comprises a validation token and an encrypted validation token (¶ [0046], [0054]), and wherein each trustee system is further configured to: receive a second key of a validation key pair from the first party system along with the secret share and store the second key of the validation key pair (¶ [0065]-[0071]); validate that the request for the secret share was made by the designated third party system by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token (¶ [0069]-[0072]); and if the validation token of a validation message matches the decrypted validation token, publish the associated secret share (¶ [0073]-[0076]).

Regarding claim 3, D’Souza in view of Andrade discloses the system of claim 1.
D’Souza in view of Andrade does not explicitly disclose wherein the request for the secret share comprises an encrypted validation token, and wherein each trustee system is further configured to: receive a second key of a validation key pair from the first party system along with the secret share and store the second key of the validation key pair; receive a validation token from the first party system and store the validation token; validate that the request for the secret share was made by the designated third party system by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token that was received from the first party system.
However, Bermudez discloses wherein the request for the secret share comprises an encrypted validation token, and wherein each trustee system is further configured to: receive a second key of a validation key pair from the first party system along with the secret share and store the second key of the validation key pair (¶ [0065]-[0071]); receive a validation token from the first party system and store the validation token (¶ [0046], [0056], [0069]); validate that the request for the secret share was made by the designated third party system by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted 
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Bermudez’s teaching of authenticating a user using certificate into D’Souza in view of Andrade in order to verify that the data requestor has the permission to view the data (Bemudez, ¶ [0069]).
Regarding claim 4, D’Souza in view of Andrade discloses the system of claim 1.
D’Souza in view of Andrade does not explicitly disclose wherein each secret share further comprises a share of an identifier associated with the third party system such that the identifier can be derived from the secret share, or wherein each trustee system is further configured: to receive an identifier associated with the third party system from the first party system along with the secret share; and publish the identifier associated with the third party system along with the secret share.
However, Bermudez discloses wherein each secret share further comprises a share of an identifier associated with the third party system such that the identifier can be derived from the secret share, or wherein each trustee system is further configured: to receive an identifier associated with the third party system from the first party system along with the secret share; and publish the identifier associated with the third party system along with the secret share (¶ [0044]-[0046).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Bermudez’s teaching of splitting encryption keys into multiple portions and storing the portions of key in different 
Regarding claim 8, D’Souza in view of Andrade and Bermudez discloses the system of claim 2, further comprising the first party system, wherein the first party system is configured to encrypt the secret or secret share using the second validation key of the validation key pair, and wherein the key required to decrypt the secret or secret share is the first validation key of the validation key pair (Bermudez, ¶ [0042]-[0043]).
Regarding claim 10, D’Souza in view of Andrade and Bermudez discloses the system of claim 3, further comprising a first party system, wherein the first party system is further configured to: generate a validation token, transmit the validation token to the plurality of trustee systems: and transmit the validation token to the third party system (Bermudez, ¶ [0042]-[0043], [0046]).
Regarding claim 11, D’Souza in view of Andrade discloses the system of claim 5.
D’Souza in view of Andrade does not explicitly disclose wherein the first party system is further configured to select the plurality of trustee systems from a group of available trustee systems, wherein the plurality of trustee systems is a subset of the group of available trustee systems.
However, Bermudez discloses wherein the first party system is further configured to select the plurality of trustee systems from a group of available trustee systems, wherein the plurality of trustee systems is a subset of the group of available trustee systems (¶ [0034]-[0038]).

Regarding claim 12, D’Souza in view of Andrade and Bermudez discloses the system of claim 2, further comprising a first party system wherein the first party system is further configured to: analyse a published request for the secret share by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token: and if the validation token of the validation message matches the decrypted validation token, determine that the request for the secret share was published by the designated third party system (Bermudez, ¶ [0073]-[0078]).
Regarding claim 13, D’Souza in view of Andrade and Bermudez discloses the system of claim 3, further comprising a first party system, wherein the first party system is further configured to: analyse the request for the secret share by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token held by the first party system, and if the validation token held by the first party system matches the decrypted validation token, determine that the request for the secret share was published by the designated third party system (Bermudez, ¶ [0073]-[0078]).

D’Souza in view of Andrade does not explicitly discloses monitor a plurality of published secret share; validate the secret shares published by the plurality of trustee systems in response to the request for the secret share; reassemble the encrypted secret from the published secret shares; and decrypt the encrypted secret.
However, Bemudez discloses monitor a plurality of published secret shares (¶ [0073]-[0078]); validate the secret shares published by the plurality of trustee systems in response to the request for the secret share (¶0078]); reassemble the encrypted secret from the published secret shares (¶0078]); and decrypt the encrypted secret (¶0078]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Bermudez’s teaching of splitting encryption keys into multiple portions and storing the portions of key in different locations into D’Souza in view of Andrade for the purpose of security and privacy (Bemudez, ¶ [0003]-[0004], [0013]).
Regarding claim 15, D’Souza in view of Andrade discloses the system of claim 1, further comprising a third party system, wherein the third party system is configured to: publish the request for the secret share (D’Souza, ¶ [0023], [0030]).
D’Souza in view of Andrade does not explicitly discloses monitor a plurality of published secret shares; validate the secret shares published by the plurality of trustee systems in response to the request for the secret share; decrypt the encrypted secret 
However, Bemudez discloses monitor a plurality of published secret shares (¶ [0073]-[0078]); validate the secret shares published by the plurality of trustee systems in response to the request for the secret share (¶0078]); decrypt the encrypted secret share from the published secret shares (¶0078]); and reassemble the secret from the decrypted secret share (¶0078]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Bermudez’s teaching of splitting encryption keys into multiple portions and storing the portions of key in different locations into D’Souza in view of Andrade for the purpose of security and privacy (Bemudez, ¶ [0003]-[0004], [0013]).
Regarding claim 16, D’Souza in view of Andrade and Bemudez discloses the system of claim 14, wherein the third party system is further configured to decrypt the encrypted secret or secret share using a private key of a key pair associated with the third party system or with a first validation key of a validation key pair (D’Souza, ¶ [0030], [0041]; Bemudez, ¶ [0073], [0077]).
Regarding claim 18, D’Souza in view of Andrade and Bermudez discloses the system of claim 10, further comprising a third party system, wherein the third party system is further configured to validate the secret shares published in response to the request for the secret share by comparing the decrypted second validation token published with the secret shares to a local copy of the second validation token, such that when the decrypted second validation token matches the local copy of the second 
Regarding claim 19, D’Souza in view of Andrade and Bermudez discloses the system of claim 14, wherein each trustee system is further configured to: generate a second validation token (Bermudez, ¶ [0049]-[0055]); encrypt the second validation token using a second validation key of a validation key pair to generate an encrypted second validation token (Bermudez, ¶ [0049]-[0055]); and publish the second validation token and the encrypted second validation token with the secret share (Bermudez, ¶ [0049]-[0055]); and wherein third party system is further configured to: validate the secret shares published in response to the request for the secret share by: decrypting the encrypted second validation token using the first validation key of the validation key pair (Bermudez, ¶ [0073]-[0078]); comparing the decrypted second validation token with the second validation token (Bermudez, ¶ [0073]-[0078]); and retrieving the associated secret share when the decrypted second validation token matches the second validation token (Bermudez, ¶ [0073]-[0078]).
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHI D NGUY whose telephone number is (571)270-7311.  The examiner can normally be reached on Monday-Friday 9-5 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 






/C.D.N/Examiner, Art Unit 2435

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435