DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the amendment filed on 9/1/2021.
Claims 6-7, 11, 13 and 23-24 have been canceled.
Claims 29-31 have been added
Claims 1, 20 and 28 have been amended.
Claims 1-5, 8-10, 12, 14-22 and 25-31 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 9/1/2021 has been entered.

Response to Arguments
Applicant's arguments filed on 9/1/2021 have been fully considered but they are not persuasive.  
Applicant argues on page 9 of the Remarks that the combination of Li, Csinger and Hare fails to disclose “dual encryption of key shards, that is, once for communication purposes and once for storage.  Specifically, as cited by the Examiner, Csinger only teaches a single encryption of the shares at paragraph 261 (for communicating the shares to other devices and not for storage as best understood).  Accordingly, claim 1 is patentable over the cited references as are the other independent claims for reciting similar limitations”.  
In response to the above argument, Examiner respectfully disagrees.  All of the referenced prior arts teach one key for storage (Li: exemplary paragraphs 0021 and 0030, “each encryption key may be partitioned into n encryption key fragments such that there is a 1:1 ratio between key distribution computer systems 108(a)-108(n) and encryption key fragments for a particular encryption key; Csinger: exemplary paragraphs 0254 and 0261, “once the shares of the random symmetric key K have been determined for distribution among the plurality of user devices, in this embodiment block 706 further directs the processor 210 to encrypt each share before transmitting the encrypted share to its respective receiving device; Hare: see exemplary figure 43 and paragraph 0531, “the cryptographic sharing client encrypts the session key with the public key associated with User 1 (operation 4306) to form encrypted key”).  Hare the other key for communication purposes (Hare: exemplary paragraphs 0007, 0524 and 0531-0532, “the communications may be performed without the encryption key from the cryptographic sharing client by using a different key management system to create the secure connection.”).  Examiner notes that Hare reference teaches the encryption key as one key for storage and the different key management system as the other key for secure connection (i.e., communication purposes).  Therefore, the combination of cited prior arts does teach the dual encryption of key shards.  Furthermore, the 103 rejection has been maintained.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 8-10, 12, 20-22 and 25-28 are rejected under 35 U.S.C. 103 as being unpatentable over Li et al. (US 20130177157) (hereinafter Li) in view of Csinger et al. (US 20180004930) (hereinafter Csinger), further in view of O’Hare et al. (US 20130013931) (hereinafter Hare).
Regarding claim 1, Li discloses a method comprising: encrypting, at a first device, data with a symmetric key (Li: paragraphs 0018 and 0028, “For each data object that the service computer system 102 determines to encrypt, the service generating a plurality n of key shards based on the symmetric key such that the symmetric key can be reconstituted from the plurality n of key shards (Li: paragraphs 0021 and 0030, “each encryption key may be partitioned into n encryption key fragments such that there is a 1:1 ratio between key distribution computer systems 108(a)-108(n) and encryption key fragments for a particular encryption key and such that each key distribution computer system 108(a)-108(n) stores a unique one of the n encryption key fragments.”).
Li does not explicitly disclose the following limitations which are disclosed by Csinger, encrypting the plurality n of key shards with respective public keys of a plurality of devices, each device also having a corresponding private key to decrypt the encrypted shard (Csinger: paragraphs 0254 and 0261, “once the shares of the random symmetric key K have been determined for distribution among the plurality of user devices, in this embodiment block 706 further directs the processor 210 to encrypt each share before transmitting the encrypted share to its respective receiving device. Typically, the receiving device will have an asymmetric public-private key pair, in which case block 706 directs the processor 210 to encrypt the share using the public key of the receiving device before sending the share to the receiving device.”); and storing the plurality n of encrypted key shards such that the encrypted data is secured because the first device is incapable of decrypting the encrypted data due to an absence of the symmetric key (Csinger: paragraphs 0261-0262 and 0264-0265, “Block 706 further directs the processor 210 to generate and store a user policy record for the transaction in a user policies store 290 in the computer-readable medium 260, identifying the n user devices that received shares of the encryption key K, and specifying that key shares must be successfully obtained from at least m of those devices” … “Upon reconstructing the key K at block 710, in this embodiment block 712 directs the processor 210 to decrypt an encrypted credential using the encryption key K, and transmit the credential to the relying party system 302 for validation.”).  Li and Csinger are analogous art because they are from the same field of endeavor, data protection.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Li and Csinger before him or her, to modify the system of Li to include the steps of encrypting the shares with respective public keys and storing the encrypted shares of Csinger to derive the claimed invention.  The suggestion/motivation for doing so would have been to protect confidential information and assets (Csinger: paragraph 0003).
The combination of Li in view of Csinger discloses storing the shares but does not explicitly disclose the following limitation which is disclosed by Hare, storing the encrypted key shares in a plurality of non-volatile computer memories (Hare: paragraphs 0004, 0278, 0348 “moving shares of the data to different locations on one or more data depositories or storage devices”, 0397 “where the different portions are stored on one or more storage devices at one or more locations or on a single storage device”, and paragraph 0500).  Li in view of Csinger and Hare are analogous art because they are from the same field of endeavor, secure data 
Regarding claim 20, claim 20 discloses a system claim that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 20 and rejected for the same reasons.
Regarding claim 28, claim 28 discloses a method claim that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 28 and rejected for the same reasons.
Regarding claims 2 and 21, Li as modified discloses wherein a threshold m of the plurality n of key shards are required to reconstitute the symmetric key
Regarding claim 3, Li as modified discloses wherein each of the plurality n of devices is physically separate from each other, and the plurality of devices includes the first device (Li: paragraph 0020, “an encryption key store using a single computer system, the encryption key store may be implemented across the multiple different key distribution computer systems 108(a)-108(n), with an individual encryption key, EKey.sub.i, being partitioned into multiple key fragments, EKey.sub.i,1, EKey.sub.i,2, . . . EKey.sub.i, n, each of which is distributed to one of the key distribution computer systems 108(a)-108(n) for storage. For instance, in some implementations, the individual key fragments distributed to the different key distribution computer systems 108(a)-108(n) may be stored in scalable structured data stores at the different key distribution computer systems 108(a)-108(n).”).  
Regarding claim 4, Li as modified discloses wherein storing the plurality of key shards comprises: establishing a communications link between the first device and the plurality n of devices to communicate respective key shards (Li: paragraphs 0038 and 0041, “when a key distribution computer system receives an encryption key fragment retrieval request from the service computer system 202, the key distribution computer system may validate that the hallmark borne by the retrieval request demonstrates ownership of the encryption key fragment before allowing the service computer system 202 to retrieve the encryption key fragment. In contrast, if an encryption key fragment request is received from a malicious intruder who is unable to demonstrate ownership of the encryption key fragment, the key distribution computer system is configured to deny the encryption key fragment retrieval request”); and communicating a key shard over the communications link to at least one of the plurality of devices (Li: paragraphs 0041, “When a need arises for an encrypted data object to be decrypted, the service computer system 202 identifies the identifier (e.g., URI) for the data object and the service computer system key reconstructor 220 issues a request to each of the key distribution computer systems to retrieve encryption key fragments associated with the identifier for the data object”).  
Regarding claim 5, Li as modified discloses wherein the first device belongs to a single user that is authorized to access the encrypted data, and at least one of the plurality n of devices belongs to a user that is not authorized to access the encrypted data (Li: paragraphs 0023 and 0042, “when a key distribution computer system receives an encryption key fragment retrieval request from the service computer system 202, the key distribution computer system may validate that the hallmark borne by the retrieval request demonstrates ownership of the encryption key fragment before allowing the service computer system 202 to retrieve the encryption key fragment. In contrast, if an encryption key fragment request is received from a malicious intruder who is unable to demonstrate ownership of the encryption key fragment, the key distribution computer system is configured to deny the encryption key fragment retrieval request”).
Regarding claims 8 and 22, Li as modified discloses wherein the first device has a public key for each of the plurality n of devices that each have a counterpart private key, and the storing comprises: encrypting each key shard of each device with a respective public key such that a plurality n of encrypted key shards is distributed to the plurality n of devices, and each device can decrypt its encrypted shard when requested to do so and return the decrypted shard to a requestor (Li: paragraphs 0031 and 0049-0050, “This digital signature of the request 
Regarding claim 9, Li as modified discloses in response to a request to access the encrypted data, collecting the threshold m of the plurality n of key shards from the plurality of devices (Li: paragraph 0041, “When a need arises for an encrypted data object to be decrypted, the service computer system 202 identifies the identifier (e.g., URI) for the data object and the service computer system key reconstructor 220 issues a request to each of the key distribution computer systems to retrieve encryption key fragments associated with the identifier for the data object”); reconstituting the symmetric key from the collected m of plurality n of key shards (Li: paragraph 0041, “For example, as illustrated in FIG. 2, when a need arises to decrypt the i-th data object, the service computer system key reconstructor 220 may  and decrypting the encrypted data with the reconstituted symmetric key (Li: paragraph 0044, “After the key distribution computer systems return a sufficient number of encryption key fragments associated with the data object, the service computer system reconstructor 220 reconstructs the encryption key for the data object from the returned encryption key fragments. The reconstructed encryption key then is transferred to the transient encryption key store 208 from which it is accessed by the encryption engine 206 in the data management system 200 to decrypt the data object”).  
Regarding claim 10, Li as modified discloses wherein the plurality of key shards is output generated by processing the symmetric key as input to a threshold cryptography data-sharing scheme 
Regarding claim 12, Li as modified discloses wherein the plurality of key shards are respective portions of the symmetric key that collectively constitute the symmetric key (Li: paragraph 0024, “using a scheme such as secret sharing or erasure coding to partition the encryption key such that the encryption key can be reconstructed from less than all of its encryption fragments provides a reasonably high level of availability for the encryption key, because, even if certain key distribution computer systems fail or are otherwise unavailable, the encryption key still may be reconstructed so long as a sufficient number of the encryption key fragments remain accessible”).
Regarding claim 25, Li as modified discloses wherein the storing stores the n encrypted key shards and the encrypted data in a single file accessible to the first device (Csinger: paragraphs 0261-0262 and 0264-0265, “Block 706 further directs the processor 210 to generate and store a user policy record for the transaction in a user policies store 290 in the computer-readable medium 260, identifying the n user devices that received shares of the encryption key K, and specifying that key shares must be successfully obtained from at least m of those devices” … “Upon reconstructing the key K at block 710, in this embodiment block 712 directs the processor 210 to decrypt an encrypted credential using the encryption key K, and transmit the credential to the relying party system 302 for validation.”).   The same motivation to modify Li in view of Csinger, as applied in claim 1 above, applies here.
Regarding claim 26, Li as modified discloses wherein the public keys are stored on the first device and wherein the encrypting the plurality of n key shards is performed by the first device (Csinger: paragraphs 0261-0262 and 0264-0265, 
Regarding claim 27, Li as modified discloses wherein the collecting includes causing m of the plurality n devices to decrypt m key shards using their respective private keys (Csinger: paragraphs 0058 and 0265, “Using an implementation of SSSS, the conspiracy's key (in this case the private symmetric key K) can be split into n shares where only m shares are needed to reconstruct the private key (for example, in a 3-of-7 implementation, the key would be divided into shares distributed to seven of the user devices 200, but only three of those shares would be required to reconstruct the key K which is required to decrypt the legacy credential”).  The same motivation to modify Li in view of Csinger, as applied in claim 1 above, applies here.

Claims 14-19 are rejected under 35 U.S.C. 103 as being unpatentable over Li in view of Csinger in view of Hare, and further in view of Fazio et al. (US 20100037055) (hereinafter Fazio).
Regarding claim 14, Li in view of Csinger in view of Hare does not explicitly disclose the following limitations which are disclosed by Fazio, wherein the plurality of key shards is a first set of key shards, and the plurality of devices is a first combination of devices, the method further comprising: generating a second set of key shards from a first minimum threshold number of the first set of key shards (Fazio: paragraph 0033, “generating new sub-shares and delivering them to all the members of the new set, along with a proof of correctness”); distributing the second set of key shards among a second combination of devices (Fazio: paragraphs 0033 and 0035, “generating new sub-shares and delivering them to all the members of the new set, along with a proof of correctness”); and generating a third set of key shards from the second set of key shards such that the symmetric key is capable of being reconstituted based on a second minimum threshold number of the third set of key shards of the second combination of devices (Fazio: paragraphs 0033 and 0035-0036, “The third step is for members of the new set to collect the sub-shares generated by the core set, and combine the sub-shares into a new set of shares, each new share being derived from sub-shares from multiple users”… “The new shares may then be distributed to a new set of users. In particular, a first new user may receive new share s'.sub.1', a second new user may receive new share s'.sub.m', and so on. The sub-shares are formed such that when all the new shares are combined the original key k may be produced. As a threshold scheme it is noted that not all users must participate to produce the original key. This shown by the old share s.sub.n of one user, share 28, who does not participate, but does not prevent the original key k from being generated”).  Li in view of Csinger in view of Hare and 
Regarding claim 15, Li as modified discloses wherein the second combination of devices includes at least some of the first combination of devices (Fazio: paragraphs 0033 and 0035, “The REDIST procedure is used to redistribute signing shares from the current set of members to a new set.”… “for redistributing shares of a private key, or a sign key, to a new set of users. In particular, a key k is split into individual key shares, s.sub.1, . . . , s.sub.m, . . . , s.sub.n, as shown in FIG. 1. A first user, with share s.sub.1 then divides up its share into sub-shares, 10, 12 and 14. Likewise, another user, s.sub.m divides up its share into sub-shares, 16, 18 and 20”).  The same motivation to modify Li in view of Csinger in view of Hare in view of Fazio, as applied in claim 14 above, applies here.
Regarding claim 16, Li as modified discloses wherein the first minimum threshold number equals the second minimum threshold number and the symmetric key is capable of being reconstituted based on the first minimum threshold number of the first set of key shards (Fazio: paragraphs 0035-0036, “The sub-shares in the second column, such as 12 and 18 are combined to form new share s'.sub.m, and so on, until all n new shares have been formed. The new shares may then 
Regarding claim 17, Li as modified discloses wherein the second minimum threshold number is different than the first minimum threshold number (Fazio: paragraphs 0035-0036, “for redistributing shares of a private key, or a sign key, to a new set of users. In particular, a key k is split into individual key shares, s.sub.1, . . . , s.sub.m, . . . , s.sub.n, as shown in FIG. 1. A first user, with share s.sub.1 then divides up its share into sub-shares, 10, 12 and 14. Likewise, another user, s.sub.m divides up its share into sub-shares, 16, 18 and 20”).  The same motivation to modify Li in view of Csinger in view of Hare in view of Fazio, as applied in claim 14 above, applies here. 
Regarding claim 18, Li as modified discloses wherein a total number of the second set of key shards is different than a total number of the first set of key shards (Fazio: see figure 2 below; and paragraphs 0035-0036, “for redistributing shares of a private key, or a sign key, to a new set of users. In particular, a key k is split into individual key shares, s.sub.1, . . . , s.sub.m, . . . , s.sub.n, as shown in FIG. 1. A first user, with share s.sub.1 then divides up its share into sub-shares, 10, 12 and 14. Likewise, another user, s.sub.m divides up its share into sub-shares, 16, 18 and 20”).  The same motivation to modify Li in view of Csinger in view of Hare in view of Fazio, as applied in claim 14 above, applies here

    PNG
    media_image1.png
    602
    825
    media_image1.png
    Greyscale
  
Regarding claim 19, Li as modified discloses generating a fourth set of key shards from a third minimum threshold number of the third set of key shards (Fazio: see figure 2 above); distributing the fourth set of key shards among a third combination of devices (Fazio: see figure 2; and paragraphs 0035-0036, “for redistributing shares of a private key, or a sign key, to a new set of users….A first user, with share s.sub.1 then divides up its share into sub-shares, 10, 12 and 14. Likewise, another user, s.sub.m divides up its share into sub-shares, 16, 18 and 20”); and generating a fifth set of key shards from the fourth set of key shards such that the symmetric key is capable of being reconstituted based on a fourth minimum threshold number of the fifth set of key shards of the third combination of devices (Fazio: paragraphs 0035-0036, “The sub-shares in the second column, such as 12 and 18 are combined to form new share s'.sub.m, and so on, until all n new shares have been formed. The new shares may then be distributed to a new set of users. In particular, a first new user may receive new share s'.sub.1', a second new user may receive new share s'.sub.m', and so on. The sub-shares are formed such that when all ).  The same motivation to modify Li in view of Csinger in view of Hare in view of Fazio, as applied in claim 14 above, applies here.

Claims 29-31 are rejected under 35 U.S.C. 103 as being unpatentable over Li in view of Csinger in view of Hare, and further in view of Norton (US 20170272245) (hereinafter Norton).
Regarding claim 29, Li in view of Csinger in view of Hare does not explicitly disclose the following limitation which is disclosed by Norton, deleting the reconstituted key after completing decryption of the encrypted data (Nortion: paragraphs 0005 and 0041, “With the authorization from the mobile user 104, the wearable device 144 decrypts 480 the message M using the regenerated private key k. Then, the wearable device 144 forgets 484 or deletes the regenerated private key k from a non-transitory computer-readable storage medium”).  Li in view of Csinger in view of Hare and Norton are analogous art because they are from the same field of endeavor, data protection.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Li in view of Csinger in view of Hare and Norton before him or her, to modify the system of Li in view of Csinger in view of Hare to include the step of deleting the reconstituted key after completing decryption of the encrypted data of Norton.  The suggestion/motivation for doing so would have been to provide better security for the private key in public key cryptography where the theft of a device or the compromise of a device will not allow 
Regarding claim 30, Li as modified discloses rotating the symmetric key (Norton: paragraphs 0009 and 0048-0050, “Therefore it is desirable to periodically rotate keys (replace old keys with new keys) to guard against this aspect of public key cryptography”).  The same motivation to modify Li in view of Csinger in view of Hare in view of Norton, as applied in claim 29 above, applies here.
Regarding claim 31, Li as modified discloses wherein the rotating comprises reconstituting the symmetric key, decrypting the encrypted data with the reconstituted symmetric key, generating a second symmetric key, encrypting the data with the second symmetric key, generating key shards for the second symmetric key, encrypting the key shards and distributing the key shards (Norton: paragraphs 0009, 0023 and 0048-0050, “To begin the key rotation 140, the mobile user 104 requests 636 that the mobile device 148 rotate the current key pair.”… “utilize the system 100 to digitally sign or notarize 120 messages with a regenerated private key, encrypt 124 messages to another mobile user or system using the other user or system's public key, and decrypt 128 messages using the regenerated private key. The mobile user 104 can also perform functions such as adding 132 another mobile device that operates with the wearable device, resetting 136 the password to the mobile device, and rotating 140 the private key to maintain the security of public key cryptography”).  The same motivation to modify Li in view of Csinger in view of Hare in view of Norton, as applied in claim 29 above, applies here.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Selgas et al. (US 20140281520 A1) - a method for sharing an encrypted file stored in a cloud server, the method comprising: generating a file key associated with the encrypted file stored in the cloud server; encrypting the file key using a symmetric key to generate a share key; storing the share key in the cloud server; retrieving the encrypted file and the share key from the cloud server; decrypting the share key using the symmetric key to reconstruct the file key; and using the reconstructed file key to decrypt the encrypted file.
D’Souza (US 20130212393) - securing a secret are disclosed. One method includes receiving a secret from the user and generating encrypted shares based on the secret, a policy, and a plurality of public keys. The encrypted shares are provided to a custodian, wherein the custodian verifies that the encrypted shares can be used to reconstitute the secret upon receiving the encrypted shares.
Rietman (20180034630) - a key generation device configured to generate a public key for use in a public key encryption device and a corresponding private key for use in a private key decryption device. The key generation device comprises a private key generator and a public key generator. The private key generator is configured for obtaining in electronic form a private random value, and generating the private key, the private key comprising the private random 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740.  The examiner can normally be reached on Monday-Friday 7-4 ET.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/TRANG T DOAN/Primary Examiner, Art Unit 2431