DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Oath/Declaration
The applicant’s oath/declaration has been reviewed by the examiner and is found to conform to the requirements prescribed in 37 C.F.R. 1.63.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 05/06/2019, 05/05/2019, 02/21/2020, 06/09/2021, and 12/06/2021 are in compliance with the provisions of 37 CFR 1.97.  It is noted by the Examiner that all of the references were considered, but due to the extensive amount of items identified in the IDS, it was considered based upon a cursory review.

Priority
As required by M.P.E.P. 201.14(c), acknowledgement is made of applicant’s claim for priority based on applications filed on August 2, 2018 (PRO US 62/713834).


Drawings
The applicant’s drawings submitted on 05/06/2019 are acceptable for examination purposes.

Specification
The applicant’s Specification submitted on 05/06/2019 is acceptable for examination purposes.

Claim Objections
Claims 4, 16, and 21 are objected to because of the following informalities: 
Regarding claims 4 and 16, the claims recite “…wherein each set of secret shares includes a portion of the at least one second share …” It appears to be a typographical error as the correct term should be “… wherein each set of secret shares includes a portion of the at least one second secret share”.  Appropriate correction is required.
Regarding claim 21, the claim recites the identical limitation of the claim 20, the claim appears to be a minor informality of redundancy. As claim 21 repeats the same limitation of claim 20, it is suggested the duplicated claim to be removed from the set of claims. Appropriate corrections is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4, 6-13, 16, and 18-23 are rejected under 35 U.S.C. 103 as being unpatentable over Camenisch et al. (US Pub 2018/0212763), disclosed in IDS submitted on 06/09/2021, hereinafter referred to as Camenisch, and in view of Fletcher et al. (US Pub 2021/0152371), hereinafter referred to as Fletcher.
Regarding claim 1, Camenisch teaches a method for:
generating, by a first system, at least one first secret share of a plurality of secret shares [based on an API secret], wherein the plurality of secret shares includes the at least one first secret share and at least one second secret share, wherein the at least one second secret share is generated by at least one second system; and (Camenisch, par 31, the servers Si communicate via network 3 to implement the cryptographic protocol in which the key shares Ki of a plurality of the servers can be combined to reconstruct the secret key K for the protocol. Proactive security is provided by operation of the second server compartments 5 of the servers. In particular, through operation of the key-management logic, the second server compartment 5 of each server is adapted, for each of successive time periods in operation of the cryptographic protocol, to unilaterally generate a new key share of the secret key K, the Examiner submits servers are mapped to “a first system and at least one second system”, a plurality of key shares are generated by servers unilaterally, wherein the key shares of a plurality of the servers can be combined to reconstruct the secret key K. Camenisch, Fig. 1 and par 34, While the initialization data could include the initial key shares Ki, in preferred embodiments these initial shares can be generated by the second server compartments 5, further disclose the initial key shares are generated in the second compartment of each severs).
Camenisch does not expressly teach the following limitation:
a method for securing application programming interface (API) requests, comprising: 
a plurality of secret shares based on an API secret, and
signing, by the first system, an API request using the at least one first secret share, wherein the API request is further signed by the at least one second system using the at least one second secret share, wherein the API request is signed without revealing any of the at least one first secret share to the at least one second system and without revealing any of the at least one second secret share to the first system.
Fletcher teaches a method for securing application programming interface (API) requests (Fletcher, par 14, The BitGo service would perform signature operations via an authenticated API request from the exchange), comprising: 
a plurality of secret shares based on an API secret (Fletcher, par. 16, threshold signature protocols enable a group of parties (or nodes) to collectively sign a transaction using a threshold m of n key shares without reconstructing the private key at any point.  Fletcher par 46, FIG. 4 shows a process for splitting a share of a private key, the Examiner submits a private key to be mapped to an “API secret”. Fletcher, par 51, The parties hold secret key shares x.sub.n; n=1,2,3,4 in a threshold private key x; the shares are generated distributively, the Examiner submits secret key shares to be mapped to a “plurality of secret shares based on an API secret”), and
(Fletcher, par 14, The movement of funds (via a signed valid transaction) could then be authorised by either: i) the client and the exchange or ii) the exchange and BitGo (in the case that the client was uncooperative or had lost their keys). The BitGo service would perform signature operations via an authenticated API request from the exchange, discloses a valid transaction is signed, wherein the transaction is being signed by Bitgo service via API request, and Examiner submits the transaction is mapped to the claimed API request. Fletcher, par 16, Threshold signature protocols enable a group of parties (or nodes) to collectively sign a transaction using a threshold m of n key shares without reconstructing the private key at any point, a transaction is mapped to the “API request”; a group of parties and m of n key shares disclose a plurality of systems with corresponding key shares such that at least one second system is signing using a second secret share, Fletcher, par 51, The parties hold secret key shares x.sub.n; n=1,2,3,4 in a threshold private key x; the shares are generated distributively (i.e. without a trusted dealer), according to a method described in greater detail below so that the full private key never exists in a single place. These shares (along with the signature initialisation) may be used to generate a partial signature (or signature share) sig.sub.n; n=1,2,3,4 on a message m (a Bitcoin transaction hash) , discloses generation of a partial signature using the shares as having the API request signed by secret shares. Fletcher, par 52, Parties 2, 3 and 4 are assumed to employ trusted hardware, such that their share in the threshold private key is generated within a protected ‘enclave’. Messages can be sent into the enclave and a (partial) signature on the message may be output if certain conditions are met, but the private key share never leaves the enclave, further discloses a plurality of systems having a plurality of private key shares, which are generated and used to sign on a message m, mapped to “API request”), wherein the API request is signed without revealing any of the at least one first secret share to the at least one second system and without revealing any of the at least one second secret share to the first system (Fletcher, par 16, Threshold signature protocols enable a group of parties (or nodes) to collectively sign a transaction using a threshold m of n key shares without reconstructing the private key at any point, or any participant learning anything about any other party's key share. Fletcher, par 52, Parties 2, 3 and 4 are assumed to employ trusted hardware, such that their share in the threshold private key is generated within a protected ‘enclave’. Messages can be sent into the enclave and a (partial) signature on the message may be output if certain conditions are met, but the private key share never leaves the enclave, discloses parties 2, 3, and 4 generate private key shares and sign the message respectively, and the Examiner submits the private key share never leaves the enclave is mapped to a first secret share is not revealed to a second system and a second secret share is not revealed to a first system).
Camenisch and Fletcher are from a similar field of technology, respectively related to: (i) secret key is shared by participant for implementing cryptographic protocols; (ii) cryptographic protocols include a secret sharing scheme and the m of n Fletcher, par 9) in application programming interface (API) environment. 
Regarding claim 12, it is a non-transitory computer readable medium claim that encompasses limitations similar to those of method claim 1. Therefore, claim 12 is rejected with the motivation and rationale as applied against claim 1. In addition, Camenisch teaches a non-transitory computer readable medium having stored thereon instructions for causing a processing circuitry of a first system to execute a process, (Camenisch, par 16, The computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device … A computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire).
Regarding claim 13, it is a system claim that encompasses limitations similar to those of method claim 1. Therefore, claim 13 is rejected with the motivation and rationale as applied against claim 1. In addition, Camenisch teaches a processing (Camenisch, par 20, These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus. Camenisch, par 16, The computer readable storage medium can be a tangible device that can retain and store instructions for use by an instruction execution device).
Regarding claim 4, Camenisch in view of Fletcher teaches the method of claim 1.
Camenisch further teaches wherein the at least one second system includes a plurality of second systems, wherein the plurality of secret shares includes a plurality of sets of secret shares, wherein each set of secret shares includes a portion of the at least one second share (Camenisch, Fig. 1, the Examiner submits Server S1 as the first system, Server Si to be mapped to a “plurality of second systems”, key share K1, Ki, and Kn to be mapped to the “plurality of secret shares” and the set of key shares {K1, … Ki, Ki+1, … Kn} includes Ki which is mapped to “one second share”). In addition, Fletcher teaches wherein each set of secret shares includes a portion of the at least one second share (Fletcher, par. 69, the security for the client can be further enhanced by splitting the client key share. This process is shown in FIG. 4. Once established from the Joint Verifiable Random Secret Sharing (JVRSS) protocol, the client key share (x.sub.1) can itself be split into two or three sub-shares. The Examiner submits that a secret key share includes at least one sub-shares)
Regarding claim 16, it is a system claim that encompasses limitations similar to those of method claim 4. Therefore, claim 16 is rejected with the motivation and rationale as applied against claim 4.
Regarding claim 6, Fletcher in view of Cheng teaches the method of claim 1. Fletcher further teaches wherein the API secret is not exposed over a network (Fletcher, par 52, Parties 2, 3 and 4 are assumed to employ trusted hardware, such that their share in the threshold private key is generated within a protected ‘enclave’. Messages can be sent into the enclave and a (partial) signature on the message may be output if certain conditions are met, but the private key share never leaves the enclave. In this scheme, the threshold private key can be reconstructed given two private key shares, discloses the private key, made up by a plurality key shares and can be restricted, is never exposed over a network).
Regarding claim 18, it is a system claim that encompasses limitations similar to those of method claim 6. Therefore, claim 18 is rejected with the motivation and rationale as applied against claim 6.
Regarding claim 7, Camenisch in view of Fletcher teaches the method of claim 1.
Fletcher further teaches wherein the API secret is not exposed to any of the first system and the at least one second system (Fletcher, par 17, A threshold signature scheme can be combined with a dealer-free (or dealer-less) protocol for establishing the secret shares, where the shared secret (the private key) is unknown to any party (in fact, it does not need to ever explicitly exist in memory at any point), discloses shared secret is mapped to API secret that is unknown to any systems. Fletcher, par 51, The parties hold secret key shares xn; n=1,2,3,4 in a threshold private key x; the shares are generated distributively (i.e. without a trusted dealer), according to a method described in greater detail below so that the full private key never exists in a single place, discloses the full private key mapped to the API secret is not exposed to any systems).
Regarding claim 19, it is a system claim that encompasses limitations similar to those of method claim 7. Therefore, claim 19 is rejected with the motivation and rationale as applied against claim 7.
Regarding claim 8, Camenisch in view of Fletcher teaches the method of claim 1.
Fletcher further teaches wherein the API secret is not reconstructed when any of the plurality of secrets are used to sign the API request (Fletcher, par 16, Threshold signature protocols enable a group of parties (or nodes) to collectively sign a transaction using a threshold m of n key shares without reconstructing the private key at any point, or any participant learning anything about any other party's key share, discloses when m of n key shares sign a transaction which is mapped to the “API request”, the private key mapped to the “API secret” is not reconstructed. Fletcher, par 51, The parties hold secret key shares xn; n=1,2,3,4 in a threshold private key x; the shares are generated distributively (i.e. without a trusted dealer), according to a method described in greater detail below so that the full private key never exists in a single place, discloses the full private key mapped to the API secret actually never exists in a single place).
Regarding claim 20, it is a system claim that encompasses limitations similar to those of method claim 8. Therefore, claim 20 is rejected with the motivation and rationale as applied against claim 8.
Regarding claim 21, it is a system claim that encompasses limitations similar to those of method claim 8. Therefore, claim 21 is rejected with the motivation and rationale as applied against claim 8.
Regarding claim 9, Camenisch in view of Fletcher teaches the method of claim 1.
Fletcher further teaches wherein each of the at least one first share is only exposed to the first system, wherein each of the at least one second share is only exposed to one of the at least one second system (Fletcher, par 52, Parties 2, 3 and 4 are assumed to employ trusted hardware, such that their share in the threshold private key is generated within a protected ‘enclave’. Messages can be sent into the enclave and a (partial) signature on the message may be output if certain conditions are met, but the private key share never leaves the enclave, discloses generated key shares are not leaving the protected enclaves of the respective parties is mapped to “first share is only exposed to the first system, … second share is only exposed to one of the at least one second system”).
Regarding claim 22, it is a system claim that encompasses limitations similar to those of method claim 9. Therefore, claim 22 is rejected with the motivation and rationale as applied against claim 9.
Regarding claim 10, Camenisch in view of Fletcher teaches the method of the claim 9.
Fletcher further teaches wherein each portion of each of the at least one first share is only exposed to the first system, wherein each portion of each of the at least one second share is only exposed to one of the at least one second system (Fletcher, par 52, Parties 2, 3 and 4 are assumed to employ trusted hardware, such that their share in the threshold private key is generated within a protected ‘enclave’. Messages can be sent into the enclave and a (partial) signature on the message may be output if certain conditions are met, but the private key share never leaves the enclave, discloses private key shares from parties 2-4 never leave the enclave of the respective parties, which is  mapped to “portion of each of the at least one first share is only exposed to the first system, wherein each portion of each of the at least one second share is only exposed to one of the at least one second system” as key shares do not leave the enclaves, any portion of the key shares do not leave the enclaves).
Regarding claim 23, it is a system claim that encompasses limitations similar to those of method claim 10. Therefore, claim 23 is rejected with the motivation and rationale as applied against claim 10.
Regarding claim 11, Camenisch in view of Fletcher teaches the method of the claim 9.
Fletcher further teaches wherein each system is configured not to send any share generated by the system to any external system (Fletcher, par 52, Parties 2, 3 and 4 are assumed to employ trusted hardware, such that their share in the threshold private key is generated within a protected ‘enclave’. Messages can be sent into the enclave and a (partial) signature on the message may be output if certain conditions are met, but the private key share never leaves the enclave, discloses private key shares from parties never leave their respective enclaves which is mapped to “each system is configured not to send any share generated by the system to any external system” as the key shares are generated within the parties’ own protected enclaves).

Claims 2-3, and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Camenisch, Fletcher and further in view of Noam et al. (US Pub 2020/0374113), hereinafter referred as Noam.
Regarding claim 2, Camenisch in view of Fletcher teaches the method of claim 1.
Noam further teaches wherein the API request is signed using at least a portion of the at least one first secret share when at least one party enforces a policy on the other party (Noam, par 221, This functionality can be advantageously implemented in multiple contexts, such as: signing a blockchain's state with a single canonical signature, signing transactions to be executed on other blockchains, notarizing the state of other (connected) blockchains, signing API calls for third-party infrastructure, etc, discloses the functionality of the invention can be implemented in multiple contexts including signing API calls. Noam, par 284, Thus, such an example process can include operations such as a client sending a document B (or its hash) to each of the nodes, the client receiving a signed document (or its hash) from each node, signed using a key share stored at the respective node, and if the client receives at least enough signed documents from the respective nodes (each signed with a share of the referenced secret/key) to meet/exceed a defined threshold (e.g., at least t (threshold) of n), such signed documents can be combined to generate a signed document (or its hash) without exposing the full key to the client, as described herein, the Examiner submits a document or its hash to be mapped to the “API request”, wherein the document or its hash is signed by a key share which is mapped to “secret share”. Noam, par, 256, Each of the referenced nodes 820 can be, for example, a server computer, computing device, storage service (e.g., a ‘cloud’ service), etc. and can include authentication engine 830 and database 840. Noam, par 284, At operation 960, one or more of the referenced nodes can verify that the generated proof (e.g., as broadcast/received at 950) conforms to the appropriate authentication protocol. For example, the referenced nodes verify that the client access is in conformance to the authentication protocol, (e.g., using the described inter-node authentication protocol execution consensus described herein), the Examiner submits one or more of the referenced nodes to be mapped to “at least one party enforces a policy on the other party”, wherein authentication protocol is mapped to a “policy”). 
Camenisch, Fletcher, and Noam are from a similar field of technology, respectively related to: (i) secret key is shared by participant for implementing cryptographic protocols; (ii) cryptographic protocols include a threshold secret sharing scheme; (iii) providing enhanced security to application interface programming systems by using a Shamir’s secret sharing scheme. Therefore, it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teachings of Camenisch and Fletcher with the system and the method of Noam to enhance security to include systems employ various authentication protocols by utilizing a centralized operator that secures the authentication data and applies strong enforcement of the authentication protocol rules (Noam, par 241)
Regarding claim 14, it is a system claim that encompasses limitations similar to those of method claim 2. Therefore, claim 14 is rejected with the motivation and rationale as applied against claim 2. 
Regarding claim 3, Camenisch, Fletcher, and Noam teach the method of claim 2.
Noam further teaches the method of claim 2, wherein the at least one requirement of the signing policy includes a requirement that at least the threshold number of the plurality of shares are present in the first system and the at least one second system (Noam par 284, if the client receives at least enough signed documents from the respective nodes (each signed with a share of the referenced secret/key) to meet/exceed a defined threshold (e.g., at least t (threshold) of n), such signed documents can be combined to generate a signed document (or its hash) without exposing the full key to the client, as described herein. Noam, par 286, Additionally, at operation 970, the threshold signature protocol is or the consensus on the authentication protocol execution directly is used by the nodes to validate the transaction, discloses authentication protocol includes threshold signature protocol which is mapped to a “requirement that at least the threshold number of the plurality of shares are present in the first system and the at least one second system”).
Regarding claim 15, it is a system claim that encompasses limitations similar to those of method claim 3. Therefore, claim 15 is rejected with the motivation and rationale as applied against claim 3.

Claims 5 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Camenisch, Fletcher and further in view of Wallrabenstein (US Pub 2017/0149572), hereinafter referred as Wallrabenstein.
Regarding claim 5, Camenisch in view of Fletcher teaches the method of claim 1.
Wallrabenstein further teaches the method further comprising: rotating at least a portion of the plurality of secret shares between the first system and at least one of the at least one second system (Wallrabenstein, par 135, each of a set of players p.sub.i∈custom-character to refresh their share r.sub.i.sup.(τ) of an original secret r at time period τ into a new share r.sub.i.sup.(τ+1) such that the resulting set of new shares {r.sub.i.sup.(τ+1}.sub.i∈[1 . . . n] remains a sharing of the original secret, discloses secret shares being refreshed by each players is mapped to rotating secret shares).
Camenisch, Fletcher, and Wallrabenstein are from a similar field of technology, respectively related to: (i) secret key is shared by participant for implementing cryptographic protocols; (ii) cryptographic protocols include a secret sharing scheme; (iii) providing enhanced security to application interface programming systems by using a threshold signature scheme. Therefore it would have been obvious to one ordinary skilled in the art before the effective filing date of the claimed invention to incorporate the teachings of Camenisch and Fletcher with the system and the method of Wallrabenstein to enhance security by updating shares frequently to elevate the difficulty of the attack as any shares in time period t are useless in time period t+1 (Wallrabenstein, par 150)
Regarding claim 17, it is a system claim that encompasses limitations similar to those of method claim 5. Therefore, claim 17 is rejected with the motivation and rationale as applied against claim 5.

Related Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure includes:
Rossman (US Pat 11019068) – teaches requirement of the threshold number of signature
Wright (WO 2017145016) – teaches generation of sub-keys

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JUNGWOO LEE whose telephone number is (571)272-1332. The examiner can normally be reached Monday - Friday 8:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571)272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/J.L./Examiner, Art Unit 2498                                                                                                                                                                                                        



/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498