DETAILED ACTION
This Final Office Action is in response to amendment filed on 11/22/2021. Claims 1, 4-5, 7, 9-13, 15-22, 25-26, and 28-30 have been amended. Claims 2-3, 6, 8, 14, 23-24, and 27 have been cancelled. Claims 31-33 have been newly added. Claims 1, 4-5, 7, 9-13, 15-22, 25-26, and 28-33 remain pending in the application. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 10/07/2019 are accepted.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 12/22/2021 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly an initialed and dated copy of Applicant's IDS form 1449 filed 12/22/2021 are attached to the instant Office action. 

Response to Amendment 
Specification amendments overcome the specification objection previously set forth in the Non-Final Office Action mailed on 07/21/2021.
 Claim amendments overcome the claim objection previously set forth in the Non-Final Office Action mailed on 07/21/2021.
Claim amendments obviate the interpretation under USC 112(f) and overcome the USC 112(a) and USC 112 (b) rejections previously set forth in the Non-Final Office Action mailed on 07/21/2021.
Claim amendments to claims 1, 13 and 22 and the applicant remarks of 11/22/2021 overcome the double patenting rejection pertaining to co-pending Application No. 16/889,277.

Response to Arguments 
Regarding independent claims 1, 13 and 22, applicant’s arguments, see Applicant Remarks, Page 24-27, regarding the newly added limitation “encrypted asset encryption key parts using belonging to the computing device and stored in the at least one memory in the computing device; and encrypt each of the at least one set of encrypted asset encryption key parts using a public key of a public/private keypair belonging to the computing device, such that each of the at least one set of encrypted asset encryption key parts is doubly-encrypted” in claim 1, “decrypt the plurality of encrypted asset encryption key parts into asset encryption key parts using at least one private key of at least one public/private keypair belonging to the computing device and at least one symmetric key belonging to the computing device” in claim 13 and “encrypted asset encryption key parts using belonging to the computing device, wherein the at least one symmetric key is stored in at least one memory in the computing device; and encrypt each of the at least one set of encrypted asset encryption key parts using a public key of a public/private keypair belonging to the computing device, such that each of the at least one set of encrypted asset encryption key parts is double encrypted” in claim 22, filed 11/22/2021, with respect to the rejection(s) of claim(s) 1 and 13 under 35 U.S.C 102 (a)(2) have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of under 35 U.S.C 103 rejection is made in view of the newly found prior art: Carlson (US 20180013728 A1), hereinafter Carlson, in addition to the previously cited prior art, where Carlson discloses doubly encrypting information first by a symmetric key, then by a public key belonging and available to the computing device, and decrypting the doubly encrypted information by the private key then the symmetric key. Please see detailed rejection below.
Regarding applicant’s remarks in Pages 28-30, examiner submits that the double encryption is relied upon by the newly found prior art, Carlson, as described below.
	
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1, 4-5, 7, 9-13, 15-22, 25-26, and 28-30 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 14-16 and 23-24 of copending Application No. 16/595,004 hereinafter 004, in view of Bunch (US 20190238323 A1), hereinafter Bunch, in view of Telford (US 20170222805 A1), hereinafter Telford, Carlson (US 20180013728 A1), hereinafter Carlson, and further in view of Winklevoss (US 9,892,460 B1), hereinafter Winklevoss. This is a provisional nonstatutory double patenting rejection.
Instant Application 16/595,020
Co-pending Application 16/595,004
1. A computing device, system comprising: at least one processor; and at least one memory communicatively coupled to the at least one processor; [[and]] wherein the at least one processor is configured to: encrypt at least one set of asset encryption key parts into at least one set of encrypted asset encryption key parts using at least one of: at least one symmetric key belonging to the computing device and stored in the at least one memory in the computing device; and[[or]] encrypt each of the at least one set of encrypted asset encryption key parts using a public key of a public/private keypair belonging to the computing device, such that each of the at least one set of encrypted asset encryption key parts is doubly-encrypted; wherein at least a subset of the at least one set of asset encryption key parts are used to reconstruct an asset encryption key, which is used to perform an action using at least one asset key.
1. A system comprising: at least one processor; at least one memory communicatively coupled to the at least one processor; and wherein the at least one processor is configured to: 
encrypt each secret part of at least one set of secret parts into a corresponding singly-encrypted secret part; 
encrypt each corresponding singly-encrypted secret part into a corresponding doubly-encrypted secret part using a corresponding at least one public key, each public key belonging to a corresponding one of at least one public/private keypair; 
wherein at least a subset of the secret parts of the at least one set of secret parts are used to reconstruct a secret.
14. The system of claim 1, wherein the at least one processor is further configured to: reconstruct a secret from a plurality of the secret parts, wherein the secret is a symmetric encryption key; and perform an action with the asset encryption key. 
4. The computing device system of claim [[3]]1, further comprising: a network adapter network interface circuitry communicatively coupled to the at least one processor and configured to: communicate each of the at least one set of encrypted asset encryption key parts to [[the]] corresponding part holder computing devices.

computing device system of claim [[3]]1, further comprising: a network adapter network interface circuitry communicatively coupled to the at least one processor and configured to: communicate each of the at least one set of encrypted asset encryption key parts to a repository for later access by [[the]] corresponding part holder computing devices.

7. The computing device system of claim 1, wherein using at least one of at least one symmetric key or at least one public key of at least one public/private keypair associated with the system includes: using the at least one symmetric key when the  computing device implements an offline signing service, wherein the at least one symmetric key is stored in the at least one memory in the system.

9. The computing device system of claim [[8]] 1, wherein the at least one processor is configured to: cause a printer connected to the computing device system to print a quick response (QR) code for each of the at least one set of encrypted asset encryption key parts.

10. The computing device system of claim 9, wherein [[the]]at least one QR codes are of a plurality of QR codes including the QR code for each of the at least one set of encrypted asset encryption key parts is scanned by an imaging device camera or scanner coupled to the computing device system as part of reconstructing the asset encryption key.

11. (Currently Amended) The computing device system of claim 1, wherein the at least one processor is configured to: generate the at least one set of asset encryption key parts from the asset encryption key through at least one of polynomial interpolation or Shamir secret sharing.

12. (Currently Amended) The computing device system of claim 1, wherein the action comprises at least one of the following actions using the at least one asset key: encrypting first data; decrypting second data; encrypting a first second blockchain private key; generating a transaction address; or signing a transaction.
15. The system of claim 14, wherein the action comprises at least one of the following actions using the reconstructed secret: encrypting data; decrypting data; generating a transaction address; or signing a transaction.

computing device system comprising: at least one processor; and at least one memory communicatively coupled to the at least one processor; [[and]] wherein the at least one processor is configured to: receive a plurality of encrypted asset encryption key parts from a plurality of corresponding part holder computing devices; decrypt the plurality of encrypted asset encryption key parts into asset encryption key parts using belonging to the computing device and at least one symmetric key belonging to the computing device; and reconstruct an asset encryption key from the asset encryption key parts, wherein the asset encryption key is reconstructed from a quantity of the asset encryption key parts that is a subset of a total number of asset encryption key parts previously created from the asset encryption key.

16. A system comprising: at least one processor; at least one memory communicatively coupled to the at least one processor; and wherein the at least one processor is configured to: 
receive a plurality of doubly-encrypted secret parts that were encrypted using at least a public key belonging to a public/private keypair; 
decrypt each of the plurality of doubly-encrypted secret parts into a corresponding singly-encrypted secret part using a private key belonging to the public/private keypair; Attorney Docket No. 270.028US0177decrypt each corresponding singly-encrypted secret part into a corresponding secret part; and 
wherein a secret is reconstructed from a quantity of corresponding secret parts that is a subset of a total number of secret parts previously created from the secret.
23. The system of claim 16, wherein the plurality of doubly-encrypted secret parts are received from a plurality of part holders.
15. The computing device system of claim [[14]]13, further comprising: a network adapter network interface circuitry communicatively coupled to the at least one processor; wherein the at least one processor is configured to receive the plurality of encrypted asset encryption key parts from the plurality of corresponding part holder computing devices via a network using the network adapter network interface circuitry.

16. The computing device system of claim [[14]] 13, further comprising: a network adapter network interface circuitry communicatively coupled to the at least one processor; wherein the at least one processor is configured to receive the plurality of encrypted asset encryption key parts from the plurality of corresponding part holders via a repository using the network adapter network interface circuitry, wherein the plurality of encrypted asset encryption key parts were previously stored in the repository by the plurality of corresponding part holders computing devices.

17. The computing device system of claim 13, wherein using the at least one symmetric key or at least one private key of at least one public/private keypair belonging to computing device system includes:  
Attorney Docket No. 270.030US0179using the at least one symmetric key, when the computing device system implements an offline signing service, during decryption of the plurality of encrypted asset encryption key parts into the asset encryption key parts, wherein the at least one symmetric key is stored in the at least one memory in the system.

18. The  computing device system of claim 17, further comprising: an imaging device  camera or scanner communicatively coupled to the at least one processor and configured to read a quick response (QR) code for each of the plurality of encrypted asset encryption key parts; wherein the at least one processor is configured to receive the plurality of encrypted asset encryption key parts from the plurality of corresponding part holders computing devices by processing [[the]] data from the quick response (QR) code for each of the plurality of encrypted asset encryption key parts.

19. The computing device system of claim 13, wherein the at least one processor is further configured to perform an action using the reconstructed asset encryption key.

20. The computing device system of claim 19, wherein the action comprises decrypting an asset key using the reconstructed asset encryption key.

21. The computing device system of claim 20, wherein the action comprises signing a transaction using the decrypted asset key.

splitting an asset encryption key, the method being performed by an computing device system, the method comprising: splitting the asset encryption key into at least one set of asset encryption key parts; [[and]] encrypting the at least one set of asset encryption key parts into at least one set of encrypted asset encryption key parts using at least one of: at least one symmetric key belonging to the computing device, wherein the at least one symmetric key is stored in at least one memory in the computing device; and[[or]] at least one public key of at least one public/private keypair associated with the system; encrypt each of the at least one set of encrypted asset encryption key parts using a public key of a public/private keypair belonging to the computing device, such that each of the at least one set of encrypted asset encryption key parts is double encrypted; wherein at least a subset of the at least one set of asset encryption key parts are used to reconstruct the asset encryption key, which is used to perform an action using based on at least one asset key.
24. A method for securely distributing secret parts to a plurality of part holders, comprising: 
encrypting each secret part of at least one set of secret parts into a corresponding singly-encrypted secret part using at least one symmetric key or a corresponding one of at least one public key, each public key belonging to a corresponding one of at least one public/private keypair; encrypting each corresponding singly-encrypted secret part into a corresponding doubly- encrypted secret part using the corresponding at least one public key belonging to the corresponding public/private keypair; distributing each doubly-encrypted secret part to a respective part holder; 
wherein at least a subset of the secret parts of the at least one set of secret parts are used to reconstruct a secret.
25. The method of claim [[24]] 22, further comprising: communicating the at least one set of encrypted asset encryption key parts to corresponding part holders computing devices.

26. (Currently Amended) The method of claim [[24]]22, wherein using at least one of the at least one symmetric key or at least one public key of at least one public/private keypair belonging to associated with the computing device system includes: using the at least one symmetric key when the computing device system implements [[an]] offline signing service, wherein the at least one symmetric key is stored in the system.

28. The method of claim [[27]] 22, wherein each encrypted asset encryption key part is communicated to a respective part holder computing device as a printout of a quick response (QR) code.

29. The method of claim 22, further comprising: decrypting at least a second of the encrypted asset encryption key parts to produce asset encryption key parts.

 wherein the action comprises at least one of the following actions using based on at least one asset key: encrypting first data; decrypting second data; encrypting a second blockchain private key; decrypting a blockchain private key; generating a transaction address; or signing a transaction.



Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1, 14-16 and 23-24 of the co-pending application by 004, which contains every element of claims 1-30 of the instant application except for the bolded limitations as seen in the above table. However, 

Regarding claim 1, Bunch disclose public/private keypair belonging to the computing device (Bunch [0038] discloses the public key used for encrypting the key shares is associated with the computing node on which the local key manager is running, i.e. node/computing device),
asset encryption key, which is used to perform an action using at least one asset key (Bunch [0030, 0039] discloses using the master key, corresponding to asset encryption key to encrypt/decrypt service key corresponding to asset key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Bunch to utilize the above feature, with the motivation of protecting secrets/cryptographic keys in distributed system such that the risk of compromise is reduced or eliminated, as recognized by (Bunch, Abstract).
004 in view of Bunch do not disclose the below limitations. 
at least one symmetric key belonging to the computing device and stored in the at least one memory in the computing device and encrypt each of the at least one set of encrypted using a public key of a public/private keypair belonging to the computing device, such that each of the at least one set… is doubly-encrypted (Carlson discloses in [0031], “a doubly encrypted portion of the first set of data that is both symmetrically encrypted and asymmetrically encrypted”, [0044] “a double encrypted portion 308 that is both symmetrically and asymmetrically encrypted”, Figure 2 illustrates a computer device 220 encrypting data by first using a symmetric key (236) and then encrypting the encrypted data using a public key (238), where both keys belong to the device to be used for encryption, where the symmetric key is stored in order to be able to use for encryption).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 in view of Bunch to incorporate the teaching of Carlson to utilize the above feature, with the motivation of protection of the double encrypted information, which can be suitable for insecure communications, as recognized by (Carlson [0044]).

Regarding claim 4, Bunch discloses network interface circuitry, communicate each of the at least one set of encrypted asset encryption key parts to the corresponding part holders computing device (Bunch Figure 1 illustrates network configuration (122) disclosed in [0015] where one node requests encrypted key shares from their corresponding nodes, where the encrypted key shares as disclosed in [0038]  have been stored as illustrated in Figure 2 where the encrypted shares (S1(E(MK, PubK1), S2(E(MK, PubK1), S3(E(MK, PubK1), and S4(E(MK, PubK1)) are stored in the corresponding nodes 210, 218, 216, corresponding to the part holders, as a result communicating/distributing the encrypted shares to them as disclosed in [0028] “…key splitting techniques may refer to methods for distributing a secret amongst a group of locations, each of which is allocated a share of the secret (e.g., a key share). The secret can be reconstructed only when a sufficient number of shares are combined together”, where the network adapter corresponds to the part of the computing node that communicate key parts via the network configuration recited in [0015]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Bunch to utilize the above feature, with the motivation of protecting secrets/cryptographic keys in distributed system such that the risk of compromise is reduced or eliminated, as recognized by (Bunch, Abstract).

Regarding claim 5, Bunch discloses network interface circuitry. Rationale and Motivation similar to claim 4 is applied.
Bunch discloses network adapter. Rationale and motivation in above claim 4 applies.
004 in view of Bunch do not disclose the below limitation.
Telford teaches further comprising: a network interface circuitry communicatively coupled to the at least one processor and configured to: communicate each of the at least one set of encrypted asset encryption key parts to a repository for later access by the corresponding part holder (Telford discloses in [0041] “At step 213, all of the encrypted key fragments generated in step 212 are stored in the memory 199 (i.e. repository) of the server computer 101 by the owner device 190-5.”, Figure 3 and [0044-0045] discloses a subsequent time where the key fragments are assembled, [0045] “The trusted party (i.e. part holder) device 190-6 makes a transmission to the server computer 101, as indicated by an arrow 402-1. In the transmission 402, the device 190-6 requests all key fragments and the encrypted data D. The server computer 101 responds by sending a transmission indicated by an arrow 403-1.”,).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 in view of Bunch to incorporate the teaching of Telford to utilize the above feature, with the motivation of providing two level of encryptions of the key fragments, where using “two of encryption provides additional security”, and reassembling key fragments, e.g. when instructed by a third party, as recognized by (Telford [0041-0045]).

Regarding claim 7, Winklevoss disclose the use of offline signing service (Winklevoss discloses Col. 99 line 28-35 encrypting key segments using symmetric algorithm “encrypt each of the plurality of private key segment. Encryption can comprise any of the techniques… Symmetric and or asymmetric encryption algorithms…”, and further disclose a system for displaying Quick Response (QR), Col. 26 line 49-55 “A key reader 40 may be provided to assemble, read, and/or de-crypt the keys or key segments. The key reader 40 may be contained within a Faraday cage, which may be the same Faraday cage housing isolated computer 30. The key reader 40 may read keys that are printed, etched, digitally stored, or otherwise stored. Key reader 40 may be a scanner (e.g., photo scanner or bar code scanner), QR reader”, Col. 59 line 8-18 “In step S208, the trustee, administrator and/or custodian using the trust computer system may use the retrieved private key segments to reassemble the private keys…the retrieved private key segments may be scanned using key reader 40, and decrypted (as necessary) using decryption software on the isolated computer 30 as part of the trust computer system, and combined and associated with the corresponding public key to regenerate a trust wallet.”, where the key segments are represented by QR as further disclosed in Col. 38 line 62-67 and Col. 39 line 3-9, where scanning printed key segments as QR using isolated computer is a form of offline signing service,  
Consistent with the description of an offline signing service in the instant application where [0084] “The offline signing service may receive secret parts via offline pathways, e.g., by scanning a printed (or electronically displayed) QR code or reading a portable storage drive.”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 in view of Winklevoss to utilize the above feature, with the motivation of receiving security keys in a localized manner, i.e. isolated trusted computer, as recognized by (Winklevoss Col. 59 line 8-18).

cause a printer connected to the computing device to print a quick response (QR) code for each of the at least one set of encrypted asset encryption key parts (Winklevoss Figure 11A Col. 38 line 62-67 and Col. 39 line 3-9 “In a step S3434, the storage system may transfer each encrypted private key segment to a different electronic vault (i.e. part holder) for storage…A code, such as a bar code or QR code, may be provided along with the key segments (e.g., printed with a physically transcribed copy of a key segment electronically saved with an electronic key segment, or appended to an electronic key segment, to name a few). The code may identify the key segments (e.g., which key segments are part of the same key) and/or the order of the key segments.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Winklevoss to utilize the above feature, with the motivation of securely retrieving lost keys, as recognized by (Winklevoss Col. 40 line 8-10).

Regarding claim 10, Winklevoss discloses wherein at least one QR codes are of a plurality of QR codes including the QR code for each of the at least one set of encrypted asset encryption key parts is scanned by an imaging device camera or scanner coupled to the computing device system as part of reconstructing the asset encryption key (Winklevoss Col. 26 line 49-55 “A key reader 40 may be provided to assemble, read, and/or de-crypt the keys or key segments. The key reader 40 may be contained within a Faraday cage, which may be the same Faraday cage housing isolated computer 30. The key reader 40 may read keys that are printed, etched, digitally stored, or otherwise stored. Key reader 40 may be a scanner (e.g., photo scanner or bar code scanner), QR reader (i.e. imaging device)”, Col. 59 line 8-18 “In step S208, the trustee, administrator and/or custodian using the trust computer system may use the retrieved private key segments to reassemble the private keys…the retrieved private key segments may be scanned using key reader 40, and decrypted (as necessary) using decryption software on the isolated computer 30 as part of the trust computer system, and combined and associated with the corresponding public key to regenerate a trust wallet.”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Winklevoss to utilize the above feature, with the motivation of receiving security keys in a localized manner, i.e. isolated trusted computer, as recognized by (Winklevoss Col. 59 line 8-18).

Regarding claim 11, Bunch discloses generate the at least one set of asset encryption key parts from the asset encryption key through at least one of polynomial interpolation or Shamir secret sharing (Bunch [0012] “…key managers described herein may modify the master key utilizing a secret sharing technique (e.g., a secret splitting technique such as Shamir's secret sharing) to generate multiple key shares.”). 
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Bunch to utilize the above feature, with the motivation of protecting secrets/cryptographic keys in distributed system such that the risk of compromise is reduced or eliminated, as recognized by (Bunch, Abstract).

Regarding claim 12, bunch discloses actions using the at least one asset key (Bunch [0044] “The data encryption key may be encrypted by the master key. The local key manager 146 may utilize the master key to decrypt the data encryption key and provide the data encryption key to the other service(s) 154. The other service(s) 154 may utilize the data encryption key to encrypt and/or decrypt data.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Bunch to utilize the above feature, with the motivation of protecting secrets/cryptographic keys in distributed system such that the risk of compromise is reduced or eliminated, as recognized by (Bunch, Abstract).

Regarding claim 13, Bunch discloses asset encryption key and public/private keypair associated with the system (Bunch [0038] discloses the public key used for encrypting the key shares is associated with the computing node on which the local key manager is running, i.e. system, [0030, 0039] discloses using the master key, corresponding to asset encryption key to encrypt/decrypt service key corresponding to asset key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Bunch to utilize the above feature, with the motivation of protecting secrets/cryptographic keys in distributed system such that the risk of compromise is reduced or eliminated, as recognized by (Bunch, Abstract).
004 in view of Bunch do not disclose the below limitations.
 Carlson discloses decrypting using at least one private key of at least one public/private keypair and at least one symmetric key belonging to the computing device (Carlson [0032] “Upon receiving the encrypted data, as indicated at 242, the recipient 222 may then decrypt the data using the private key of the previously mentioned asymmetric key pair. Specifically, the recipient may decrypt not only the symmetric key, but also the asymmetrically encrypted portion of the first set of data, as indicated, at 244. Since the asymmetrically encrypted portion of the first set of data was also symmetrically encrypted at 236, this results in this doubly encrypted portion of data being only partially decrypted. The recipient may then decrypt the first set of data using the decrypted symmetric key, as indicated at 245.” As illustrated in Figure 2).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Carlson to utilize the above feature, with the motivation of protection of the double 

Regarding claim 15, Bunch discloses asset encryption key and network interface circuitry communicating via network (Bunch [0030, 0039] discloses using the master key, corresponding to asset encryption key to encrypt/decrypt service key corresponding to asset key, the network interface circuitry corresponds to the part of the computing node that communicate key parts via the network configuration recited in [0015])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Bunch to utilize the above feature, with the motivation of protecting secrets/cryptographic keys in distributed system such that the risk of compromise is reduced or eliminated, as recognized by (Bunch, Abstract).

Regarding claim 16, Bunch discloses asset encryption key, rationale and motivation similar to claim 15 above.
004 in view of Bunch do not disclose the repository.
Telford discloses receiving encrypted asset encryption key parts from the plurality of corresponding part holders via a repository (Telford discloses in [0041] “At step 213, all of the encrypted key fragments generated in step 212 are stored in the memory 199 (i.e. repository) of the server computer 101 by the owner device 190-5.”, Figure 3 and [0044-0045] discloses a subsequent time where the key fragments are assembled, [0045] “The trusted party (i.e. part holder) device 190-6 makes a transmission to the server computer 101, as indicated by an arrow 402-1. In the transmission 402, the device 190-6 requests all key fragments and the encrypted data D. The server computer 101 responds by sending a transmission indicated by an arrow 403-1.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Telford to utilize the above feature, with the motivation of providing two level of encryptions of the key fragments, where using “two of encryption provides additional security”, and reassembling key fragments, e.g. when instructed by a third party, as recognized by (Telford [0041-0045]).

Regarding claim 17, Bunch discloses public/private keypair belonging to the computing device, asset encryption key (Bunch [0038] discloses the public key used for encrypting the key shares is associated with the computing node on which the local key manager is running, i.e. system, [0030, 0039] discloses using the master key, corresponding to asset encryption key to encrypt/decrypt service key corresponding to asset key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Bunch to utilize the above feature, with the motivation of protecting secrets/cryptographic keys in distributed system such that the risk of compromise is reduced or eliminated, as recognized by (Bunch, Abstract).
004-Bunch do not disclose the below limitations. 
Carlson discloses wherein the at least one symmetric key is stored in the at least one memory in the system (Carlson discloses in [0031], “a doubly encrypted portion of the first set of data that is both symmetrically encrypted and asymmetrically encrypted”, [0044] “a double encrypted portion 308 that is both symmetrically and asymmetrically encrypted”, Figure 2 illustrates a computer device 220 encrypting data by first using a symmetric key (236) and then encrypting the encrypted data using a public key (238), where both keys belong to the device to be used for encryption, where the symmetric key is stored in order to be able to use for encryption).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Carlson to utilize the above feature, with the motivation of protection of the double encrypted information, which can be suitable for insecure communications, as recognized by (Carlson [0044]).
004 in view of Carlson do not disclose the below limitations.
 Winklevoss disclose system implements an offline signing service (Winklevoss discloses Col. 99 line 28-35 encrypting key segments using symmetric algorithm “encrypt each of the plurality of private key segment. Encryption can comprise any of the techniques… Symmetric and or asymmetric encryption algorithms…”, and further disclose a system for displaying Quick Response (QR), Col. 26 line 49-55 “A key reader 40 may be provided to assemble, read, and/or de-crypt the keys or key segments. The key reader 40 may be contained within a Faraday cage, which may be the same Faraday cage housing isolated computer 30. The key reader 40 may read keys that are printed, etched, digitally stored, or otherwise stored. Key reader 40 may be a scanner (e.g., photo scanner or bar code scanner), QR reader”, Col. 59 line 8-18 “In step S208, the trustee, administrator and/or custodian using the trust computer system may use the retrieved private key segments to reassemble the private keys…the retrieved private key segments may be scanned using key reader 40, and decrypted (as necessary) using decryption software on the isolated computer 30 as part of the trust computer system, and combined and associated with the corresponding public key to regenerate a trust wallet.”, where the key segments are represented by QR as further disclosed in Col. 38 line 62-67 and Col. 39 line 3-9, where scanning printed key segments as QR using isolated computer is a form of offline signing service,  
Consistent with the description of an offline signing service in the instant application where [0084] “The offline signing service may receive secret parts via offline pathways, e.g., by scanning a printed (or electronically displayed) QR code or reading a portable storage drive.”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 in view of Bunch and Hillier to incorporate the teaching of Winklevoss to utilize the above feature, with the motivation of receiving security keys in a localized manner, i.e. isolated trusted computer, as recognized by (Winklevoss Col. 59 line 8-18).

Regarding claim 18, Winklevoss discloses the all limitations disclosed in claim 18, please see rationale and mapping in the below rejection for claim 18.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Winklevoss to utilize the above feature, with the motivation of securely retrieving lost keys, as recognized by (Winklevoss Col. 40 line 8-10).

Regarding claim 19, Bunch discloses perform an action using the reconstructed asset encryption key (Bunch [0044] “The data encryption key may be encrypted by the master key. The local key manager 146 may utilize the master key to decrypt the data encryption key and provide the data encryption key to the other service(s) 154. The other service(s) 154 may utilize the data encryption key to encrypt and/or decrypt data.”, where the master key is reconstructed from the encrypted key shares as disclosed in e.g. [0042]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Bunch to utilize the above feature, with the motivation of protecting secrets/cryptographic keys in distributed system such that the risk of compromise is reduced or eliminated, as recognized by (Bunch, Abstract).

Regarding claim 20, Bunch discloses wherein the action comprises decrypting an asset key using the reconstructed asset encryption key (Bunch [0044] “The data encryption key may be encrypted by the master key. The local key manager 146 may utilize the master key to decrypt the data encryption key (i.e. asset key) and provide the data encryption key to the other service(s) 154. The other service(s) 154 may utilize the data encryption key to encrypt and/or decrypt data.”, where the master key are reconstructed from the encrypted key shares as disclosed in e.g. [0042]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Bunch to utilize the above feature, with the motivation of protecting secrets/cryptographic keys in distributed system such that the risk of compromise is reduced or eliminated, as recognized by (Bunch, Abstract).

Regarding claim 21, Winklevoss discloses wherein the action comprises signing a transaction using the decrypted asset key (Winklevoss Col. 32 line 25-28 “…the isolated computer may generate and sign (e.g., with a private key) transaction instructions”, where the encrypted private key is decrypted as disclosed in e.g. Figure 7 (S7012)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of  to utilize the above feature, for providing authorization for users to accept transactions, as recognized by (Winklevoss Col. 20 line 22-26).

Regarding claim 22, Bunch discloses splitting an asset encryption key, splitting the asset encryption key into at least one set of asset encryption key parts, asset encryption key, which is used to perform an action using at least one asset key. Please see detailed rejection below for claim 22.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Bunch to utilize the above feature, with the motivation of protecting secrets/cryptographic keys in distributed system such that the risk of compromise is reduced or eliminated, as recognized by (Bunch, Abstract).

Regarding claim 25, similar to above claim 4, therefore rationale and motivation applied to claim 4 above is also applied to claim 25

Regarding claim 26, similar to above claim 7, therefore, rationale and motivation applied to claim 7 above is also applied to claim 26.

Regarding claim 28, Winklevoss discloses the all limitations in claim 28. Please see detailed rejection below.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Winklevoss to utilize the above feature, with the motivation of securely retrieving lost keys, as recognized by (Winklevoss Col. 40 line 8-10).

Regarding claim 29, Bunch disclose the decrypting at least a subset of the encrypted asset encryption key parts to produce asset encryption key parts (Bunch [0030] “Key managers described herein may generally generate key shares such that K shares (i.e. subset) are needed to reconstruct the master key (i.e. asset encryption key). The number K is generally selected to be less than N such that the system has improved fault tolerance (e.g., one or more nodes may be down or inaccessible but it may still be practical to obtain a sufficient number of key shares to reconstruct the master key).” [0039] “The master key MK (i.e. asset encryption key) used to encrypt secrets stored by local key managers in a distributed computing system…MK may be used to encrypt any number of keys (i.e. asset key) used by other services (e.g. the other service(s) 154 and/or other service(s) 156). The encrypted keys may be stored by the local key manager”, where the master key, corresponding to the reconstructed asset encryption key is used to perform the action of encryption used on service keys, corresponding to asset keys, Figure 2 further illustrates the 4 key shares for each computing node, and only two shares required to reconstruct the master key as disclosed in [0053] “…two key shares may be needed to reconstruct the encrypted master key”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Bunch to utilize the above feature, with the motivation of protecting secrets/cryptographic keys in distributed system such that the risk of compromise is reduced or eliminated, as recognized by (Bunch, Abstract).

Regarding claim 30, Bunch discloses wherein the action comprises at least one of the following actions using at least one asset key: encrypting data; decrypting data; encrypting a blockchain private key; decrypting a blockchain private key; generating a transaction address; or signing a transaction (Bunch [0044] “The data encryption key may be encrypted by the master key. The local key manager 146 may utilize the master key to decrypt the data encryption key and provide the data encryption key to the other service(s) 154. The other service(s) 154 may utilize the data encryption key to encrypt and/or decrypt data.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 004 to incorporate the teaching of Bunch to utilize the above feature, with the motivation of protecting secrets/cryptographic keys in distributed system such that the risk of compromise is reduced or eliminated, as recognized by (Bunch, Abstract).
 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 4, 11-13, 15, 19-20, 22, 25 and 29-30 are rejected under 35 U.S.C. 103 as being unpatentable over Bunch (US 20190238323 A1), hereinafter Bunch, in view of Carlson (US 20180013728 A1), hereinafter Carlson.

Regarding claim 1 (Currently Amended), Bunch teaches a computing device and at least one memory communicatively coupled to the at least one processor (Bunch Figure 1 [0017] “The computing node 102 may be, for example, a server computer, a laptop computer, a desktop computer, a tablet computer…The computing node 102 may include one or more physical computing components, such as processors. Hardware 150 of the computing node 102 is shown in FIG. 1 and may include local storage 124. TPM 142 may be hardware of the computing node 102 itself, as shown in FIG. 1.”); [[and]] wherein the at least one processor is configured to: 

[at least one symmetric key belonging to the computing device and stored in the at least one memory in the computing device]; and [[or]] 
encrypt each of the at least one set of [encrypted] asset encryption key parts using a public key of a public/private keypair belonging to the computing device, [such that each of the at least one set of encrypted asset encryption key parts is doubly-encrypted]  (Bunch [0038] “…the master key and/or key shares (i.e. asset encryption key parts) may be encrypted using a public key for the computing node on which the local key manager is running…The local key manager, e.g. local key manager 146, may store at least one of the key shares at a computing node other than the computing node 102…local key manager 146 may store at least one key share at computing node 112, e.g. using local storage 130.”, where the public key used for encrypting the key shares is associated with the computing node on which the local key manager is running, i.e. node/device); 
wherein at least a subset of the at least one set of asset encryption key parts are used to reconstruct an asset encryption key, which is used to perform an action using at least one asset key (Bunch [0030] “Key managers described herein may generally generate key shares such that K shares (i.e. subset) are needed to reconstruct the master key (i.e. asset encryption key). The number K is generally selected to be less than N such that the system has improved fault tolerance (e.g., one or more nodes may be down or inaccessible but it may still be practical to obtain a sufficient number of key shares to reconstruct the master key).” [0039] “The master key MK (i.e. asset encryption key) used to encrypt secrets stored by local key managers in a distributed computing system…MK may be used to encrypt any number of keys (i.e. asset key) used by other services (e.g. the other service(s) 154 and/or other service(s) 156). The encrypted keys may be stored by the local key manager”, where the master key, corresponding to the reconstructed asset encryption key is used to perform the action of encryption used on service keys, corresponding to asset keys, Figure 2 further illustrates the 4 key shares for each computing node, and only two shares required to reconstruct the master key as disclosed in [0053] “…two key shares may be needed to reconstruct the encrypted master key”). 
While Bunch discloses in the detailed description of the disclosure generating key parts/shares and the use of public/private keypair for encryption as discussed in claim 1, however, Bunch in view do not explicitly describe performing double encryption using first symmetric and then, second, followed by asymmetric keys.
Carlson discloses encrypt using at least one symmetric key belonging to the computing device and stored in the at least one memory in the computing device and encrypt each of the at least one set of encrypted using a public key of a public/private keypair belonging to the computing device, such that each of the at least one set… is doubly-encrypted (Carlson discloses in [0031], “a doubly encrypted portion of the first set of data that is both symmetrically encrypted and asymmetrically encrypted”, [0044] “a double encrypted portion 308 that is both symmetrically and asymmetrically encrypted”, Figure 2 illustrates a computer device 220 encrypting data by first using a symmetric key (236) and then encrypting the encrypted data using a public key (238), where both keys belong to the device to be used for encryption, where the symmetric key and public key are stored in order to be able to use for encryption,
Examiner interprets belonging to the device as utilized by the device to perform the double encryption, 
Consistent with the instant application description illustrated in Figure 6 and associated paragraphs, where the double encryption takes place by the device at step (606), and then the double encrypted parts are communicated to part holders (608), where the part holders decrypt the double encrypted parts, using private key associated with the public key initially used at the encrypting device).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bunch to incorporate the teaching of Carlson to utilize the above feature, with the motivation of protection of the double encrypted information, which can be suitable for insecure communications, as recognized by (Carlson [0044]).

Regarding claim 4 (Currently Amended), Bunch in view of Carlson teaches the computing device system of claim [[3]] 1, further comprising: a network adapter network interface circuitry communicatively coupled to the at least one processor and configured to: communicate each of the at least one set of encrypted asset encryption key parts to [[the]] corresponding part holders computing devices (Bunch Figure 1 illustrates network configuration (122) disclosed in [0015] where one node requests encrypted key shares from their corresponding nodes, where the encrypted key shares as disclosed in [0038]  have been stored as illustrated in Figure 2 where the encrypted shares (S1(E(MK, PubK1), S2(E(MK, PubK1), S3(E(MK, PubK1), and S4(E(MK, PubK1)) are stored in the corresponding nodes 210, 218, 216, corresponding to the part holders, as a result communicating/distributing the encrypted shares to them as disclosed in [0028] “…key splitting techniques may refer to methods for distributing a secret amongst a group of locations, each of which is allocated a share of the secret (e.g., a key share). The secret can be reconstructed only when a sufficient number of shares are combined together”, where the network adapter corresponds to the part of the computing node that communicate key parts via the network configuration recited in [0015]).  

Regarding claim 11 (Currently Amended), Bunch in view of Carlson teaches the computing device one of polynomial interpolation or Shamir secret sharing (Bunch [0012] “…key managers described herein may modify the master key utilizing a secret sharing technique (e.g., a secret splitting technique such as Shamir's secret sharing) to generate multiple key shares.”).
  
Regarding claim 12 (Currently Amended), Bunch in view of Carlson teaches the computing device least one of the following actions using the at least one asset key: 
encrypting first data; decrypting second data (Bunch [0044] “The data encryption key may be encrypted by the master key. The local key manager 146 may utilize the master key to decrypt the data encryption key and provide the data encryption key to the other service(s) 154. The other service(s) 154 may utilize the data encryption key to encrypt and/or decrypt data.”); encrypting a blockchain private key; decrypting a blockchain private key; generating a transaction address; or signing a transaction.  

Regarding claim 13 (Currently Amended), Bunch teaches an computing device and at least one memory communicatively coupled to the at least one processor (Bunch Figure 1 [0017] “The computing node 102 may be, for example, a server computer, a laptop computer, a desktop computer, a tablet computer…The computing node 102 may include one or more physical computing components, such as processors. Hardware 150 of the computing node 102 is shown in FIG. 1 and may include local storage 124. TPM 142 may be hardware of the computing node 102 itself, as shown in FIG. 1.”); [[and]] wherein the at least one processor is configured to: 
receive a plurality of encrypted asset encryption key parts from a plurality of corresponding part holders computing devices (Bunch Figure 2 illustrates encrypted key shares, i.e. plurality of encrypted asset encryption key parts, [0052] “..the key shares may be encrypted with public keys”, [0053] “The key shares for E(MK, PubK1) may be written S1(E(MK, PubK1), S2(E(MK, PubK1), S3(E(MK, PubK1), and S4(E(MK, PubK1…two key shares may be needed to reconstruct the encrypted master key. Accordingly, each node itself stores one key share and may request a second key share from any of the other nodes to reconstruct the encrypted master key…more than two key shares may be needed to reconstruct the encrypted master key and additional key shares may need to be requested by a local key manager to reconstruct the encrypted master key.).”, where these key shares are stored at their corresponding nodes 202, 210, 218 and 226, where 210, 218 and 226 are corresponding to part holders, where the key shares are requested and consequently received to reconstruct the master key); 
decrypt the plurality of encrypted asset encryption key parts into asset encryption key parts using belonging to the computing device (Bunch [0038] “…the master key and/or key shares may be encrypted using a public key for the computing node on which the local key manager is running. The master key and/or key shares may then be decrypted using the private key for that computing node”, the encrypting public key and decrypting private key corresponds to the keypair, where the keypair are associated with the node, i.e. system); and [at least one symmetric key belonging to the computing device]; and
reconstruct an asset encryption key from the asset encryption key parts, wherein the asset encryption key is reconstructed from a quantity of the asset encryption key subset of a total number of asset encryption key parts previously created from the asset encryption key (Bunch [0030] “Key managers described herein may generally generate key shares such that K shares (i.e. subset) are needed to reconstruct the master key (i.e. asset encryption key). The number K is generally selected to be less than N such that the system has improved fault tolerance (e.g., one or more nodes may be down or inaccessible but it may still be practical to obtain a sufficient number of key shares to reconstruct the master key, Figure 2 further illustrates the 4 key shares for each computing node, and only two shares required to reconstruct the master key as disclosed in [0053] “…two key shares may be needed to reconstruct the encrypted master key”).
Bunch does not disclose the below limitation.
Carlson discloses decrypting using at least one private key of at least one public/private keypair and at least one symmetric key belonging to the computing device (Carlson [0032] “Upon receiving the encrypted data, as indicated at 242, the recipient 222 may then decrypt the data using the private key of the previously mentioned asymmetric key pair. Specifically, the recipient may decrypt not only the symmetric key, but also the asymmetrically encrypted portion of the first set of data, as indicated, at 244. Since the asymmetrically encrypted portion of the first set of data was also symmetrically encrypted at 236, this results in this doubly encrypted portion of data being only partially decrypted. The recipient may then decrypt the first set of data using the decrypted symmetric key, as indicated at 245.” As illustrated in Figure 2).
 to incorporate the teaching of Carlson to utilize the above feature, with the motivation of protection of the double encrypted information, which can be suitable for insecure communications, as recognized by (Carlson [0044]).

Regarding claim 15 (Currently Amended), Bunch in view of Carlson  teaches the computing device 13, further comprising: network interface circuitry communicatively coupled to the at least one processor; wherein the at least one processor is configured to receive the plurality of encrypted asset encryption key parts from the plurality of corresponding part holders computing devices via a network using the network interface circuitry (Bunch Figure 1 illustrates network configuration (122) disclosed in [0015] where one node requests encrypted key shares from their corresponding nodes, i.e. part holders, where the encrypted shares as disclosed in [0038]  have been stored as illustrated in Figure 2, and consequently receiving the encrypted shares for reconstructing the master key, [0036] “To request the key shares, the local key manager 148 may access metadata specifying which nodes contain the key shares, and how many key shares are required to reconstruct MK.”, where the network adapter corresponds to the part of the computing node that receives key parts via the network configuration recited in [0015]).  

Regarding claim 19 (Currently Amended), Bunch in view of Carlson teaches the computing device (Bunch [0044] “The data encryption key may be encrypted by the master key. The local key manager 146 may utilize the master key to decrypt the data encryption key and provide the data encryption key to the other service(s) 154. The other service(s) 154 may utilize the data encryption key to encrypt and/or decrypt data.”, where the master key is reconstructed from the encrypted key shares as disclosed in e.g. [0042]).  

Regarding claim 20 (Currently Amended), Bunch in view of Carlson teaches the computing device (Bunch [0044] “The data encryption key may be encrypted by the master key. The local key manager 146 may utilize the master key to decrypt the data encryption key (i.e. asset key) and provide the data encryption key to the other service(s) 154. The other service(s) 154 may utilize the data encryption key to encrypt and/or decrypt data.”, where the master key are reconstructed from the encrypted key shares as disclosed in e.g. [0042]).

Regarding claim 22 (Currently Amended), Bunch in view of Carlson teaches a method for splitting an asset encryption key, the method being performed by an computing device (Bunch [0012] “…key managers described herein may modify the master key (i.e. asset encryption key) utilizing a secret sharing technique (e.g., a secret splitting technique such as Shamir's secret sharing) to generate multiple key shares.”, where the key managers are part of the computing nodes as illustrated in Figure 1 (146), where computing nodes corresponding to a system, [0017] “The computing node 102 may be, for example, a server computer, a laptop computer, a desktop computer, a tablet computer…”), the method comprising: 
splitting the asset encryption key into at least one set of asset encryption key parts (Bunch [0028] “Key managers described herein may utilize key splitting techniques to generate one or more key shares from the master key MK (i.e. asset encryption key). Generally, key splitting techniques may refer to methods for distributing a secret amongst a group of locations, each of which is allocated a share of the secret (e.g., a key share).”); [[and]] 
encrypting the at least one set of asset encryption key parts into at least one set of encrypted asset encryption key parts using[at least one symmetric key belonging to the computing device, wherein the at least one symmetric key is stored in at least one memory in the computing device; and [[or]] ; encrypt each of the at least one set of encrypted asset encryption key parts using] a public key of a public/private keypair belonging to the computing device, [such that each of the at least one set of encrypted asset encryption key parts is double encrypted] (Bunch [0038] “…the master key and/or key shares (i.e. asset encryption key parts) may be encrypted using a public key for the computing node on which the local key manager is running…The local key manager, e.g. local key manager 146, may store at least one of the key shares at a computing node other than the computing node 102. For example, local key manager 146 may store at least one key share at computing node 112, e.g. using local storage 130.”, where the public key used for encrypting the key shares is associated with the computing node, i.e. system);
wherein at least a subset of the at least one set of asset encryption key parts are used to reconstruct the asset encryption key, which is used to perform an action using at least one asset key (Bunch [0030] “Key managers described herein may generally generate key shares such that K shares (i.e. subset) are needed to reconstruct the master key (i.e. asset encryption key). The number K is generally selected to be less than N such that the system has improved fault tolerance (e.g., one or more nodes may be down or inaccessible but it may still be practical to obtain a sufficient number of key shares to reconstruct the master key).” [0039] “The master key MK (i.e. asset encryption key) used to encrypt secrets stored by local key managers in a distributed computing system…MK may be used to encrypt any number of keys (i.e. asset key) used by other services (e.g. the other service(s) 154 and/or other service(s) 156). The encrypted keys may be stored by the local key manager”, where the master key, corresponding to the reconstructed asset encryption key is used to perform the action of encryption used on service keys, corresponding to asset keys, Figure 2 further illustrates the 4 key shares for each computing node, and only two shares required to reconstruct the master key as disclosed in [0053] “…two key shares may be needed to reconstruct the encrypted master key”).
generating key parts/shares and the use of public/private keypair for encryption as discussed in claim 1, however, Bunch in view do not explicitly describe performing double encryption using first symmetric and then, second, followed by asymmetric keys.
Carlson discloses encrypt using at least one symmetric key belonging to the computing device and stored in the at least one memory in the computing device and encrypt each of the at least one set of encrypted using a public key of a public/private keypair belonging to the computing device, such that each of the at least one set… is doubly-encrypted (Carlson discloses in [0031], “a doubly encrypted portion of the first set of data that is both symmetrically encrypted and asymmetrically encrypted”, [0044] “a double encrypted portion 308 that is both symmetrically and asymmetrically encrypted”, Figure 2 illustrates a computer device 220 encrypting data by first using a symmetric key (236) and then encrypting the encrypted data using a public key (238), where both keys belong to the device to be used for encryption, where the symmetric key is stored in order to be able to use for encryption,
Consistent with the instant application description illustrated in Figure 6 and associated paragraphs, where the double encryption takes place by the device (606), then the double encrypted parts are communicated to part holders (608), where the part holders decrypt the double encrypted parts, using private key associated with the public key initially used at the encrypting device).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bunch to incorporate the teaching 
 
Regarding claim 25, Bunch in view of Carlson teaches the method of claim [[24]] 22, further comprising: communicating the at least one set of encrypted asset encryption key parts to corresponding part holders computing devices (Bunch [0029] “key managers described herein may utilize the master key (and/or an encrypted version of the master key in some examples) to generate multiple key shares. Generally, each of the key shares may be stored at different computing nodes in the distributed computing system”, [0038] “…the master key and/or key shares (i.e. asset encryption key parts) may be encrypted using a public key for the computing node on which the local key manager is running” where the encrypted shares are stored on different nodes corresponding to part holders).  

Regarding claim 29 (Currently Amended), Bunch teaches the method of claim 22, further comprising: decrypting at least a second subset of the encrypted asset encryption key parts to produce asset encryption key parts (Bunch [0038] “…the master key and/or key shares may be encrypted using a public key for the computing node on which the local key manager is running. The master key and/or key shares may then be decrypted using the private key for that computing node”, the encrypting public key and decrypting private key corresponds to the keypair, where the public key used for encrypting the key shares is associated with the computing node, i.e. system, [0030] “Key managers described herein may generally generate key shares such that K shares (i.e. subset) are needed to reconstruct the master key (i.e. asset encryption key). The number K is generally selected to be less than N such that the system has improved fault tolerance (e.g., one or more nodes may be down or inaccessible but it may still be practical to obtain a sufficient number of key shares to reconstruct the master key, Figure 2 further illustrates the 4 key shares for each computing node, and only two shares required to reconstruct the master key as disclosed in [0053] “…two key shares may be needed to reconstruct the encrypted master key”, where Bunch discloses recurring process in distributed systems to reconstruct a master key from subsets, e.g. second subset);.  

Regarding claim 30 (Currently Amended), Bunch teaches the method of claim 22, wherein the action comprises at least one of the following actions based on the at least one asset key: encrypting first data; decrypting second data (Bunch [0044] “The data encryption key may be encrypted by the master key. The local key manager 146 may utilize the master key to decrypt the data encryption key and provide the data encryption key to the other service(s) 154. The other service(s) 154 may utilize the data encryption key to encrypt and/or decrypt data.”); encrypting a first blockchain private key; decrypting a second blockchain private key; generating a transaction address; or signing a transaction.  

	
Claims 5 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Bunch in view of Carlson, and further in view of Telford (US 20170222805 A1), hereinafter Telford.

Regarding claim 5 (Currently Amended), Bunch in view of Tenenboym and Telford teaches the computing device 1, 
Bunch discloses the work interface circuitry that corresponds to the part of the computing node that communicate key parts via the network configuration recited in [0015].
Bunch in view of Carlson do not teach the below limitation. Emphasis in Italic
Telford teaches further comprising: network interface circuitry communicatively coupled to the at least one processor and configured to: communicate each of the at least one set of encrypted asset encryption key parts to a repository for later access by [[the]] corresponding part holder computing devices (Telford discloses in [0041] “At step 213, all of the encrypted key fragments generated in step 212 are stored in the memory 199 (i.e. repository) of the server computer 101 by the owner device 190-5.”, Figure 3 and [0044-0045] discloses a subsequent time where the key fragments are assembled, [0045] “The trusted party (i.e. part holder) device 190-6 makes a transmission to the server computer 101, as indicated by an arrow 402-1. In the transmission 402, the device 190-6 requests all key fragments and the encrypted data D. The server computer 101 responds by sending a transmission indicated by an arrow 403-1.”,).  
 to incorporate the teaching of Telford to utilize the above feature, with the motivation of providing two level of encryptions of the key fragments, where using “two of encryption provides additional security”, and reassembling key fragments, e.g. when instructed by a third party, as recognized by (Telford [0041-0045]).

Regarding claim 16 (Currently Amended), Bunch in view of Carlson teaches the computing device 13, further comprising: 
network interface circuitry communicatively coupled to the at least one processor; wherein the at least one processor is configured to receive the plurality of encrypted asset encryption key parts from the plurality of corresponding part holders computing devices [via a repository] using the network interface circuitry (Bunch Figure 2 illustrates encrypted key shares, i.e. plurality of encrypted asset encryption key parts, [0052] “..the key shares may be encrypted with public keys”, [0053] “The key shares for E(MK, PubK1) may be written S1(E(MK, PubK1), S2(E(MK, PubK1), S3(E(MK, PubK1), and S4(E(MK, PubK1…two key shares may be needed to reconstruct the encrypted master key. Accordingly, each node itself stores one key share and may request a second key share from any of the other nodes to reconstruct the encrypted master key…more than two key shares may be needed to reconstruct the encrypted master key and additional key shares may need to be requested by a local key manager to reconstruct the encrypted master key.).”, where these key shares are stored at their corresponding nodes 202, 210, 218 and 226, where 210, 218 and 226 are corresponding part holders, where the key shares are requested and consequently received via network to reconstruct the master key, where the network configuration such as LAN, wired or combination as disclosed in [0015] corresponding to network adapter/interface circuitry, where the network adapter/interface circuitry corresponds to the part of the computing node that communicates key parts via the network configuration recited in [0015]), 
wherein the plurality of encrypted asset encryption key parts were previously stored in the repository by the plurality of corresponding part holder computing devices (Bunch [0053] “The key shares for E(MK, PubK1) may be written S1(E(MK, PubK1), S2(E(MK, PubK1), S3(E(MK, PubK1), and S4(E(MK, PubK1…two key shares may be needed to reconstruct the encrypted master key. Accordingly, each node itself stores one key share and may request a second key share from any of the other nodes to reconstruct the encrypted master key…more than two key shares may be needed to reconstruct the encrypted master key and additional key shares may need to be requested by a local key manager to reconstruct the encrypted master key. Figure 2 further illustrates storing key shares (212, 220 and 228)).
While Bunch discloses the above limitations, and further disclose that the other nodes, i.e. part holders store key shares, however, Bunch does not disclose receiving the key shares via repository, e.g. another storage device. Emphasis in italic.
Telford discloses receiving the plurality of encrypted asset encryption key parts from the plurality of corresponding part holders computing devices via a repository  (Telford discloses in [0041] “At step 213, all of the encrypted key fragments generated in step 212 are stored in the memory 199 (i.e. repository) of the server computer 101 by the owner device 190-5.”, Figure 3 and [0044-0045] discloses a subsequent time where the key fragments are assembled, [0045] “The trusted party (i.e. part holder) device 190-6 makes a transmission to the server computer 101, as indicated by an arrow 402-1. In the transmission 402, the device 190-6 requests all key fragments and the encrypted data D. The server computer 101 responds by sending a transmission indicated by an arrow 403-1.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bunch in view of Carlson to incorporate the teaching of Telford to utilize the above feature, with the motivation of providing two level of encryptions of the key fragments, where using “two of encryption provides additional security”, and reassembling key fragments, e.g. when instructed by a third party, as recognized by (Telford [0041-0045]).

Claims 7, 9-10, 17-18, 21, 26 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Bunch in view of Carlson and further in view of Winklevoss (US 9,892,460 B1), hereinafter Winklevoss.

Regarding claim 7 (Currently Amended), Bunch in view of Carlson teaches the computing device 
offline signing service.
Winklevoss disclose computing device  (Winklevoss discloses Col. 99 line 28-35 encrypting key segments using symmetric algorithm “encrypt each of the plurality of private key segment. Encryption can comprise any of the techniques… Symmetric and or asymmetric encryption algorithms…”, and further disclose a system for displaying Quick Response (QR), Col. 26 line 49-55 “A key reader 40 may be provided to assemble, read, and/or de-crypt the keys or key segments. The key reader 40 may be contained within a Faraday cage, which may be the same Faraday cage housing isolated computer 30. The key reader 40 may read keys that are printed, etched, digitally stored, or otherwise stored. Key reader 40 may be a scanner (e.g., photo scanner or bar code scanner), QR reader”, Col. 59 line 8-18 “In step S208, the trustee, administrator and/or custodian using the trust computer system may use the retrieved private key segments to reassemble the private keys…the retrieved private key segments may be scanned using key reader 40, and decrypted (as necessary) using decryption software on the isolated computer 30 as part of the trust computer system, and combined and associated with the corresponding public key to regenerate a trust wallet.”, where the key segments are represented by QR as further disclosed in Col. 38 line 62-67 and Col. 39 line 3-9, where scanning printed key segments as QR using isolated computer is a form of offline signing service,  
Consistent with the description of an offline signing service in the instant application where [0084] “The offline signing service may receive secret parts via offline pathways, e.g., by scanning a printed (or electronically displayed) QR code or reading a portable storage drive.”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bunch in view of Carlson to incorporate the teaching of Winklevoss to utilize the above feature, with the motivation of receiving security keys in a localized manner, i.e. isolated trusted computer, as recognized by (Winklevoss Col. 59 line 8-18).

Regarding claim 9 (Currently Amended), Bunch in view of Carlson teaches the computing device 1, 
Bunch discloses the above limitations, where the key parts/shares are generated and encrypted, Carlson further disclose the concept of double encrypting using first, symmetric key, then followed by an asymmetric key, however, Bunch in view of Carlson do not disclose using printer and printing QR code for an encrypted key. Emphasis in Italic.
Winklevoss discloses wherein the at least one processor is configured to: cause a printer connected to the computing device to print a quick response (QR) code for each of the at least one set of encrypted asset encryption key parts (Winklevoss Figure 11A Col. 38 line 62-67 and Col. 39 line 3-9 “In a step S3434, the storage system may transfer each encrypted private key segment to a different electronic vault (i.e. part holder) for storage…A code, such as a bar code or QR code, may be provided along with the key segments (e.g., printed with a physically transcribed copy of a key segment electronically saved with an electronic key segment, or appended to an electronic key segment, to name a few). The code may identify the key segments (e.g., which key segments are part of the same key) and/or the order of the key segments.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bunch in view of Carlson to incorporate the teaching of Winklevoss to utilize the above feature, with the motivation of securely retrieving lost keys, as recognized by (Winklevoss Col. 40 line 8-10).

Regarding claim 10 (Currently Amended), Bunch in view of Carlson and Winklevoss teaches the computing device 
Bunch in view of Carlson do not disclose the below limitation.
Winklevoss discloses wherein [[the]] at least one QR codeof a plurality of QR codes including the QR code for each of the at least one set of encrypted asset encryption key parts is scanned by camera or scanner coupled to the computing device (Winklevoss Col. 26 line 49-55 “A key reader 40 may be provided to assemble, read, and/or de-crypt the keys or key segments. The key reader 40 may be contained within a Faraday cage, which may be the same Faraday cage housing isolated computer 30. The key reader 40 may read keys that are printed, etched, digitally stored, or otherwise stored. Key reader 40 may be a scanner (e.g., photo scanner or bar code scanner), QR reader (i.e. imaging device)”, Col. 59 line 8-18 “In step S208, the trustee, administrator and/or custodian using the trust computer system may use the retrieved private key segments to reassemble the private keys…the retrieved private key segments may be scanned using key reader 40, and decrypted (as necessary) using decryption software on the isolated computer 30 as part of the trust computer system, and combined and associated with the corresponding public key to regenerate a trust wallet.”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bunch in view of Carlson to incorporate the teaching of Winklevoss to utilize the above feature, with the motivation of receiving security keys in a localized manner, i.e. isolated trusted computer, as recognized by (Winklevoss Col. 59 line 8-18).

Regarding claim 17 (Currently Amended), Bunch in view of Carlson teaches the computing device the at least one symmetric key belonging to computing device includes:  
While Bunch discloses in the detailed description of the disclosure generating key parts/shares and the use of public/private keypair for encryption as discussed in claim 1, encrypting plurality of key parts and decrypting plurality of key parts for reconstructing a master key, Bunch further discloses in the background that [0002] “Computing systems are generally desired to protect sensitive data. Encryption based on keys (e.g. cryptographic keys) is commonly used to secure data, e.g. using symmetric keys or public-private key pairs”, which would make it obvious for one of ordinary skill in the art before the effective date of the claimed invention to choose from the finite options of key types, i.e. symmetric or asymmetric, however, Bunch does not explicitly describe utilizing the symmetric key in the detailed body description of the disclosure. Emphasis in Italic.
Carlson discloses using the at least one symmetric key, [when the computing device ], during decryption (Carlson discloses in [0031], “a doubly encrypted portion of the first set of data that is both symmetrically encrypted and asymmetrically encrypted”, [0044] “a double encrypted portion 308 that is both symmetrically and asymmetrically encrypted”, Figure 2 illustrates a computer device 220 encrypting data by first using a symmetric key (236) and then encrypting the encrypted data using a public key (238), where both keys belong to the device to be used for encryption, where the symmetric key is stored in order to be able to use for encryption).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bunch to incorporate the teaching of Carlson to utilize the above feature, with the motivation of protection of the double encrypted information, which can be suitable for insecure communications, as recognized by (Carlson [0044]).
While Bunch in view of Carlson disclose the aforementioned limitations, however, Bunch in view of Carlson do not explicitly disclose the use of offline signing service.
Winklevoss disclose a computing device  (Winklevoss discloses Col. 99 line 28-35 encrypting key segments using symmetric algorithm “encrypt each of the plurality of private key segment. Encryption can comprise any of the techniques… Symmetric and or asymmetric encryption algorithms…”, and further disclose a system for displaying Quick Response (QR), Col. 26 line 49-55 “A key reader 40 may be provided to assemble, read, and/or de-crypt the keys or key segments. The key reader 40 may be contained within a Faraday cage, which may be the same Faraday cage housing isolated computer 30. The key reader 40 may read keys that are printed, etched, digitally stored, or otherwise stored. Key reader 40 may be a scanner (e.g., photo scanner or bar code scanner), QR reader”, Col. 59 line 8-18 “In step S208, the trustee, administrator and/or custodian using the trust computer system may use the retrieved private key segments to reassemble the private keys…the retrieved private key segments may be scanned using key reader 40, and decrypted (as necessary) using decryption software on the isolated computer 30 as part of the trust computer system, and combined and associated with the corresponding public key to regenerate a trust wallet.”, where the key segments are represented by QR as further disclosed in Col. 38 line 62-67 and Col. 39 line 3-9, where scanning printed key segments as QR using isolated computer is a form of offline signing service,  
Consistent with the description of an offline signing service in the instant application where [0084] “The offline signing service may receive secret parts via offline pathways, e.g., by scanning a printed (or electronically displayed) QR code or reading a portable storage drive.”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bunch in view of Carlson to 

Regarding claim 18 (Currently Amended), Bunch in view of Carlson and Winklevoss teaches the computing device 
Bunch discloses the encrypted key shares/parts/segments. However, Bunch in view of Carlson do not disclose the below limitations.
Winklevoss discloses further comprising: an camera or scanner communicatively coupled to the at least one processor and configured to read a quick response (QR) code for each of the plurality of encrypted asset encryption key parts (Winklevoss Figure 11A (S3432-S3434) discloses storing encrypted private key segments in different vault locations, Figure 12A Col. 40 line 8-10 discloses recovering the key, where (S3506) discloses retrieving the encrypted key segments, and (S3508) discloses verifying the key segments by means of the key segments QR, Col. 40 line 35-40 “In a step S3508, the private key segments may be verified. Keys or key segments may be retrieved from their respective storage locations. Quality control measures may verify that the correct key segments were retrieved and/or that the keys or key segments are readable, e.g., by a specially programmed scanning device, such as a QR scanner (i.e. imaging device).”); 
wherein the at least one processor is configured to receive the plurality of encrypted asset encryption key parts from the plurality of corresponding part holder computing device (Winklevoss Col. 40 line 35-40 “In a step S3508, the private key segments may be verified. Keys or key segments may be retrieved from their respective storage locations (i.e. part holders). Quality control measures may verify that the correct key segments were retrieved and/or that the keys or key segments are readable, e.g., by a specially programmed scanning device, such as a QR scanner.”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bunch in view of Carlson to incorporate the teaching of Winklevoss to utilize the above feature, with the motivation of securely retrieving lost keys, as recognized by (Winklevoss Col. 40 line 8-10).

Regarding claim 21 (Currently Amended), Bunch teaches the computing device 
While Bunch teaches using the decrypted data encryption key, i.e. asset key, for performing actions, e.g. data encryption/decryption, however, Bunch in view of Carlson do not disclose that the action include signing content. Emphasis in italic.
Winklevoss discloses wherein the action comprises signing a transaction using the  asset key (Winklevoss Col. 32 line 25-28 “…the isolated computer may generate and sign (e.g., with a private key) transaction instructions”, where the encrypted private key is decrypted as disclosed in e.g. Figure 7 (S7012)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bunch in view of Carlson to 

Regarding claim 26 (Currently Amended), Bunch in view of  Carlson teaches the method of claim 22, wherein using at least one of at least one symmetric key or at least one public key of at least one public/private keypair belonging to computing device 
While Bunch discloses in the detailed description of the disclosure generating key parts/shares and the use of public/private keypair for encryption as discussed in claim 1, Bunch further discloses in the background that [0002] “Computing systems are generally desired to protect sensitive data. Encryption based on keys (e.g. cryptographic keys) is commonly used to secure data, e.g. using symmetric keys or public-private key pairs”, which would make it obvious for one of ordinary skill in the art before the effective date of the claimed invention to choose from the finite options of key types, i.e. symmetric or asymmetric, however, Bunch does not explicitly describe utilizing the symmetric key in the detailed description of the disclosure.
Carlson discloses using the at least one symmetric key [when the computing device  implements [[an]] offline signing service],(Carlson discloses in [0031], “a doubly encrypted portion of the first set of data that is both symmetrically encrypted and asymmetrically encrypted”, [0044] “a double encrypted portion 308 that is both symmetrically and asymmetrically encrypted”, Figure 2 illustrates a computer device 220 encrypting data by first using a symmetric key (236) and then encrypting the encrypted data using a public key (238), where both keys belong to the device to be used for encryption, where the symmetric key is stored in order to be able to use for encryption).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bunch to incorporate the teaching of Carlson to utilize the above feature, with the motivation of protection of the double encrypted information, which can be suitable for insecure communications, as recognized by (Carlson [0044]).
While Bunch in view of Carlson disclose the aforementioned limitations, however, Bunch in view of Carlson do not disclose the use of offline signing service.
Winklevoss disclose a computing device  (Winklevoss discloses Col. 99 line 28-35 encrypting key segments using symmetric algorithm “encrypt each of the plurality of private key segment. Encryption can comprise any of the techniques… Symmetric and or asymmetric encryption algorithms…”, and further disclose a system for displaying Quick Response (QR), Col. 26 line 49-55 “A key reader 40 may be provided to assemble, read, and/or de-crypt the keys or key segments. The key reader 40 may be contained within a Faraday cage, which may be the same Faraday cage housing isolated computer 30. The key reader 40 may read keys that are printed, etched, digitally stored, or otherwise stored. Key reader 40 may be a scanner (e.g., photo scanner or bar code scanner), QR reader”, Col. 59 line 8-18 “In step S208, the trustee, administrator and/or custodian using the trust computer system may use the retrieved private key segments to reassemble the private keys…the retrieved private key segments may be scanned using key reader 40, and decrypted (as necessary) using decryption software on the isolated computer 30 as part of the trust computer system, and combined and associated with the corresponding public key to regenerate a trust wallet.”, where the key segments are represented by QR as further disclosed in Col. 38 line 62-67 and Col. 39 line 3-9, where scanning printed key segments as QR using isolated computer is a form of offline signing service,  
Consistent with the description of an offline signing service in the instant application where [0084] “The offline signing service may receive secret parts via offline pathways, e.g., by scanning a printed (or electronically displayed) QR code or reading a portable storage drive.”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bunch in view of Carlson to incorporate the teaching of Winklevoss to utilize the above feature, with the motivation of receiving security keys in a localized manner, i.e. isolated trusted computer, as recognized by (Winklevoss Col. 59 line 8-18).

Regarding claim 28 (Currently Amended), Bunch in view of Carlson and Winklevoss teaches the method of claim 27, 
Bunch in view of Carlson do not disclose the below limitation.
Winklevoss discloses wherein each encrypted asset encryption key part is communicated to a respective part holder computing device as a printout of a quick response (QR) code (Winklevoss Figure 11A Col. 38 line 62-67 and Col. 39 line 3-9 “In a step S3434, the storage system may transfer each encrypted private key segment to a different electronic vault (i.e. part holder) for storage…A code, such as a bar code or QR code, may be provided along with the key segments (e.g., printed with a physically transcribed copy of a key segment electronically saved with an electronic key segment, or appended to an electronic key segment, to name a few). The code may identify the key segments (e.g., which key segments are part of the same key) and/or the order of the key segments.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bunch in view of Carlson to incorporate the teaching of Winklevoss to utilize the above feature, with the motivation of securely retrieving lost keys, as recognized by (Winklevoss Col. 40 line 8-10).

Claims 31-33 are rejected under 35 U.S.C. 103 as being unpatentable over Bunch in view of Carlson and further in view of Mahaffey et. al. (US 9602508 B1), hereinafter Mahaffey.

Regarding claim 31 (New), Bunch in view of Carlson teaches the computing device of claim 1, 
Bunch in view of Carlson do not disclose the below limitations.
Mahaffey discloses wherein the at least one processor is further configured to encrypt the at least one symmetric key using a password such that the password is required to access the at least one symmetric key (Mahaffey discloses in Col. 17 line 58-67 and Col. 18 line 1-9 “In FIG. 14, at step 1405, the device stores symmetric key. At step 1410, the symmetric key is encrypted using a password-derived key. ”, where the encrypted symmetric key can be accessed by the password as illustrated in Figure 14 (1410 and 1425)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Bunch in view of Carlson to incorporate the teaching of Mahaffey to utilize the above feature, with the motivation of authenticating the user to perform actions, as recognized by (Mahaffey Figure 14, Col. 15 line 23-32).

Claims 32-33 are directed to a computing device and method, respectively, associated with the computing device claimed in claim 31. Claims 32-33 are similar in scope to claim 31, and are therefore rejected with the same rationale and motivation as claim 31.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 





/BASSAM A NOAMAN/Examiner, Art Unit 2497                                                                                                                                                                                                        /ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497