DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on January 18, 2022.
Status of claim within the present application:
Claims 1 – 34 are pending.
Claims 1, 5, 10, 14 – 16, 20, 22, and 25 are amended.

Response to Arguments
Applicant’s remarks and amendments submitted on January 18, 2022 for application 16/685,624 have been considered and are persuasive. Therefore, the previous claim rejections have been withdrawn.

Allowable Subject Matter
Claims 1 – 25 are allowed. The following is an examiner’s statement of reasons for allowance: the following prior arts were yielded during examination of the claims filed on
January 18, 2022 in response to office action mailed on August 20, 2021. They do not explicitly teach the applicant’s claimed invention, but they are in general realm of applicant’s field of endeavor:
Wright et al. [WO 2017145010 A1]: This is considered closet prior art to the present application that has methodology and technology for a computer-implemented solution for controlling access to a computer-related resource such as, for example, a digital wallet. In one or more embodiments, the wallet may be implemented using a blockchain such as the Bitcoin 
Wright does discloses the secret splitting plus safe storage technique, in combination with a secure transmission technique such as described below, provides a secure key-management solution. The secure transmission technique of the present invention involves the CS being generated at each end of the transmission in an independent manner, so that while both nodes know the CS it has not had to travel over potentially unsecure communication channels. Once that CS has been established at both ends, it can be used to generate a secure encryption 

Tegeder et al. [US 20190372765 A1]: This prior art discloses methodology for implementing said protocol, for providing overt ledger secured key escrow access to encrypted data. The invention uses a plurality of trustee systems, each holding a secret share of a secret, to validate requests for the secret from authorised third parties. When a valid request is made, each trustee system publishes its secret share to a ledger. The secret shares can be combined to reveal the encryption key only by the authorised third party. Requests for the encryption key, and the 
Tegeder does discloses the first party system encrypts the secret p using the first object key γ of the object key pair to generate the encrypted secret γ(p). Controlling access to the secret p via the object key pair γ, γ* has numerous advantages; however, as explained above, the present system also functions when the secret p is directly split into the secret shares σi. Para. 46 discloses the first party system 101 generates a plurality of secret shares σi in a k, n secret sharing scheme, as described above with respect to FIG. 1, such that each secret share σi includes an element of the second object key γ*, i.e. the key that can be used to decrypt the encrypted secret γ(p). As also mentioned above, the second object key γ* may be encrypted using the third party's public key, α.sub.3P*, or the second validation key β*, which is provided to the trustee system before being split into the secret shares σi by the first party system 101. Each published request for the secret shares may comprise a validation token and an encrypted validation token. Each secret share may also pertain to a share of an identifier associated with the third party system such that the identifier can be derived from the secret shares.

Wall et al. [US 20180316495 A1]: This prior art discloses methodology for an orthogonal access control system based on cryptographic operations provided by multi-hop proxy re-encryption (PRE) that strictly enforces only authorized access to data by groups of users, scalable to large numbers of users. Scalable delegation of decryption authority can be shared with a plurality of members of a group whether those members be users or devices, and members of a group can further create sub groups and delegate decryption authority to those members, whether users or devices. Members are granted access via generation of transform 
Wall does discloses prompt the user to provide a removable storage device such as a USB memory stick. The client application could generate a random key that it uses with a symmetric-key encryption algorithm such as AES256-GCM to encrypt the private key, then store the random key on the removable storage device.

Porter et al. [US 20180137299 A1]: This prior art discloses methodology for the actions of launching a root enclave; accessing an enclave manifest by the root enclave, wherein the enclave manifest specifies, for each of a plurality of component enclaves, a particular role for the respective component enclave; and instantiating each of the component enclaves, each component enclave configured to perform its respective role; wherein the root enclave and component enclaves form an enclave pod. Other embodiments of this aspect include corresponding systems, apparatus, and computer programs, configured to perform the actions of the methods, encoded on computer storage devices.
Porter does discloses the process associates N customer with a rendezvous enclave (602). For example, assume multiple organizations agree to provide their confidential input to the cloud provider without revealing their data with the goal to compute their common algorithm on the combined data inputs and share the results. Each customer out of N group sign up for enclave management service from a public cloud provider, selects the task to provision cloud enclave pod (e.g., component enclave pods 520 for that customer), and specifies how the enclaves are to be managed, the configuration properties, etc. a cloud key management system generates the enclave signing key and, using a key splitting technique, provides all N participants 

Nowak et al. [US 20190124081 A1]: This prior art discloses methodology for FIDO (“Fast IDentity Online”) authentication processes and systems are described. In an embodiment, a FIDO information systems (IS) computer system receives a FIDO authentication request for a transaction from a user device, which includes user data and user device authenticator data. The FIDO IS computer system then verifies the user data and user device authenticator data, selects a FIDO-certified server, transmits the FIDO authentication request to the selected FIDO server, and receives a challenge message from the selected FIDO-certified server. The FIDO IS computer system next transmits the challenge message to the user device, receives a FIDO authentication response, transmits the FIDO authentication response to the selected FIDO-certified server, receives an authentication result from the FIDO-certified server, and transmits the authentication result to the user device.
Nowak does discloses with U2F, user authentication requires a strong second factor such as a Near Field Communication (NFC) tap, or by connecting a USB security token to the user 

Kariv et al. [US 20190268149 A1]: This prior art discloses methodology for secure storage and retrieval of secrets within distributed computer systems, including private encryption keys used for client authentication during establishment of secure communications channels. The secret-storage systems partition an input secret into multiple secret shares and distribute the secret shares among multiple secret-share-storing node subsystems, without persistently storing the secret itself. An agent within a client device subsequently requests a secret share corresponding to a secret, or a share of data derived from the secret share, from each of the multiple secret-share-storing nodes. Each secret-share-storing node transmits the requested secret share or derived-data share to the agent, which reconstructs the secret from all or a portion of the secret shares or a data value from all or a portion of the derived-data shares transmitted to the agent.
Kariv does discloses computational services were generally provided by computer systems and data centers purchased, configured, managed, and maintained by service-provider organizations. For example, an e-commerce retailer generally purchased, configured, managed, 

Nimry et al. [US 10158651 B1]: This prior art discloses methodology for an example client device includes a processor configured construct a key to be used to encrypt or decrypt data of a communication session between the client device and a server device, partition the key into a plurality of key partitions, send data representative of the key and a location of the client device to the server device, send data representative of each of the plurality of key partitions to a respective key verification server device of a plurality of key verification server devices, and after receiving an indication from the server device that the key has been verified using data representative of the key, the location of the client device, and the plurality of key partitions, encrypt or decrypt data exchanged with the server device using the key.
Nimry does discloses a computer-readable medium, such as a computer-readable storage medium, has stored thereon instructions that, when executed, cause a processor of a client device to construct a key to be used to encrypt or decrypt data of a communication session between the client device and a server device, partition the key into a plurality of key partitions, send, via the network interface. Server device 106 may send instructions to partition the key into key partitions, and send each of the key partitions to a respective one of key verification server devices.

However, none of the prior arts of record independently or in-combination discloses all the limitation of the independent claims 1, 20, 25, and 30 as recited in the amended set of claims being examined.
Therefore, the independent claims are allowable over the prior arts of record. The dependent claims being definite, further limiting, and fully enabled by the specification are also allowed by virtue of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434