DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on February 4, 2022.
Claims 27-42, 52, 54 and 56-57 are allowed.

Allowable Subject Matter
Claims 27-42, 52, 54 and 56-57 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance.
Independent Claim 27 is allowable based on the amendment presented on February 4, 2022.
Specifically, the independent Claim 27 now recites limitations as follows:
“A system comprising: 
a first user computing device having a first memory and a first at least one processor; and 
at least one remotely located computing device having a second memory and a second at least one processor, wherein the at least one remotely located computing device is configured to communicate with the first user computing device; 
a plurality of trusted computing devices, each of the plurality of trusted computing devices having a respective memory and a respective at least one processor; 

wherein the first user computing device is configured to: 
split at least one secret into a plurality of shares, wherein at least a subset of the plurality of shares is sufficient to reconstruct the at least one secret;
generate a respective hash for each respective share of the plurality of shares, 
encrypt each of the plurality of shares based on a different public encryption key of the plurality of public encryption keys to create a plurality of encrypted shares; and 
communicate the plurality of encrypted shares and the respective hash for each respective share of the plurality of shares to the at least one remotely located computing device; and AMENDMENT AND RESPONSEPAGE 3 
Serial No.: 16/889,277wherein the at least one remotely located computing device is configured to; 
store the plurality of encrypted shares; 
transfer, via at least one mobile storage device, each respective encrypted share of the plurality of encrypted shares to a respective trusted computing device of the plurality of trusted computing devices; 
transfer each respective hash for each respective share of the plurality of shares to a respective trusted computing device of the plurality of trusted computing devices; 
wherein each of the plurality of trusted computing devices is configured to: 
decrypt a respective encrypted share into a respective un-encrypted share; 
generate a respective recovery hash from the respective un-encrypted share; and 
verify that the respective un-encrypted share matches one of the plurality of shares before it was encrypted at least in part by comparing the respective hash with the respective recovery hash to determine whether data in the respective un- encrypted share is accurate”.

The cited reference Setty et al. (US PGPUB. # US 2018/0375653) discloses, a client device 102 also obtains public keys from the leaf agent devices 106. For each share to be associated with a leaf agent device 106, the client device 102 encrypts the share with the public key of the leaf agent device 106. The share is then communicated to the service 104, which stores or otherwise maintains the share in any of a variety of different manners. For example, the service 104 can store the share in a storage device (e.g., solid state drive, magnetic drive, etc.) of the service 104. The service 104 typically stores, but need not store, the shares in encrypted form. (¶28). The device generates different shares of the protected key, each share being a value that, in combination with the other share(s), allows the protected key to be recovered. Each share is associated with a particular leaf agent, the device encrypts each share with the public key of the leaf agent associated with the share and provides (Abstract). The client device 102 creates multiple shares of the protected key 114 for the leaf agents such that shares from the combination(s) of leaf agents specified in the key recovery policy 112 can be used to recover the protected key 114. (¶27). The key share generation module 206 can generate the key shares for the protected key 114 in any of a variety of different manners. Table I below illustrates an example of generating the key shares for the protected key 114. (¶47).  Multiple key shares of the protected key are generated base on the key recovery policy (act 504). These key shares can be generated in various different manners as discussed above, and are generated so that the protected key can be recovered given an appropriate combination of leaf agents (as indicated by the key recovery policy). (Fig. 5(504), ¶122).  Each of the multiple key shares is encrypted with a public key of a public/private key pair of a leaf agent with which the key share is associated (act 508). This allows the leaf agent with which a key share is associated to decrypt the encrypted key share, but prevents others from decrypting the encrypted key share. (Fig. 5(508), ¶124). 
Irwan et al. (US PAT. # US 10,084,600, hereinafter “Irwan”) discloses, receiving plurality of encrypted shares at a client device and decrypting the plurality of encrypted shares with private key and generates a secure data. (Fig. 7B, CL(14), LN(44-67)), CL(15), LN(1-15)). 
Bendersky et al. (US PGPUB. # US 2020/0052889, hereinafter “Bendersky”) discloses, splitting a key into “N” pieces and encrypting each secret piece. Merging secret pieces for an authentication to grant or deny access.  (Fig. 13, ¶119-¶127).
Chi Sing Chum-Xiaowen Zhang (“Hash function based secret sharing scheme designs) discloses, multi party secret sharing utilizing hash function. (Page -2). It provides threshold scheme and recovering secret based on hash. (Fig. 2). It also discloses, verifiable scheme.
Johnson et al. (US PAT. # US 6,052,469) discloses, a cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so that the session key may be regenerated from the key recovery values P, Q and (if generated) R. Key recovery values P and Q are encrypted using the respective public recovery keys of a pair of key recovery agents. The encrypted P and Q values are included along with other recovery information in a session header accompanying an encrypted message sent from the sender to the receiver. The key recovery agents may recover the P and Q values for a law enforcement agent by decrypting the encrypted P and Q values in the session header, using their respective private recovery keys corresponding to the public keys. The R value, if 
Bellala (US PGPUB. # US 2018/0205707) discloses, a method comprising: dividing, by a computing device at a first party among a plurality of parties, local data into a plurality of data segments; recursively encrypting, by the computing device, each data segment using a plurality of public keys corresponding to the plurality of parties and a mediator; sharing, by the computing device, the local data comprising the encrypted plurality of data segments with the mediator; anonymizing, by the computing device, aggregated local data received from the mediator; and communicating, by the computing device from the mediator, a global sum that preserves privacy of the plurality of parties in a multi-party environment, wherein the global sum is computed by the mediator based on the collection of data segments that are decrypted recursively using the private key corresponding to each party and the private key corresponding to the mediator.
D'Souza (US PGPUB. # US 2013/0212393) discloses, a method for securing a secret are disclosed. One method includes receiving a secret from the user and generating encrypted shares based on the secret, a policy, and a plurality of public keys. The encrypted shares are provided to a custodian, 
Vakili et al. (US PGPUB. # US 2019/0342080) discloses, methods for hybrid secret sharing are disclosed. In accordance with embodiments, a computing device may encrypt the secret message using a first encryption key to generate an encrypted secret message. The computing device may also split a second encryption key into a plurality of key shares in accordance with a threshold number. The threshold number is less than or equal to the number of the plurality of key shares. Then, the computing device may transmit a plurality of messages. Each message of the plurality of messages comprises the encrypted secret message and one of the plurality of key shares.
Jager et al. (US PGPUB. # US 2021/0105136)
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest the limitations regarding “…….
transfer, via at least one mobile storage device, each respective encrypted share of the plurality of encrypted shares to a respective trusted computing device of the plurality of trusted computing devices; transfer each respective hash for each respective share of the plurality of shares to a respective trusted computing device of the plurality of trusted computing devices; wherein each of the plurality of trusted computing devices is configured to: decrypt a respective encrypted share into a respective un-encrypted share; generate a respective recovery hash from the respective un-encrypted share; and verify that the respective un-encrypted share matches one of the plurality of shares before it was encrypted at least in part by comparing the respective hash with the respective recovery hash to determine whether data in the respective un- encrypted share is accurate”, in combination with the rest of the limitations recited in the independent claim(s).
None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 27 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claims 52 is a method claim of above device claim 27 and therefore, it is also allowed.
Claims 28-42 depend on the allowed claim 1, and therefore, they are also allowed.
Claims 54 and 56-57 depend on the allowed claim 52, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and 





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498