Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1 and 3 are rejected under 35 U.S.C. 102 (a)(1) as being anticipated by Li et. al. (Hereinafter referred to as Li, US. Pub. No.: US 20120243687 A1).

As per claim 1:
Li discloses a method comprising:
generating, by a computing device using a secret sharing algorithm, a plurality of portions of an encryption key ([0022] Different techniques may be employed to partition an encryption key into fragments. For example, in some implementations, the service computer system 102 
sending, to one or more devices and for derivation of a decryption key associated with the encryption key, a first portion of the plurality of portions of the encryption key and a second portion of the plurality of portions of the encryption key ([0041]: when a need arises to decrypt the i-th data object, the service computer system key reconstructor 220 may issue an encryption key fragment retrieval message (e.g., retrieve key of URI.sub.i) to 
sending, to the one or more devices, content encrypted based on the encryption key ([0039]: The service computer system 202 may transmit the encrypted data object to a remote computer system (not shown) for storage. In some cases, the remote computer system may be owned and/or operated by a third-party. However, even in such cases, the data object remains secure because it is encrypted).

As per claim 3:
Li discloses determining the one or more devices based on an inclusion of the one or more devices in a device group associated with at least one of: a geographic location; a type of device; or a time zone ([0078]: encryption key fragment distributor/retriever 706 is configured to distribute encryption key fragments using placement techniques intended to facilitate timely retrieval of encryption key fragments for encryption key reconstruction while also providing protection against both data store-level failures and higher-level failures (e.g., region-level failures like natural disasters). For example, if an encryption key is fragmented into n encryption key fragments according to a scheme that enables the encryption key to .


Claims 12-13 and 16 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by KIM et al. (Hereinafter referred to as KIM, US 20150312759 A1).

As per claim 12:
KIM discloses a method comprising:
receiving, by a computing device and for derivation of a decryption key associated with an encryption key, a first portion of a plurality of portions of the decryption key and a second portion of the plurality of portions of the decryption key ([0027]: The encrypting of the content may include: generating an encryption key for encrypting the content and generating a plurality of partial keys; distributing the generated plurality of partial keys to the plurality of devices; and encrypting the content by using the encryption key).
receiving content encrypted based on the encryption key ([0028]: The encrypting of the content may further include encrypting the plurality of partial keys, and the distributing of the 
generating, based on the first portion and the second portion and using a secret sharing algorithm, the decryption key; decrypting, using the decryption key, the encrypted content; and causing the decrypted content to be outputted by the computing device ([0017]: The controller may be configured to recover a decryption key corresponding to the encryption key from the plurality of partial keys distributed to at least one external device and to decrypt the encrypted content by using the recovered decryption key in response to determining that the at least one external device is located within the proximate spacing from the mobile device. [0030] The method may further include the decrypting of the encrypted content includes: recovering a decryption key corresponding to the encryption key from the plurality of partial keys distributed to the plurality of devices in response to determining that the number of devices located within the proximate spacing of each other is equal to or greater than the threshold value; and decrypting the encrypted content by using the recovered decryption key. [0090] In detail, the security group 10 that includes the first through third devices 100 through 300 may encrypt or decrypt content based on a threshold method which is a modified method of a secret sharing method. In the threshold method, if t or more participants from among N participants are near each other, original secret information may be recovered. If less than t participants are near each other, the original secret information may not be recovered.  [0097] In operation S310, an encryption key and a plurality of partial keys are generated. In detail, the first device 100 may generate an encryption key and a plurality of partial keys that are to be distributed to the first 

As per claim 13:
KIM discloses sending, to a server, a request for the encrypted content ([0314] In operation S3030a, the first device 500 transmits a first encryption approval message to the server 800. For example, the first encryption approval message may include an encryption value of the first partial key T1 stored in the first device 500); and receiving, based on the request for the encrypted content, the second portion of the plurality of portions of the decryption key (([0330] In operation S3230, the server 800 deletes the encryption key. In operation S3240, the server 800 encrypts the first through third partial keys. In operation S3250a, the server 800 transmits the encrypted first partial key to the first device 500. In operation S3250b, the server 800 transmits the encrypted second partial key to the second device 600. In operation S3250c, the server 800 transmits the encrypted third partial key to the third device 700).

As per claim 16:
KIM discloses wherein the first portion and the second portion are sent at different times ([0038]: the service computer system key distributor may calculate a threshold number of confirmations needed to be received in order to declare a distribution a success by balancing the tradeoff between key distribution performance (e.g., the time required to complete the distribution of the encryption key fragments to different key distribution computer systems; .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 6-11 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Li et. al. (Hereinafter referred to as Li, US. Pub. No.: US 20120243687 A1) in view KIM et al. (Hereinafter referred to as KIM, US 20150312759 A1).

As per claim 2:
Li does not explicitly disclose wherein generating the plurality of portions of the encryption key comprises determining a threshold quantity of portions required to derive the 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of generating the plurality of portions of the encryption key disclosed by Li to include determining a threshold 

As per claim 6:
KIM discloses wherein the first portion and the second portion are sent at different times ([0038]: the service computer system key distributor may calculate a threshold number of confirmations needed to be received in order to declare a distribution a success by balancing the tradeoff between key distribution performance (e.g., the time required to complete the distribution of the encryption key fragments to different key distribution computer systems; [0040]: If a period of time elapses and acknowledgement messages have not been received from each of the key distribution computer systems, the policy enforcement controller may resend deletion messages to those key distribution computer systems that have not yet confirmed successful deletion).

As per claim 7:


As per claim 8:
KIM discloses sending, to one or more second devices for derivation of the decryption key without the first secret, the second portion and a third portion of the plurality of portions of the encryption key ([0152]: For example, the first device 100 may transmit the encrypted second and third partial keys to the second and third devices 200 and 300 via a wireless communication connection such as WiFi, 3G, LTE, Bluetooth, or the like.)


KIM discloses receiving, from a second device, a request for a portion of the plurality of portions of the encryption key; and sending, based on a determination that the second device is restricted from accessing the content, an indication of alternate content ([0189] In operation S1340, the first device 100 encrypts the second and third partial keys. For example, the first device 100 may generate encrypted second and third partial keys sk2 and sk3 by respectively encrypting the second and third partial keys, so as to ensure security in the transmitting. Thus, in the transmitting of the encrypted second and third partial keys, devices that are not included in the security group 10 may not obtain the second and third partial keys; [0343]:  partial keys may be distributed between members of a group. Thus, whereas any member of the group may generate an event such as a contest, a quiz, or the like, the event may be started at a same time only when all participants, from among all the members of the group, are prepared. As another example, in the field of a lock or a lock release of an electronic apparatus, partial keys with respect to a password for turning on a TV may be distributed to parents. Accordingly, the TV may be turned on only when one of the parents is at home. Additionally, as another example, content may be a will, and partial keys may be distributed between descendants. Accordingly, the will may be viewed only when all the descendants gather in the same location. As another example, content may be a test result, and partial keys may be distributed between teachers. Thus, whereas the test result may be registered for only when at least some of the teachers gather in the same location, any student may view the test result).

As per claim 10:


As per claim 11:
KIM discloses determining the one or more devices based on a content restriction event comprising at least one of: a sporting event, a play, a political debate, or an election result ([0084] The content may be video content (for example, a TV program, video on demand (VOD), user-created content (UCC), a music video clip, a YouTube video clip, or the like), still image content (for example, a photograph, a picture, or the like), text content (for example, an e-book for a poem or a novel, a letter, a work file, a web page, or the like), music content (for example, music, a musical program, a radio broadcast, or the like), or an application (for example, a widget, a game, a video phone call, or the like). [0343]: in the field of entertainment, partial keys may be distributed between members of a group. Thus, whereas any member of the group may generate an event such as a contest, a quiz, or the like, the event may be started at a same time only when all participants, from among all the members of the group, are prepared. As another example, in the field of a lock or a lock release of an electronic apparatus, partial keys with respect to a password for turning on a TV may be distributed to parents. Accordingly, the TV may be turned on only when one of the parents is at home. Additionally, as another example, content may be a will, and partial keys may be distributed between descendants. Accordingly, 

As per claim 17:
Li discloses a method comprising: 
sending, by a computing device to a plurality of devices, a first portion of a plurality of portions of an encryption key ([0041]: when a need arises to decrypt the i-th data object, the service computer system key reconstructor 220 may issue an encryption key fragment retrieval message (e.g., retrieve key of URI.sub.i) to all key distribution computer systems that store encryption key fragments. [0044] After the key distribution computer systems return a sufficient number of encryption key fragments associated with the data object, the service computer system reconstructor 220 reconstructs the encryption key for the data object from the returned encryption key fragments. The reconstructed encryption key then is transferred to the transient encryption key store 208 from which it is accessed by the encryption engine 206 in the data management system 200 to decrypt the data);
based on a request from a first device, of the plurality of devices, for first content,  sending, for use with the first portion to derive a decryption key corresponding to the encryption key, a second portion of the plurality of portions of the encryption key ([0030] After partitioning the encryption key, EKey.sub.i, into fragments, the service computer system 
sending, to the first device, the first content encrypted with the encryption key; and sending an indication of second content different from the first content ([0035] Each key distribution computer system may include a key distribution computer system distributor that is configured to receive encryption key fragments from the service computer system 202 and an encryption key fragment store that is configured to store received encryption key fragments. For example, as illustrated in FIG. 2, the key distribution computer system key distributor 216 at the j-th key distribution computer system 204 receives the j-th encryption key fragment storage request to store the j-th encryption key fragment, EKey.sub.i,j, transmitted by the service computer system 202 and stores the j-th encryption key fragment, EKey.sub.i,j, to the key distribution computer system's encryption key fragment store 218 along with an indication of the association between the encryption key fragment, EKey.sub.i,j, and the identifier assigned to the data object. In addition, the key distribution computer system 204 also may send an acknowledgement (e.g., Add {URI.sub.i, EKey.sub.i,j} OK,) to the service computer system 202 to signal that the encryption key fragment, EKey.sub.i,j, has been stored successfully. [0091] At 908, the first subset of encryption key 
Li does not explicitly disclose sending the indication of second content different from the first content is based on a request from a second device for the first content. KIM, in analogous art however, discloses sending the indication of second content different from the first content is based on a request from a second device for the first content ([0343]: Partial keys may be distributed between members of a group. Thus, whereas any member of the group may generate an event such as a contest, a quiz, or the like, the event may be started at a same time only when all participants, from among all the members of the group, are prepared. As another example, in the field of a lock or a lock release of an electronic apparatus, partial keys with respect to a password for turning on a TV may be distributed to parents. Accordingly, the TV may be turned on only when one of the parents is at home. Additionally, as another example, content may be a will, and partial keys may be distributed between descendants. Accordingly, the will may be viewed only when all the descendants gather in the same location. As another example, content may be a test result, and partial keys may be distributed between teachers. Thus, whereas the test result may be registered for only when at least some of the teachers gather in the same location, any student may view the test result).


As per claim 18:
KIM discloses generating the plurality of portions of the encryption key based on a determination of a threshold quantity of portions required to derive the decryption key (([0068-009]: Description of Split-Knowledge and the Application of Shamir's Secret-Sharing Algorithm. [0070-0071] Any group of K or more entities (up to N) can come together to reconstruct the secret MKEK or an AKEK, but no group of less than K entities can accomplish this. Such a system is called a (K,N)-threshold scheme.  A popular technique to implement share reconstitution in  polynomial  based  threshold  schemes uses  polynomial  interpolation ("Lagrange  interpolation"). Two points uniquely define a line, three points define a parabola, four define a cubic curve, etc. More generally, n coordinate pairs (xi, yi) uniquely define 

As per claim 19:
Li discloses wherein the sending the indication of second content different from the first content is based on at least one of: a geographic restriction; a device restriction; or a time restriction ([0078]: encryption key fragment distributor/retriever 706 is configured to distribute encryption key fragments using placement techniques intended to facilitate timely retrieval of encryption key fragments for encryption key reconstruction while also providing protection against both data store-level failures and higher-level failures (e.g., region-level failures like natural disasters). For example, if an encryption key is fragmented into n encryption key fragments according to a scheme that enables the encryption key to be reconstructed from k <n fragments, at least k encryption key fragments may be distributed to each of geographic regions 702(a), 702(b), and 702(c). Consequently, if the encryption key fragments stored in one geographic region (e.g., California 702(a)) are unavailable for retrieval due to some sort of catastrophic failure like a natural disaster (e.g., an earthquake) impacting the data stores in the geographic region, it still may be possible for 

As per claim 20:
KIM discloses wherein the encryption key and the decryption key are the same key (([0405]  According to another exemplary embodiment, if the symmetric encryption method is employed, the encrypter 82 may encrypt content by using the symmetric key. In detail, the encrypter 82 may encrypt content by using the session key, and encrypt the session key by using the symmetric key).

Claims 4, 5 are rejected under 35 U.S.C. 103 as being unpatentable over Li et. al. (Hereinafter referred to as Li, US. Pub. No.: US 20120243687 A1) in view Abukari, Arnold Mashud, Edem Kwedzo Bankas, and Mohammed Iddrisu Muniru. "AN EFFICIENT THRESHOLD CRYPTOGRAPHY SCHEME FOR CLOUD ERP DATA." March 2020 Hereinafter referred to as Mashud)

As per claim 4:
Li does not explicitly disclose the plurality of portions correspond to a plurality of hyperplanes; and the decryption key corresponds to an intersection of the plurality of hyperplanes. Mashud, in analogous art however, discloses the plurality of portions correspond to a plurality of hyperplanes; and the decryption key corresponds to an intersection of the 

As per claim 5:
Mashud discloses wherein each of the plurality of portions is associated with a point of a polynomial; and the decryption key corresponds to a term of the polynomial (Page 2: Section 3.1; Shamir Secret Sharing Scheme, on polynomial construct by Lagrange interpolation. For the same motivation as provide above).

Claims 14, 15 are rejected under 35 U.S.C. 103 as being unpatentable over KIM et al. (Hereinafter referred to as KIM, US 20150312759 A1) in view Abukari, Arnold Mashud, Edem Kwedzo Bankas, and Mohammed Iddrisu Muniru. "AN EFFICIENT THRESHOLD CRYPTOGRAPHY SCHEME FOR CLOUD ERP DATA." March 2020 Hereinafter referred to as Mashud)


KIM does not explicitly disclose the plurality of portions correspond to a plurality of hyperplanes; and the decryption key corresponds to an intersection of the plurality of hyperplanes. Mashud, in analogous art however, discloses the plurality of portions correspond to a plurality of hyperplanes; and the decryption key corresponds to an intersection of the plurality of hyperplanes (Page 2: Section 3.2: Blakley Secret Sharing Scheme, reconstruct secret on intersection of participating points in hyperplane using projective geometry). Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of the plurality of portions disclosed by KIM to use well established technique that the plurality of portions corresponds to a plurality of hyperplanes; and the decryption key corresponds to an intersection of the plurality of hyperplanes. This modification would have been obvious because a person having ordinary skill in the art would have been capable of applying this very well and long known technique of Blakley Secret Sharing Scheme to enhance secret sharing cryptographic decryption keys and the enhanced result would have been predictable to one of ordinary skill in the art.

As per claim 15:
Mashud discloses wherein each of the plurality of portions is associated with a point of a polynomial; and the decryption key corresponds to a term of the polynomial (Page 2: Section 3.1; Shamir Secret Sharing Scheme, on polynomial construct by Lagrange interpolation. For the same motivation as provide above).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior art.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business 





/TECHANE GERGISO/Primary Examiner, Art Unit 2494