DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/24/2020 and 03/17/2021 is being considered by the examiner.

Terminal Disclaimer
Terminal Disclaimer of 03/01/2022 has been approved.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
The application has been amended as follows: 

1.  (Currently Amended) A method, comprising:
obtaining, at a source, source data that is attested to by an attestation server;
encrypting, by the source, the source data with a source encryption key of the source to form source-encrypted source data;

establishing, by the source, a recipient-based rekeying key through an encrypting combination of a source decryption key of the source and a recipient public key of a particular recipient; 
sending, from the source, the recipient-based rekeying key to the storage server, wherein a request sent to the storage server to share the source data with the particular recipient causes the storage server to i) re-encrypt the source-encrypted source data with the recipient-based rekeying key, the re-encrypting resulting in recipient-based encrypted source data that is the source data encrypted with the recipient public key of the particular recipient, wherein the storage server is unable to decrypt the recipient-based encrypted source data, and ii) send the recipient-based encrypted source data to the particular recipient to cause the particular recipient to decrypt the recipient-based encrypted source data using a recipient private key of the particular recipient to obtain the source data;
establishing an attestation-server-based rekeying key through an encrypting combination of the source decryption key of the source and an attestation server public key; and
sending the attestation-server-based rekeying key to the storage server, wherein an attestation request sent to the storage server to share the source data with the attestation server causes the storage server to i) re-encrypt the source-encrypted source data with the attestation-server-based rekeying key, the re-encrypting resulting in the source data encrypted with the attestation server public key, wherein the storage server is unable to decrypt the source data encrypted with the attestation server public key, ii) send the source data encrypted with the attestation server public key to the attestation server to cause the attestation server to i) decrypt the source data encrypted with the attestation server public key using an attestation server private key of the attestation server, and ii) create a signed certificate based on the attestation server attesting to the source data, the signed certificate to allow a verifying recipient to confirm that the source data has been attested to by the attestation server based on the signed certificate.


sending a plurality of recipient-based rekeying keys to the storage server, each recipient-based rekeying key of the plurality of recipient-based rekeying keys corresponding to an encrypting combination of the source decryption key and a respective recipient public key of a respective recipient from a plurality of recipients, wherein the storage server selects, based on the particular recipient in the request to share the source data, a particular recipient-based rekeying key of the plurality of recipient-based rekeying keys that corresponds to the particular recipient for re-encrypting the source-encrypted source data.

3.  (Original) The method as in claim 2, further comprising:
sending a plurality of sets of source-encrypted source data to the storage server, wherein sending the request to share the source data with the particular recipient comprises an indication of a particular set of source-encrypted source data to share, wherein the storage server is configured to select, based on the request to share the source data, the particular set of source-encrypted source data to re-encrypt with the recipient-based rekeying key and send to the particular recipient.

4.  (Original) The method as in claim 3, further comprising:
associating two or more sets of source-encrypted source data together, wherein each of the associated two or more sets individually requires a respective recipient private key to decrypt the corresponding source data once re-encrypted into recipient-based encrypted source data.

5.  (Original) The method as in claim 4, wherein one of the two or more sets is used for user-identifying information, and wherein one or more other sets of the two or more sets are used for data other than user-identifying information.



7.  (Original) The method as in claim 2, wherein one or more of the plurality of recipients comprise a group of categorically similar recipients that share a group-based recipient public key.

8.  (Original) The method as in claim 1, further comprising:
sending the request to share the source data with the particular recipient to the storage server.

9.  (Original) The method as in claim 8, wherein sending the recipient-based rekeying key is contemporaneous with sending the request to share the source data with the particular recipient.

10.  (Original) The method as in claim 1, wherein sending the source-encrypted source data to the storage server is contemporaneous with sending the recipient-based rekeying key.

11.  (Original) The method as in claim 1, wherein the source encryption key is a public key of the source and wherein the source decryption key is a private key of the source.

12.  (Original) The method as in claim 1, further comprising:
receiving, from the storage server, the recipient public key of the particular recipient.

13.  (Original) The method as in claim 1, wherein the request to share the source data with the particular recipient is received from an authorized controller device that is unable to decrypt the source-encrypted source data or the recipient-based encrypted source data.

14.  (Original) The method as in claim 1, wherein the request is received by the storage server prior to the source sending the recipient-based rekeying key, the method further comprising 
receiving, from the storage server in response to the storage server receiving the request, the recipient public key of the particular recipient.

15.  (Original) The method as in claim 1,  wherein any source data is not stored once it is encrypted into the source-encrypted source data.

16.  (Original) The method as in claim 1, wherein the source comprises one of either an application or a website configured to collect the source data.

17.  (Cancelled) 



18.  (Currently Amended) The method as in claim 1
receiving the signed certificate at the source; and
sending the signed certificate from the source to the verifying recipient.

19.  (Currently Amended) The method as in claim 1

20.  (Currently Amended) The method as in claim 1

21.  (Currently Amended) The method as in claim 1
sending the attestation request from the source to the storage server.

22.  (Currently Amended) The method as in claim 1
receiving instructions from the attestation server to collect the source data.

23.  (Currently Amended) The method as in claim 1
receiving instructions from the verifying recipient to collect the source data. 

24.  (Currently Amended) The method as in claim 1

25.  (Original) The method as in claim 24, wherein the attestation server is configured to attest to the personally identifying information based solely on the source data. 

26.  (Original) The method as in claim 24, further comprising:
establishing communication between the source and the attestation server, wherein the attestation server is configured to attest to the personally identifying information based on the source data and user interaction via the established communication. 

27.  (Currently Amended) The method as in claim 1.   [Add Period]

28.  (Currently Amended) The method as in claim 1
computing a hash of the source data; and


29.  (Original) The method as in claim 1, further comprising:
requesting a signed certificate for the source data from an attestation server, the signed certificate to allow the particular receiving device to confirm that the source data has been attested to by the attestation server; and
including the signed certificate along with the source data in the source-encrypted source data.

30.  (Original) The method as in claim 1, further comprising:
receiving instructions from a controller device to collect the source data.

31.  (Original) The method as in claim 1, wherein the storage server is configured to confirm that the particular recipient is authorized to receive the source data and to deny access to the source data in response to the particular recipient not being authorized to receive the source data, the method further comprising:
receiving a reason for denial to the request to share the source data with the particular recipient from the storage server.

32.  (Original) The method as in claim 1, wherein the storage server is configured to confirm that the particular recipient is authorized to receive the source data and to deny access to the source data in response to the particular recipient not being authorized to receive the source data, wherein the storage server is configured to confirm that the particular recipient is authorized to receive the source data based on at least one of either: the source and the particular recipient; the source data and the particular recipient; or the particular recipient itself. 

33.  (Original) The method as in claim 1, further comprising:
updating the source encryption key from an original source encryption key to an updated source encryption key;
updating the corresponding source decryption key from an original source decryption key to an updated source decryption key;
encrypting the source data with the updated source encryption key to form updated source-encrypted source data; and
sending the updated source-encrypted source data to the storage server, wherein the storage server is unable to decrypt the updated source-encrypted source data;
wherein establishing additional recipient-based rekeying keys after sending the updated source-encrypted source data to the storage server is performed through an encrypting combination of the updated source decryption key of the source and a recipient public key of a given recipient.

34.  (Original) The method as in claim 33, wherein one or more original recipient-based rekeying keys established through an encrypting combination of the original source decryption key and a recipient public key of a respective recipient are stored at the storage server, the method further comprising:
replacing the one or more original recipient-based rekeying keys stored at the storage server with respective updated recipient-based rekeying keys established through an encrypting combination of the updated source decryption key and the recipient public key of a respective recipient.

35.  (Original) The method as in claim 33, wherein one or more original recipient-based rekeying keys established through an encrypting combination of the original source decryption key and a recipient public key of a respective recipient are stored at the storage server, the method further comprising:

sending the source-based re-encryption key to the storage server to cause the storage server to apply the source-based re-encryption key to each of the one or more original recipient-based rekeying keys to generate a respective updated recipient-based rekeying key to replace each of the one or more original recipient-based rekeying keys that is an encrypting combination of the updated source decryption key and a respective recipient public key of a respective recipient. 

36.  (Original) The method as in claim 1, further comprising:
updating the source encryption key from an original source encryption key to an updated source encryption key;
updating the corresponding source decryption key from an original source decryption key to an updated source decryption key;
establishing a source data re-encryption key through an encrypting combination of the original source decryption key and the updated source encryption key; and
sending the source data re-encryption key to the storage server to cause the storage server to apply the source data re-encryption key to the source-encrypted source data to generate an updated source-encrypted source data that is the source data encrypted by the updated source encryption key.

37.  (Original) The method as in claim 36, wherein one or more original recipient-based rekeying keys established through an encrypting combination of the original source decryption key and a recipient public key of a respective recipient are stored at the storage server, the method further comprising:
replacing the one or more original recipient-based rekeying keys stored at the storage server with respective updated recipient-based rekeying keys established through an encrypting 

38.  (Original) The method as in claim 36, wherein one or more original recipient-based rekeying keys established through an encrypting combination of the original source decryption key and a recipient public key of a respective recipient are stored at the storage server, the method further comprising:
establishing a source-based re-encryption key for the one or more original recipient-based rekeying keys through an encrypting combination of the original source encryption key and the updated source decryption key; and
sending the source-based re-encryption key to the storage server to cause the storage server to apply the source-based re-encryption key to each of the one or more original recipient-based rekeying keys to generate a respective updated recipient-based rekeying key to replace each of the one or more original recipient-based rekeying keys that is an encrypting combination of the updated source decryption key and a respective recipient public key of a respective recipient. 

39.  (Original) The method as in claim 1, further comprising:
computing a hash of the source data; and
including the hash as part of the source-encrypted source data to cause the particular recipient to confirm that the source data obtained at the particular recipient is the same as the source data sent from the source based on matching the hash included as part of the source-encrypted source data to a computed hash of the source data computed by the particular recipient. 

40.  (Currently Amended) A method, comprising:
obtaining, at a source, source data that is attested to by an attestation server;

sending, from the source to a storage server, the source data in the format that no device other than the source is able to read;
establishing, by the source, a conversion key for a particular recipient; 
sending, from the source, the conversion key to the storage server, wherein a request sent to the storage server to share the source data with the particular recipient causes the storage server to i) convert, based on the conversion key, the source data into a format readable only by the particular recipient; and ii) send the source data in the format readable only by the particular recipient to the particular recipient
establishing an attestation-server-based conversion key; and
sending the attestation-server-based conversion key to the storage server, wherein an attestation request sent to the storage server to share the source data with the attestation server causes the storage server to i) convert the source data with the attestation-server-based conversion key into a format readable only by the attestation server, ii) send the source data in the format readable only by attestation server to the attestation server to cause the attestation server to i) read the source data, and ii) create a signed certificate based on the attestation server attesting to the source data, the signed certificate to allow a verifying recipient to confirm that the source data has been attested to by the attestation server based on the signed certificate.

41.  (Original) The method as in claim 40, further comprising:
sending a plurality of conversion keys to the storage server, each conversion key of the plurality of conversion keys corresponding to a respective recipient. 

42.  (Original) The method as in claim 40, further comprising:
sending a plurality of instances of source data to the storage server in a format such that no device other than the source is able to read each particular instance of source data of the 

43.  (Cancelled) 



44.  – 51.  (Cancelled) 

Allowable Subject Matter
Claims 1-16 and 18-42 are allowed.

The following is an examiner’s statement of reasons for allowance: the combination of limitations within independent claims 1 and 40 including “sending the attestation-server based conversion key to the storage server; convert the source data with the attestation-server based conversion key into a format readable only by the attestation server; send the source data in the format readable only by the attestation server to the attestation server; create a signed certificate based on the attestation server attesting to the source data are not found in the art of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM J GOODCHILD whose telephone number is (571)270-1589. The examiner can normally be reached M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/William J. Goodchild/Primary Examiner, Art Unit 2433