Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statements
The information disclosure statement(s) (IDS) submitted on 11/02/2020, 01/21/2021, & 7/02/2021 have been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) have been considered by the examiner.

Rejection under 35 U.S.C. 112(b)
Claims 7-12 and 19-24 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 7-10 and 19-23 recites: “the subshares.” There is insufficient antecedent support for this feature. Instead, claims 7 and 19 recite “sub shares.” The examiner suggests changing the recitation of “subshares” in claims 7, 9, 11, and 19 to instead recite “subshares” in order to overcome the rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5 and 13-17 are rejected under 35 U.S.C. 103 as being unpatentable over US 2020/0274692 to Simon et al. (hereinafter Simon) , in view of US 2020/0119917 to Christensen et al. (hereinafter Christensen), and in further view of US 2020/0250327 to Naraidoo et al. (hereinafter Naraidoo).
Regarding claim 1, Simon teaches,
A method, comprising: 
receiving second devices' public keys; 
Simon in the middle of [0033] teaches keys 32-1-32-N (“plurality of key shards”), which are encrypted using a corresponding public key 50-1-50-N (“second devices public keys”).
Simon does not teach,
authenticating the received second devices' public keys; 
While Simon in [0035] and fig. 1 teaches contract oracles (20-1-20-N) that are authenticated using the public keys (50-1-50-N) (“second devices' public keys”) of the contract oracles (20-1-20-N) (“second devices”), where the public keys (50-1-50-N) are used by the contract creator (12) and/or contract executor (16) in fig. 1 of Simon. Simon does not appear to teach the above features related to authenticating.
However, Christensen teaches the above features,
Christensen in the last sentence of [0150] teaches that authentication can be performed on the part holders 1620 (see fig. 21) which provide public keys 2043 to the part distributor 1925, which corresponds to authenticating the “second device” and its associated public keys. The part holders 1620 hold the part
Christensen in fig. 21 teaches a part distributor 1925 that uses symmetric key 732 and public keys 2043 from part holders 1620 to double encrypt secret parts 738. (See Christensen, [0150-151)) 
encrypting data with a first device's symmetric key, the first device a member of a first set of devices; 
Simon at the end of [0031] teaches the threshold cryptosystem of Shamir's Secret Sharing cryptosystem, is used to secure a secret (i.e., key) in a distributed way. The secret is split into multiple parts, called shares which are used to reconstruct the original secret. (see below, discussion of: threshold number R)
Simon in the middle of [0031]teaches encryption of the sensitive data 24 (“encrypting data”) using the symmetric keys 32-1-32-N. (Simon, fig. 1 (see fig. 1: K1(31-1) … KN (32-N) of computing device (14)) The examiner interprets symmetric keys 32-1-32-N as corresponding to “first device's symmetric key.”
generating a plurality of key shards based on the symmetric key such that the symmetric key can be reconstituted from the plurality of key shards; 
The examiner interprets each of symmetric keys 32-1 to 32-N as a “a plurality of key shards based on the symmetric key.” 
Simon in the second half of [0031] teaches that a threshold number of at least size R (where 1≤R≤N) of the symmetric keys 32-1-32-N is needed to decrypt the encrypted package 34 / sensitive data 24.  
encrypting, respectively, the plurality of key shards with public key… from the first … device…; 
Simon in the first part of [0044] and the smart contract 26-1 of fig. 2 teaches that the multi-stage smart contract 26-1 comprises three stages 70-1A-70-3A (generally, stages 70 on right side of smart contract 26-1). The stage 70-1A comprises at least one envelope 48-1A, which in turn includes an encrypted key 32-1A (“K1A”) of the contract creator 12 that has been encrypted using the public key 40 (“public keys from the first set of devices”) of the contract executor 16. The encrypted key 32-1A is placed inside an encrypted wrapper 38-1A that has been encrypted using the public key 50-1A (“the second devices public keys”) of an oracle 20-1A (“C1A”). 
The examiner notes that Simon in the second sentence of [0021] teaches that the smart contract may be implemented by one or more electronic contract executors, and thus, the contract executor 16 is also interpreted as multiple devices.
Simon does not teach “public keys from the first set of devices,”
encrypting, respectively, the plurality of key shards with public keys from the first set of devices; 
However, Naraidoo teaches the above features,
Naraidoo in the Abstract teaches that fragmented data and keys may be encrypted and the storage of the fragmented data to different storage locations may be mapped.  Additionally, the method may be repeatedly applied to encrypted fragments of keys in a cascade fragmentation process to add further levels of security. Naraidoo in [0003] teaches that the keys may come from the custodians of the data (“keys from the first set of devices”).  Naraidoo in [0009] teaches the use of public keys.
Naraidoo in [0102-106] teaches the cascading of data and keys that may be applied in multiple levels, where the data and keys are split and encrypted, then split again using a second level of encryption keys in a process called Cascade Fragmentation of keys and data. (See also fig. 2, S25-S26 which map the storage locations of the fragments.  
Simon teaches the following,
encrypting, respectively, the plurality of key shards with the second devices public keys; and 
Simon in the middle of [0033] teaches keys 32-1-32-N (“plurality of key shards”), which are encrypted using a corresponding public key 50-1-50-N (“second devices public keys”).
In detail, Simon in [0045] (referring to fig. 2) also teaches encrypted key 32-2A (one of the “plurality of key shards”) placed inside encrypted wrapper 38-2A, that has been encrypted with public key 50-2A of Oracle 20-2A (“second devices public keys”). Simon in [0046] (referring to fig. 2) teaches encrypted key 32-3A placed inside encrypted wrapper 38-3A, that has been encrypted with public key 50-3A of oracle 20-3A.  
Simon in the second half of [0047] teaches that four layers of encryption occur, including the layer discussed in [0045-46].
Simon also teaches the above features in [0077-79] has similar teaching, as elaborated below.
Simon in [0077] teaches that fig. 7 teaches the interactions of the between a contract executor 134 and an oracle 138, which correspond to fig. 1 contract executor 16 and contract oracle 20-1-20-N. (See also, Simon in [0032-33] which teach encrypting the symmetric keys 32-1-32-N using public keys of oracles 20-1-20-N.
Simon in the middle of [0078] teaches that the sensitive data is encrypted using a symmetric key 146, and that the symmetric key 146 may be one of a plurality of symmetric keys (not shown in fig. 7). The examiner asserts that symmetric key 146 corresponds to the symmetric keys 32-1 to 32-N in fig. 1 (“a plurality of key shards based on the symmetric key”).
Simon in [0079] teaches encrypting  the symmetric key 146 (“encrypting … the plurality of key shards”) using both pubic key 152 (“with public keys from the first set of devices”) of the contract executor 134 and public key 160 (“with the second devices public keys”) of the oracle 138.
storing the encrypted data, the plurality of key shards encrypted with the first devices' public keys, and the plurality of key shards encrypted with the second devices' public keys in one or more non-transitory memory devices such that the encrypted data is secured at one of the one or more non-transitory memory devices … 
Simon in [0031] teaches that the sensitive data 24 (“the encrypted data”) s encrypted, using the symmetric keys 31-1-32-N, to form the encrypted package 34. Figs 2 and 3 teach that smart contract 26-1 (of fig. 2) and smart contract 26-2 (fig. 3) store the encrypted package 34-1A and 34-1B, respectively.  
Additionally, Simon in [0042] teaches that contract creator 12 encrypts sensitive data 24 and the symmetric keys 32-1-32-N. See also, keys 32 in the encrypted package 34-1A of the smart contract 26-1 of fig. 2)
... and decryptable with the plurality of key shards encrypted with the second devices' public keys by reassembling the plurality of key shards encrypted with the second device's public key into the first device's symmetric key.
As stated above, Simon in the second half of [0031] teaches that a threshold number of at least size R (where 1≤R≤N) of the symmetric keys 32-1-32-N is needed to decrypt the encrypted package 34.  
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Simon, which teaches a symmetric key used to encrypt data that is stored in multiple components that are double encrypted using public keys of other devices, where a threshold number of the multiple components are needed to re-assemble the symmetric key, with Christensen, which teaches performing authentication on the part holders 1620 of fig. 21, which provides the public keys used to perform double encryption. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to authenticate a device that provides public keys for encryption, so that encrypted data is encrypted by keys of a known / authenticated device.  
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Simon, which teaches a symmetric key used to encrypt data that is stored in multiple components that are double encrypted using public keys of other devices, where a threshold number of the multiple components are needed to re-assemble the symmetric key, with Naraidoo, which teaches performing splitting of keys and data and the encryption of the split keys and data, performed at multiple levels in a process known as Cascade Fragmentation. One of ordinary skill in the art would have been motivated to perform such an addition to provide additional levels of security, as discussed in the Abstract of Naraidoo.  

Regarding claim 2, Simon teaches,
The method of claim 1, wherein at least some of the plurality of key shards encrypted with the second devices public keys are required to reconstitute the symmetric key.
Simon at the end of [0031] teaches the threshold cryptosystem of Shamir's Secret Sharing cryptosystem, is used to secure a secret (i.e., key) in a distributed way. The secret is split into multiple parts, called shares which are used to reconstruct the original secret. (see below, discussion of: threshold number R).
Simon in the second half of [0031] teaches that a threshold number of at least size R (where 1≤R≤N) of the symmetric keys 32-1-32-N is needed to decrypt the encrypted package 34 / sensitive data 24.  

Regarding claim 3, Simon teaches,
The method of claim 1, further comprising: 
in response to a request to access the encrypted data, collecting a threshold of the plurality of key shards encrypted with the second devices' public keys; 
Simon in the second half of [0044] teaches decrypting wrapper 38-1A using private key 54-1A to decrypt the encrypted key 32-1A (i.e., part of symmetric key).  Similarly, Simon I the second halves of [0045] and [0046] teach similar decrypting of key 32-1B and 32-1C, respectively.  
reconstituting the symmetric key from the collected plurality of key shards; and 
decrypting the encrypted data stored in the non-transitory memory device with the reconstituted symmetric key.
As discussed above, Simon in [0031] teaches using a threshold number of symmetric keys 32-1-32-N  to decrypt the encrypted package 34 (“decrypt the encrypted data”).
	
Regarding claim 4, Simon teaches,
The method of claim 3, wherein the reconstituting includes assembling the collected plurality of shards and decrypting the shards to obtain the encrypted symmetric key and decrypting the obtained encrypted symmetric key with a second device's private key.
	See rejection of claim 3 above. 
Simon in the second half of [0033] teaches using the plurality of private keys 54-1-54-N (“second device’s private key”), which correspond to the public keys 50-1-50-N (“second device’s public keys”) of the oracles 20-1-20-N (“second devices”).    

Regarding claim 5, Simon teaches,
The method of claim 1, wherein the plurality of key shards encrypted with the second devices' public keys includes output generated by processing the symmetric key as input to a threshold cryptography data-sharing scheme.
	See rejections of claims 2-4.  
Again, as discussed above, Simon in [0031] teaches using a threshold number of symmetric keys 32-1-32-N  to decrypt the encrypted package 34 (“decrypt the encrypted data”).

Regarding claim 13, Simon teaches,
A first computing device comprising: 
a processor; and 
one or more memories that include instructions that, when executed by the processor, cause the computing device to: 
receive second devices' public keys; 
Simon in the middle of [0033] teaches keys 32-1-32-N (“plurality of key shards”), which are encrypted using a corresponding public key 50-1-50-N (“second devices public keys”).
Simon does not teach,
authenticate the received second devices' public keys; 
While Simon in [0035] and fig. 1 teaches contract oracles (20-1-20-N) that are authenticated using the public keys (50-1-50-N) (“second devices' public keys”) of the contract oracles (20-1-20-N) (“second devices”), where the public keys (50-1-50-N) are used by the contract creator (12) and/or contract executor (16) in fig. 1 of Simon. Simon does not appear to teach the above features related to authenticating.
However, Christensen teaches the above features,
Christensen in the last sentence of [0150] teaches that authentication can be performed on the part holders 1620 (see fig. 21) which provide public keys 2043 to the part distributor 1925, which corresponds to authenticating the “second device” and its associated public keys. The part holders 1620 hold the part
Christensen in fig. 21 teaches a part distributor 1925 that uses symmetric key 732 and public keys 2043 from part holders 1620 to double encrypt secret parts 738. (See Christensen, [0150-151)) 
encrypt data with the first computing device's symmetric key, the first device a member of a first set of devices; 
Simon at the end of [0031] teaches the threshold cryptosystem of Shamir's Secret Sharing cryptosystem, is used to secure a secret (i.e., key) in a distributed way. The secret is split into multiple parts, called shares which are used to reconstruct the original secret. (see below, discussion of: threshold number R)
Simon in the middle of [0031]teaches encryption of the sensitive data 24 (“encrypting data”) using the symmetric keys 32-1-32-N. (Simon, fig. 1 (see fig. 1: K1(31-1) … KN (32-N) of computing device (14)) The examiner interprets symmetric keys 32-1-32-N as corresponding to “first device's symmetric key.”
generate a plurality of key shards based on the symmetric key such that the symmetric key can be reconstituted from the plurality of key shards; 
The examiner interprets each of symmetric keys 32-1 to 32-N as a “a plurality of key shards based on the symmetric key.” 
Simon in the second half of [0031] teaches that a threshold number of at least size R (where 1≤R≤N) of the symmetric keys 32-1-32-N is needed to decrypt the encrypted package 34 / sensitive data 24.  
encrypt, respectively, the plurality of key shards with public key… from the first … device…; 
Simon in the first part of [0044] and the smart contract 26-1 of fig. 2 teaches that the multi-stage smart contract 26-1 comprises three stages 70-1A-70-3A (generally, stages 70 on right side of smart contract 26-1). The stage 70-1A comprises at least one envelope 48-1A, which in turn includes an encrypted key 32-1A (“K1A”) of the contract creator 12 that has been encrypted using the public key 40 (“public keys from the first set of devices”) of the contract executor 16. The encrypted key 32-1A is placed inside an encrypted wrapper 38-1A that has been encrypted using the public key 50-1A (“the second devices public keys”) of an oracle 20-1A (“C1A”). 
The examiner notes that Simon in the second sentence of [0021] teaches that the smart contract may be implemented by one or more electronic contract executors, and thus, the contract executor 16 is also interpreted as multiple devices.
Simon does not teach “public keys from the first set of devices,”
encrypt, respectively, the plurality of key shards with public keys from the first set of devices; 
However, Naraidoo teaches the above features,
Naraidoo in the Abstract teaches that fragmented data and keys may be encrypted and the storage of the fragmented data to different storage locations may be mapped.  Additionally, the method may be repeatedly applied to encrypted fragments of keys in a cascade fragmentation process to add further levels of security. Naraidoo in [0003] teaches that the keys may come from the custodians of the data (“keys from the first set of devices”).  Naraidoo in [0009] teaches the use of public keys.
Naraidoo in [0102-106] teaches the cascading of data and keys that may be applied in multiple levels, where the data and keys are split and encrypted, then split again using a second level of encryption keys in a process called Cascade Fragmentation of keys and data. (See also fig. 2, S25-S26 which map the storage locations of the fragments.  
Simon teaches the following,
encrypt, respectively, the plurality of key shards with the second devices public keys; and 
Simon in the middle of [0033] teaches keys 32-1-32-N (“plurality of key shards”), which are encrypted using a corresponding public key 50-1-50-N (“second devices public keys”).
Simon in [0045] (referring to fig. 2) also teaches encrypted key 32-2A (one of the “plurality of key shards”) placed inside encrypted wrapper 38-2A, that has been encrypted with public key 50-2A of Oracle 20-2A (“second devices public keys”). Simon in [0046] (referring to fig. 2) teaches encrypted key 32-3A placed inside encrypted wrapper 38-3A, that has been encrypted with public key 50-3A of oracle 20-3A.  
Simon in the second half of [0047] teaches that four layers of encryption occur, including the layer discussed in [0045-46].
Simon also teaches the above features in [0077-79] has similar teaching, as elaborated below.
Simon in [0077] teaches that fig. 7 teaches the interactions of the between a contract executor 134 and an oracle 138, which correspond to fig. 1 contract executor 16 and contract oracle 20-1-20-N. (See also, Simon in [0032-33] which teach encrypting the symmetric keys 32-1-32-N using public keys of oracles 20-1-20-N.
Simon in the middle of [0078] teaches that the sensitive data is encrypted using a symmetric key 146, and that the symmetric key 146 may be one of a plurality of symmetric keys (not shown in fig. 7). The examiner asserts that symmetric key 146 corresponds to the symmetric keys 32-1 to 32-N in fig. 1 (“a plurality of key shards based on the symmetric key”).
Simon in [0079] teaches encrypting  the symmetric key 146 (“encrypting … the plurality of key shards”) using both pubic key 152 (“with public keys from the first set of devices”) of the contract executor 134 and public key 160 (“with the second devices public keys”) of the oracle 138.
store the encrypted data, the plurality of key shards encrypted with the first devices' public keys, and the plurality of key shards encrypted with the second devices' public keys in one or more non-transitory memory devices such that the encrypted data is secured at one of the one or more non-transitory memory devices… 
Simon in [0031] teaches that the sensitive data 24 (“the encrypted data”) s encrypted, using the symmetric keys 31-1-32-N, to form the encrypted package 34. Figs 2 and 3 teach that smart contract 26-1 (of fig. 2) and smart contract 26-2 (fig. 3) store the encrypted package 34-1A and 34-1B, respectively.  
Additionally, Simon in [0042] teaches that contract creator 12 encrypts sensitive data 24 and the symmetric keys 32-1-32-N. See also, keys 32 in the encrypted package 34-1A of the smart contract 26-1 of fig. 2)
… and decryptable with the plurality of key shards encrypted with the second devices' public keys by reassembling the plurality of key shards encrypted with the second device's public key into the first device's symmetric key.
As stated above, Simon in the second half of [0031] teaches that a threshold number of at least size R (where 1≤R≤N) of the symmetric keys 32-1-32-N is needed to decrypt the encrypted package 34.  
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Simon, which teaches a symmetric key used to encrypt data that is stored in multiple components that are double encrypted using public keys of other devices, where a threshold number of the multiple components are needed to re-assemble the symmetric key, with Christensen, which teaches performing authentication on the part holders 1620 of fig. 21, which provides the public keys used to perform double encryption. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to authenticate a device that provides public keys for encryption, so that encrypted data is encrypted by keys of a known / authenticated device.  
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Simon, which teaches a symmetric key used to encrypt data that is stored in multiple components that are double encrypted using public keys of other devices, where a threshold number of the multiple components are needed to re-assemble the symmetric key, with Naraidoo, which teaches performing splitting of keys and data and the encryption of the split keys and data, performed at multiple levels in a process known as Cascade Fragmentation. One of ordinary skill in the art would have been motivated to perform such an addition to provide additional levels of security, as discussed in the Abstract of Naraidoo.  

Regarding claim 14, Simon, Christensen, and Naraidoo teach,
The first computing device of claim 13, wherein at least some of the plurality of key shards encrypted with the second devices public keys are required to reconstitute the symmetric key.
Claim 14 is rejected using the same basis of arguments used to reject claim 2 above.

Regarding claim 15, Simon, Christensen, and Naraidoo teach,
The first computing device of claim 13, wherein the instructions that, when executed by the processor, further cause the computing device to: 
in response to a request to access the encrypted data, collect a threshold of the plurality of key shards encrypted with the second devices' public keys; 
reconstitute the symmetric key from the collected plurality of key shards; and 
decrypt the encrypted data stored in the non-transitory memory device with the reconstituted symmetric key.
Claim 15 is rejected using the same basis of arguments used to reject claim 3 above.

Regarding claim 16, Simon, Christensen, and Naraidoo teach,
The first computing device of claim 15, wherein the reconstituting includes assembling the collected plurality of shards and decrypting the shards to obtain the encrypted symmetric key and decrypting the obtained encrypted symmetric key with a second device's private key.
	Claim 16 is rejected using the same basis of arguments used to reject claim 4 above.

Regarding claim 17, Simon, Christensen, and Naraidoo teach,
The first computing device of claim 13, wherein the plurality of key shards encrypted with the second devices' public keys includes output generated by processing the symmetric key as input to a threshold cryptography data-sharing scheme.
	Claim 17 is rejected using the same basis of arguments used to reject claim 5 above.


Claims 6 and 18  are rejected under 35 U.S.C. 103 as being unpatentable over Simon in view of Christensen, in view of Naraidoo, in further view of US 2009/0313269 to Bachmann (hereinafter Bachmann). 

Regarding claim 6, Bachmann teaches,
The method of claim 1, wherein the authenticating comprises:
receiving a first set of words based on a hash of the second devices public keys, the first set of words generated with a mnemonic generator; 
Bachmann in fig. 13 teaches performing a hash 22 on password 130 (“second device public keys”), where the password 130 replaces the document 20 (of figs. 3 and 8). (Bachmann [0068])
Bachmann in [0046-47] teaches performing a hash on a document 20 (or password of fig. 13) in step 22. Then, Bachmann in [0048-49] and steps 26-31 of fig. 3 teach dividing the hash and selecting words (noun, verb, adjective). (see also fig. 11, S112, where the 24 bit number is divided into three 8 bit numbers) Then, Bachmann in [0050] and steps 34 and 36 teach combining the selected words into a mnemonic.
at the first device, hashing the second devices public keys and generating a second set words with the mnemonic generator; 
Bachmann in fig. 8 teaches determining whether a particular document (i.e., password) is identical to a document version associated with a word mnemonic. Bachmann in [0056-58] teaches the details of fig. 8.
and verifying the first and second sets of words match.
	Bachmann in fig. 8 Step 85 compares the hash values to determine if there is a match.  
	Bachmann in [0030] and [0055] each teach determining whether two documents are the same by comparing the respective word mnemonics.
	Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Simon, which teaches a symmetric key used to encrypt data that is stored in multiple components that are double encrypted using public keys of other devices, where a threshold number of the multiple components are needed to re-assemble the symmetric key, so that the symmetric key may be used to decrypt the encrypted data, with Bachmann, which teaches using the hash of public keys to create a memorable word mnemonic. One of ordinary skill in the art would have been motivated to perform such an addition to provide the user with an easy to remember version of the password / public keys so that the public keys could be retrieved / remembered by the user without memorizing a random number / alphanumeric number.

Regarding claim 18, Simon, Christensen, Naraidoo, and Bachmann teach,
The first computing device of claim 13, wherein the authenticating comprises:
 receiving a first set of words based on a hash of the second devices public keys, the first set of words generated with a mnemonic generator; 
at the first device, hashing the second devices public keys and generating a second set words with the mnemonic generator; and verifying the first and second sets of words match.
Claim 18 is rejected using the same basis of arguments used to reject claim 6 above.


Claims 7-11 and 19-23 are rejected under 35 U.S.C. 103 as being unpatentable over Simon, in view of Christensen, and further in view of to US 10,742,422 to Jarjoui et al. (hereinafter Jarjoui).

Regarding claim 7, Simon teaches,    
A method comprising: 
receiving a second set of devices' public keys; 
Simon in the middle of [0033] teaches keys 32-1-32-N (“plurality of key shards”), which are encrypted using a corresponding public key 50-1-50-N (“second devices public keys”).
Simon does not teach,
authenticating the received second devices' public keys; 
While Simon in [0035] and fig. 1 teaches contract oracles (20-1-20-N) that are authenticated using the public keys (50-1-50-N) (“second devices' public keys”) of the contract oracles (20-1-20-N) (“second devices”), where the public keys (50-1-50-N) are used by the contract creator (12) and/or contract executor (16) in fig. 1 of Simon. Simon does not appear to teach the above features related to authenticating.
However, Christensen teaches the above features,
Christensen in the last sentence of [0150] teaches that authentication can be performed on the part holders 1620 (see fig. 21) which provide public keys 2043 to the part distributor 1925, which corresponds to authenticating the “second device” and its associated public keys. The part holders 1620 hold the part
Christensen in fig. 21 teaches a part distributor 1925 that uses symmetric key 732 and public keys 2043 from part holders 1620 to double encrypt secret parts 738. (See Christensen, [0150-151)) 
Simon teaches the following features,
creating … a plurality of encrypted key shards stored in a file, the plurality of encrypted key shards based on a first device's symmetric key such that the symmetric key can be reconstituted from the plurality of key shards, the plurality of encrypted key shards encrypted, respectively, with public keys of a first set of devices including the first device; 
It is noted that Simon does not appear to teach sub shares (see recitation below) of the plurality of encrypted key shards. 
However, Simon teaches a symmetric key being divided (once) (“a plurality of encrypted key shards”) and double encrypted based on a plurality of public keys provided from a plurality of devices, which is related to Shamir’s secret sharing. See rejection of claim 1, regarding the teachings of Simon in [0033], [0045], and [46-47] regarding “encrypting, respectively, the plurality of key shards with the second devices public keys.” Thus, Simon teaches at least the symmetric key being encrypted by a plurality of public keys.
In contrast, Jarjoui teaches a private key being divided (“a plurality of encrypted key shards”) and the divided key again being subdivided (“sub shares of a plurality of encrypted key shard”), which is also related to Shamir’s secret sharing. (See Jarjoui in (4) / Col. 2, lines 24-26) 
Simon does not teach following features, in particular, Simon does not teach “sub shares”,
creating sub shares of a plurality of encrypted key shards stored in a file, the plurality of encrypted key shards based on a first device's … key such that the … key can be reconstituted from the plurality of key shards, the plurality of encrypted key shards encrypted, respectively, with public keys of a first set of devices including the first device; 
However, Jarjoui teaches the above features, 
Jarjoui in fig. 8 (See S820, S830, and S840) and (63-64) / Col. 13, lines 61-64, Col. 14, lines 6-10, and Col. 14, lines 16-18, which teach the details of the double encryption of a first (inner) layer and a second (outer) layer. (See also, Jarjoui, (6) / Col. 3, lines 20-28)
Jarjoui in (96) / Col. 20, lines 52-58) teaches further dividing / sharding 5 key shares (which have already been divided) into sub-key shares. This portion of Jarjoui, much like Simon, teaches Shamir’s Secret Sharing. Further, a quorum (i.e., threshold under Shamir’s secret sharing) of at least 2 is needed to unlock the encrypted sub-key. 
encrypting the subshares with the second set of devices' public keys; and 
Jarjoui at the end of (96) / Col. 20, lines 54-58, teaches that the encryption techniques discussed earlier in Jarjoui, are used to encrypt the sub-key shares (“encrypting the subshares”), and that that unlocking of the sub-keys requires a quorum of 2.  The earlier discussed encryption techniques include, as stated above, Jarjoui in fig. 8 in S 820, S 830, and S 840 teaches the first and second level / layer of encryption.  
storing the encrypted subshares on one or more non-transitory memory devices.
Jarjoui at the end of (96) / Col. 20, lines 56-58 teaches that two or more users have the sub-key shares. 
See also fig. 11, which depicts multiple users 1110, 1112, 1114, ect, that receive a transaction (“data”)  
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Simon, which teaches a symmetric key used to encrypt data that is stored in multiple components that are double encrypted using public keys of other devices, where a threshold number of the multiple components are needed to re-assemble the symmetric key, with Christensen, which teaches performing authentication on the part holders 1620 of fig. 21, which provides the public keys used to perform double encryption. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to authenticate a device that provides public keys for encryption, so that encrypted data is encrypted by keys of a known / authenticated device.  
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Simon, which teaches a symmetric key used to encrypt data that is stored in multiple components that are double encrypted using public keys of other devices, where a threshold number of the multiple components are needed to re-assemble the symmetric key, so that the symmetric key may be used to decrypt the encrypted data, with Jarjoui, a symmetric key used to encrypt data that is stored in multiple components that are double encrypted using public keys of other devices, where a threshold number of the multiple components are needed to re-assemble the symmetric key, so that the symmetric key may be used to decrypt the encrypted data, but further teaches: sub-sharding a component of the once encrypted symmetric key into even smaller components, which are further encrypted (double encrypted). One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability of sub-sharding / sub-fragmenting pieces (i.e., components) of a symmetric key to increase the number of components that have to be shared in order to reassemble the symmetric key.

Regarding claim 8, Jarjoui teaches,
The method of claim 7, wherein at least some of the subshares encrypted with the second set of devices' public keys are required to reconstitute the symmetric key.
Jarjoui at the end of (96) / Col. 20, lines 54-58, teaches that the encryption techniques discussed earlier in Jarjoui, are used to encrypt the sub-key shares (“encrypting the subshares”), and that that unlocking of the sub-keys requires a quorum of 2.  The earlier discussed encryption techniques include, as stated above, Jarjoui in fig. 8 in S820, S830, and S840 teaches the first and second level / layer of encryption.  
	Jarjoui at the end of (96) / Col. 20, lines 54-58, teaches that the encryption techniques are used to encrypt the sub-key shares (“subshares encrypted with the second set of devices' public keys”), and that that unlocking of the sub-keys requires a quorum of 2 (“at least some of the subshares”) is needed to unlock the encrypted sub-key.

Regarding claim 9, Jarjoui teaches,
The method of claim 7, further comprising: 
in response to a request to access an encrypted object, collecting a threshold of the sub shares; 
reconstituting the symmetric key from the collected subshares; and 
Jarjoui at the end of (96) / Col. 20, lines 54-58, teaches that the encryption techniques discussed earlier in Jarjoui, are used to encrypt the sub-key shares (“encrypting the subshares”), and that that unlocking of the sub-keys requires a quorum of 2.  The earlier discussed encryption techniques include, as stated above, Jarjoui in fig. 8 in S820, S830, and S840 teaches the first and second level / layer of encryption.  
	Jarjoui at the end of (96) / Col. 20, lines 54-58, teaches that the encryption techniques are used to encrypt the sub-key shares (“subshares encrypted with the second set of devices' public keys”), and that that unlocking of the sub-keys requires a quorum of 2 (“at least some of the subshares”) is needed to unlock the encrypted sub-key.
decrypting the encrypted object stored in the non-transitory memory device with the reconstituted symmetric key.
	Jarjoui at the end of (4) / Col. 2, lines 55-58 teaches decrypting a key that is used to encrypt/decrypt a transaction packet.
	Jarjoui in the last steps of fig. 10 and also in (84-85) \ Col. 18, lines 26-28 & 31-33 teach decrypting transaction packets after decrypting the double encrypted key shares (see fig. 10, S1030).
Similarly, Simon in fig. 5F in S110 teaches decrypting sensitive data 24 of the encrypted package 34 using a subset (i.e., threshold) of the plurality of symmetric keys.
As stated above, Simon teaches the symmetric key.

Regarding claim 10, Jarjoui teaches,
The method of claim 9, where in the reconstituting includes assembling the collected subshares and decrypting the subshares … 
As discussed above, this feature is taught by Jarjoui at the end of (96) / Col. 20, lines 54-58.
Jarjoui at the end of (96) / Col. 20, lines 54-58, teaches that the encryption techniques discussed earlier in Jarjoui, are used to encrypt the sub-key shares (“encrypting the subshares”), and that that unlocking of the sub-keys requires a quorum of 2.  The earlier discussed encryption techniques include, as stated above, Jarjoui in fig. 8 in S820, S830, and S840 teaches the first and second level / layer of encryption.  
Jarjoui in the last steps of fig. 10 and also in (84-85) \ Col. 18, lines 26-28 & 31-33 teach decrypting transaction packets after decrypting the double encrypted key shares (see fig. 10, S1030).
Jarjoui does not teach the following,
… to obtain the encrypted symmetric key and decrypting the obtained encrypted symmetric key with second devices private keys.
	However, Simon teaches the above feature,
As stated above, Simon teaches the symmetric key.
As discussed above, Simon in [0031] teaches using a threshold number of symmetric keys 32-1-32-N  to decrypt the encrypted package 34 (“decrypt the encrypted data”).

Regarding claim 11, Jarjoui teaches,
The method of claim 7, wherein the encrypted sub shares include output generated by processing the symmetric key as input to a threshold cryptography data-sharing scheme.
Jarjoui in (96) / Col. 20, lines 52-58) teaches further dividing / sharding 5 key shares (which have already been divided) into sub-key shares (“sub shares”). This portion of Jarjoui, much like Simon, teaches Shamir’s Secret Sharing. Further, a quorum (i.e., threshold under Shamir’s secret sharing) of at least 2 is needed to unlock the encrypted sub-key. 
The examiner interprets the Shamir secret sharing of Jarjoui as corresponding to “a threshold cryptography data-sharing scheme.”
Similarly, Simon in [0031] teaches that a threshold number of symmetric keys 32-1-32-N are needed to decrypt the package 34 / sensitive data 24. 
As stated above, Simon teaches the symmetric key.

Regarding claim 19, Simon teaches,
A first computing device comprising: 
a processor; and 
one or more memories that include instructions that, when executed by the processor, cause the computing device to: 
receive a second set of devices' public keys; 
Simon in the middle of [0033] teaches keys 32-1-32-N (“plurality of key shards”), which are encrypted using a corresponding public key 50-1-50-N (“second devices public keys”).
Simon does not teach,
authenticate the received second devices' public keys; 
While Simon in [0035] and fig. 1 teaches contract oracles (20-1-20-N) that are authenticated using the public keys (50-1-50-N) (“second devices' public keys”) of the contract oracles (20-1-20-N) (“second devices”), where the public keys (50-1-50-N) are used by the contract creator (12) and/or contract executor (16) in fig. 1 of Simon. Simon does not appear to teach the above features related to authenticating.
However, Christensen teaches the above features,
Christensen in the last sentence of [0150] teaches that authentication can be performed on the part holders 1620 (see fig. 21) which provide public keys 2043 to the part distributor 1925, which corresponds to authenticating the “second device” and its associated public keys. The part holders 1620 hold the part
Christensen in fig. 21 teaches a part distributor 1925 that uses symmetric key 732 and public keys 2043 from part holders 1620 to double encrypt secret parts 738. (See Christensen, [0150-151)) 
Simon teaches the following features,
create … of a plurality of encrypted key shards stored in a file, the plurality of encrypted key shards based on a first computing device's symmetric key such that the symmetric key can be reconstituted from the plurality of key shards, the plurality of encrypted key shards encrypted, respectively, with public keys of a first set of devices including the first computing device; 
It is noted that Simon does not appear to teach sub shares (see recitation below) of the plurality of encrypted key shards. 
However, Simon teaches a symmetric key being divided (once) (“a plurality of encrypted key shards”) and double encrypted based on a plurality of public keys provided from a plurality of devices, which is related to Shamir’s secret sharing. See rejection of claim 1, regarding the teachings of Simon in [0033], [0045], and [46-47] regarding “encrypting, respectively, the plurality of key shards with the second devices public keys.” Thus, Simon teaches at least the symmetric key being encrypted by a plurality of public keys.
In contrast, Jarjoui teaches a private key being divided (“a plurality of encrypted key shards”) and the divided key again being subdivided (“sub shares of a plurality of encrypted key shard”), which is also related to Shamir’s secret sharing. (See Jarjoui in (4) / Col. 2, lines 24-26) 
Simon does not teach following features, in particular, Simon does not teach “sub shares”,
create sub shares of a plurality of encrypted key shards stored in a file, the plurality of encrypted key shards based on a first computing device's … key such that the … key can be reconstituted from the plurality of key shards, the plurality of encrypted key shards encrypted, respectively, with public keys of a first set of devices including the first computing device; 
However, Jarjoui teaches the above features, 
Jarjoui in fig. 8 (See S820, S830, and S840) and (63-64) / Col. 13, lines 61-64, Col. 14, lines 6-10, and Col. 14, lines 16-18, which teach the details of the double encryption of a first (inner) layer and a second (outer) layer. (See also, Jarjoui, (6) / Col. 3, lines 20-28)
Jarjoui in (96) / Col. 20, lines 52-58) teaches further dividing / sharding 5 key shares (which have already been divided) into sub-key shares. This portion of Jarjoui, much like Simon, teaches Shamir’s Secret Sharing. Further, a quorum (i.e., threshold under Shamir’s secret sharing) of at least 2 is needed to unlock the encrypted sub-key. 
encrypt the subshares with the second set of devices' public keys; and 
Jarjoui at the end of (96) / Col. 20, lines 54-58, teaches that the encryption techniques discussed earlier in Jarjoui, are used to encrypt the sub-key shares (“encrypting the subshares”), and that that unlocking of the sub-keys requires a quorum of 2.  The earlier discussed encryption techniques include, as stated above, Jarjoui in fig. 8 in S 820, S 830, and S 840 teaches the first and second level / layer of encryption.  
store the encrypted subshares on one or more non-transitory memory devices.
Jarjoui at the end of (96) / Col. 20, lines 56-58 teaches that two or more users have the sub-key shares. 
See also fig. 11, which depicts multiple users 1110, 1112, 1114, ect, that receive a transaction (“data”)  
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Simon, which teaches a symmetric key used to encrypt data that is stored in multiple components that are double encrypted using public keys of other devices, where a threshold number of the multiple components are needed to re-assemble the symmetric key, with Christensen, which teaches performing authentication on the part holders 1620 of fig. 21, which provides the public keys used to perform double encryption. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to authenticate a device that provides public keys for encryption, so that encrypted data is encrypted by keys of a known / authenticated device.  
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Simon, which teaches a symmetric key used to encrypt data that is stored in multiple components that are double encrypted using public keys of other devices, where a threshold number of the multiple components are needed to re-assemble the symmetric key, so that the symmetric key may be used to decrypt the encrypted data, with Jarjoui, a symmetric key used to encrypt data that is stored in multiple components that are double encrypted using public keys of other devices, where a threshold number of the multiple components are needed to re-assemble the symmetric key, so that the symmetric key may be used to decrypt the encrypted data, but further teaches: sub-sharding a component of the once encrypted symmetric key into even smaller components, which are further encrypted (double encrypted). One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability of sub-sharding / sub-fragmenting pieces (i.e., components) of a symmetric key to increase the number of components that have to be shared in order to reassemble the symmetric key.

Regarding claim 20, Simon and Jarjoui teach,
The first computing device of claim 19, wherein at least some of the subshares encrypted with the second set of devices' public keys are required to reconstitute the symmetric key.
Claim 20 is rejected using the same basis of arguments used to reject claim 8 above.

Regarding claim 21, Simon and Jarjoui teach,
The first computing device of claim 19, wherein instructions, when executed by the processor, further cause the first computing device to: 
in response to a request to access an encrypted object, collect a threshold of the subshares; 
reconstitute the symmetric key from the collected subshares; and 
decrypt the encrypted object stored in the non-transitory memory device with the reconstituted symmetric key.
Claim 21 is rejected using the same basis of arguments used to reject claim 9 above.

Regarding claim 22, Simon and Jarjoui teach,
The first computing device of claim 21, where in the reconstituting includes assembling the collected subshares and decrypting the subshares to obtain the encrypted symmetric key and decrypting the obtained encrypted symmetric key with second devices private keys.
Claim 22 is rejected using the same basis of arguments used to reject claim 10 above.

Regarding claim 23, Simon and Jarjoui teach,
The first computing device of claim 19, wherein the encrypted subshares include output generated by processing the symmetric key as input to a threshold cryptography data-sharing scheme.
Claim 23 is rejected using the same basis of arguments used to reject claim 11 above.


Claims 12 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Simon, in view of Christensen, in view of Jarjoui, in further view of Bachmann. 

Regarding claim 12, Bachmann teaches,
The method of claim 7, wherein the authenticating comprises: 
receiving a first set of words based on a hash of the second set of devices' public keys, the first set of words generated with a secure mnemonic generator;
 Bachmann in fig. 13 teaches performing a hash 22 on password 130 (“second device public keys”), where the password 130 replaces the document 20 (of figs. 3 and 8). (Bachmann [0068])
Bachmann in [0046-47] teaches performing a hash on a document 20 (or password of fig. 13) in step 22. Then, Bachmann in [0048-49] and steps 26-31 of fig. 3 teach dividing the hash and selecting words (noun, verb, adjective). (see also fig. 11, S112, where the 24 bit number is divided into three 8 bit numbers) Then, Bachmann in [0050] and steps 34 and 36 teach combining the selected words into a mnemonic.
hashing the second set of devices public keys and generating a second set words with the secure mnemonic generator; and 
Bachmann in fig. 8 teaches determining whether a particular document (i.e., password) is identical to a document version associated with a word mnemonic. Bachmann in [0056-58] teaches the details of fig. 8.
verifying the first and second sets of words match.
Bachmann in fig. 8 Step 85 compares the hash values to determine if there is a match.  
	Bachmann in [0030] and [0055] each teach determining whether two documents are the same by comparing the respective word mnemonics.
	Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Simon, which teaches a symmetric key used to encrypt data that is stored in multiple components that are double encrypted using public keys of other devices, where a threshold number of the multiple components are needed to re-assemble the symmetric key, so that the symmetric key may be used to decrypt the encrypted data, with Bachmann, which teaches using the hash of public keys to create a memorable word mnemonic. One of ordinary skill in the art would have been motivated to perform such an addition to provide the user with an easy to remember version of the password / public keys so that the public keys could be retrieved / remembered by the user without memorizing a random number / alphanumeric number.

Regarding claim 24, Simon , Jarjoui, and Bachmann teach,
The first computing device of claim 19, wherein the authenticating comprises: 
receiving a first set of words based on a hash of the second set of devices' public keys, the first set of words generated with a secure mnemonic generator; 
hashing the second set of devices public keys and generating a second set words with the secure mnemonic generator; and 
verifying the first and second sets of words match.
Claim 24 is rejected using the same basis of arguments used to reject claim 12 above.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571) 272-3942.  The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/B.W.A./

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495