DETAILED ACTION
This Non Final Office Action is in response to Request for Continued Examination filed on 04/28/2022. Claims 1 and 9 have been amended. Claims 11-12 have been newly added. Claims 1-12 filed on 03/27/2022 remain pending in the application.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 09/03/2020 are accepted.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/28/2022 has been entered.

	
	
Response to Arguments 
Applicant stated “Claim 1 is amended herein to more clearly recite a scenario (see diagram below) where decryption requires two keys (Key 2 & Key 3), and Key 2 is split into two parts, 2A and 2B. In this scenario, the sender sends Key 2A and key 3 to the recipient, and the recipient only gets Key 2B indirectly from a server, in response to the server receiving Key 2A. In new Claim 12, the sending computing system also sends the encrypted message to the recipient…The Zhang reference teaches a very different scenario. In Zhang, the recipient receives both Key 2A and Key 2B from the sender, and receives the encrypted message from the server (ISS). See diagram below… The distinctions between in these scenarios is not a mere design choice. First, currently amended Claim 1 requires decryption by both a first split key, and a second key. In contrast, Zhang only requires a split key. Second, in currently amended Claim 1, the sender does not necessarily even have the entire first key. This allows senders and recipients to utilize a trusted third party to complete the decryption process, and could for example, prevent a mole inside the sender from secretly sending the entire split key to an unauthorized recipient. Lambert teaches scenarios that utilize 2nd and 3rd decryption keys, but is still missing the trusted server that provides a missing part of a split decryption key. Clams 2 and 7-9 are all thought to be allowable over Zhang and Lambert by virtue of their dependence on currently amended Claim 1.”
	Examiner respectfully asserts that the teaching of Zhang in view of Lambert discloses the claim’s limitations of claim 1, as drafted. Particularly, Zhang discloses the access authorization server 103 illustrated in Figure 4 corresponding to the receiving device recited in claim 1, the first client device 101 corresponding to the sending device recited in claim 1, and further discloses the second client device 102 corresponding to the (server/service in drawing illustrated in the Remarks filed on 03/27/2022). Indeed, “Zhang discloses: the recipient receives both Key 2A and Key 2B from the sender”, where Key 2A is directly received by the recipient/receiver from the sender as disclosed in [0036, 0070], however, Key 2B is received by the recipient/receiver via the second client device 102, as disclosed in [0036, 0072, 0074], where the first client device 101, i.e. sender, after verifying that the second client device 102 is trusted and authorized, as disclosed in [0032], sends Key 2B to the second client device 102 (this is consistent with the speciation of the instant application where the remained of the key is sent from the sender to the service 130), and in turn, the second client device 102 sends Key 2B to the recipient/receiver. Therefore, a)  Key 2A is sent from the first client device 101, i.e. sender: first source, to the receiver and b) Key 2B is sent from the second client device 102, server, i.e. second source, to the receiver, where the first client device is different from the second client device as illustrated in Figure 4 of Zhang. Zhang further discloses “receives the encrypted message from the server (ISS)”, where the encrypted message is sent from the (ISS), illustrated in Figure 4 (405), to the recipient/receiver. However, the encrypted message is sent to the (ISS) from the first client device 101, i.e. sender. Therefore, Zhang discloses “receives the encrypted message from the first client device 101, i.e. sender, via the server (ISS) to the receivr”. With respect to “Second, in currently amended Claim 1, the sender does not necessarily even have the entire first key”, this is not clearly recited in the claims, furthermore, the specification of the instant application does not disclose the above remarks, for example, [0027-0038] discloses that the sender always holds the first key, e.g. keyA. With respect to “First, currently amended Claim 1 requires decryption by both a first split key, and a second key. In contrast, Zhang only requires a split key”, examiner submits that Zhang disclose deriving a decryption key from a second key, which include the first part and the second part, and an authorization code that determines validity and authentication of the process, and Zhang further discloses sending the “missing” part of the split key through the second client device 102, however, Zhang does not disclose requiring two keys, i.e. second key and third key, to derive a decryption key. Lambert discloses in e.g. [0044] the use of two different keys to generate a decryption key for decrypting data, where Lambert is relied upon to disclose the generation of a decryption key based on the above mentioned two keys. Therefore, Zhang in view of Lambert disclose all the limitation of claim 1.
	With respect to claim 11, newly found prior art: Boneh et. al. (US 20030081785 A1), hereinafter Boneh, is relied upon to explicitly disclose receiving a third key from the sending computing system, which is utilize in conjunction with a second key to device a decryption key. Please see detailed rejection below.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 2-6 and 10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. 
Claims 2-6 and 10 recite “the incomplete version of the second cryptographic key”, while it is understood that the second cryptographic key comprising a first part and a second part, however, it is not definitively clear, which “incomplete version” is referred to in the claims recitations. For examination purpose, the “incomplete version” is interpreted as described in the USC 103 rejection below.
Claim 3 recites “the complete second cryptographic key”, while it is understood that the second cryptographic key comprising a first part and a second part, however, it is not definitively clear what is meant by “the complete”. For examination purpose, the “complete…” is interpreted as described in the USC 103 rejection below.
Claim 5 recites “the service” and “the remainder of the first cryptographic key”, lacking antecedent basis. For examination purpose, they are interpreted as described in the USC 103 rejection below.
Claim 6 recites “the remainder of the second cryptographic key”, lacking antecedent basis. For examination purpose, they are interpreted as described in the USC 103 rejection below.
Claim 10 recites “the remainder”, lacking antecedent basis. For examination purpose, it is interpreted as described in the USC 103 rejection below.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2 and 7-9 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et. al. (US 20200084037 A1), hereinafter Zhang in view of Lambert (US 20190089532 A1), hereinafter Lambert.

Regarding claim 1 (Currently Amended), Zhang teaches a method of encrypting and decrypting a message (Zhang discloses [0019] “…data sharing method…In a case that the authentication succeeds, encrypted data obtained from the information sharing system 104 may be decrypted according to key information carried in the access request.”), comprising:
	an encrypting computing system using a first cryptographic key to encrypt the message (Zhang Figure 4, [0066] “In step 401, the first client 101 may hold an encryption key (i.e. first cryptographic key), and encrypt data to be uploaded to the information sharing system 104 to obtain a piece of encrypted data.”, [0089] “…a piece of encrypted data uploaded to a block of an information sharing system 104, the encrypted data being obtained by encrypting a piece of plaintext data according to the first key”, where, using an encryption key, the encrypted data is encrypted by the first client 101, i.e. sending device, as illustrated in Figure 4 (401), the element in the first client that performs the encryption corresponds to the encrypting computing system);  
a sending computing system sending the encrypted message to a receiving computing system (Zhang Figure 4, the client device 101, i.e. sending computing system, sends the encrypted data (401) to the access authorization server 103, i.e. receiving computing system, via the information sharing system 104 as disclosed in [0078] “The access authorization server 103 may further transmit a query request to the information sharing system 104, where the request carries the user identifier of the holder and the file identifier, so that the information sharing server 104 finds the associated encrypted data according to the user identifier of the holder and the file identifier, and returns the encrypted data to the access authorization server 103.”));
the receiving computing system using a decrypting computing system to decrypt the message (Zhang [0079] “In step 406, the access authorization server 103 may decrypt the encrypted data by using the complete key obtained in step 405.”), 
the decrypting computing system using a decryption key derived from both a second cryptographic key and a third [cryptographic key] to decrypt the message (Zhang [0076] “In step 405, the access authorization server 103 may extract the data viewing token, the user identifier of the holder, and the file identifier from the received viewing request, extract the authorization code from the data viewing token, and determine whether the authorization code is valid”, [0077] “If it is determined that the authorization code is valid, the access authorization server 103 may obtain the first half of the key associated with the authorization code, extract the second half of the key from the data viewing token, and combine the first half of the key and the second half of the key to form a complete key.”, [0089] “…the key module 803 configured to generate a second key according to the incomplete key and the first part of the first key corresponding to the encrypted data…decryption module 804 configured to obtain the encrypted data from the block of the information sharing system 104, and decrypt the encrypted data according to the second key”, where an authorization code embedded in a token can be construed as a third  element, where the derivation/generation of a decryption key is based on 1) determining that the authorization code, which was embedded in a token is valid, then 2) combining the two incomplete keys to form/generate a second key used for decryption, which in this case is based on the combination of the incomplete and remainder portions of the second key); and
	wherein the receiving computing system receives a first part of the second cryptographic key from a first source, and a second part of the second cryptographic key from a second source different from the first source (Zhang illustrates in Figure 4 the access authorization server 103, corresponding to the  receiving computing system, receiving the first half of the key from the first client 101, as disclosed in [0070] “In step 402, the first client 101 may upload, to the access authorization server 103, the first half of the key used for encryption in step 401”, and receiving the second half of the key from the second client 102, as disclosed in [0072, 0074], e.g. [0072] “In step 403, the first client 101 may combine the second half of the key used for encryption in step 401 and the received authorization code to form a data viewing token, and associate the data viewing token with the file identifier of the encrypted data.”, [0074] “In step 404, the second client 102 may transmit a viewing request to the access authorization server 103 after holding the data viewing token, where the request carries the user identifier of the holder of the encrypted data, the file identifier, and the data viewing token.”, Therefore, the access authorization server 103 receives the first part and the second part of the key, i.e. second key, from different sources, i.e. the first client 101 and second client 102, respectively).
	Zhang discloses the aforementioned limitations, where a data at the sender is encrypted by a cryptographic key, and at the receiver, a decryption key is derived from retrieving and combining two cryptographic key parts of a second key, given that an authorization code is valid, where the two cryptographic key parts of the second key for decrypting the data can be construed as two keys,  however, Zhang does not explicitly disclose deriving the decryption key from two keys/elements, i.e. second and third, in order to cryptographically generate a decryption key that decrypts the encrypted data.
Lambert discloses encrypting a message using a first cryptographic key and the decrypting computing system using a decryption key derived from both a second cryptographic key and a third cryptographic key to decrypt the message (Lambert discloses a message in [0044] an encryption key, corresponding to a first encryption key, which is used by a device to encrypt information before transmission, “the shared key 216 is used to encrypt information prior to transmission to the responder 204 and decrypt information received from the responder 204.”, Lambert further disclose encryption key for encryption and decryption of information between devices, where the encryption key is generated/derived based on a public key, corresponding to the second key, and private key corresponding to the third key, [0044] “…the initiator 202 may generate a master or shared key based on a public key of the responder 204 and a private key…the shared key 216 is used to encrypt information prior to transmission to the responder 204 and decrypt information received from the responder 204. Alternately or additionally, the initiator 202 may generate the shared key 216 based on a nonce, other key input information, or a combination of static and ephemeral keys.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Zhang to incorporate the teaching of Lambert to utilize the above feature, with the motivation of secure device authentication and secure communication between devices using shared key, as recognized by (Lambert Abstract).

Regarding claim 2 (Previously Presented), Zhang in view of Lambert teaches the method of claim 1, wherein the incomplete version of the second cryptographic key further comprises at least one of: a truncated version of the second cryptographic key; and a divided version of the second cryptographic key (Zhang [0029] “…the key may be a character string, and the character string used as the key may be divided into two character strings that are used as a first part and a second part of the key…during division of the key, a character string with a certain length may be divided according to a preset character string length value (that is, a preset quantity of characters included in a character string) to serve as the first part of the key, and then the rest of the character string is used as the second part of the key”)..  

Regarding claim 7 (Original), Zhang in view of Lambert teaches the method of claim 1, 
Zhang discloses the partial keys of the second key, and further discloses authorization code as described above in claim1, however, Zhang does not disclose the below limitations.
Lambert discloses wherein the second cryptographic key comprises a public key and the third cryptographic key comprises a private key (Lambert disclose encryption key for encryption and decryption of information between devices, where the encryption key is generated/derived based on a public key, corresponding to the second key, and private key corresponding to the third key [0044] “…the initiator 202 may generate a master or shared key based on a public key of the responder 204 and a private key…the shared key 216 is used to encrypt information prior to transmission to the responder 204 and decrypt information received from the responder 204. Alternately or additionally, the initiator 202 may generate the shared key 216 based on a nonce, other key input information, or a combination of static and ephemeral keys.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Zhang to incorporate the teaching of Lambert to utilize the above feature, with the motivation of secure device authentication from two different keys, as recognized by (Lambert Abstract).

Regarding claim 8 (Original), Zhang in view of Lambert teaches the method of claim 7, 
Zhang does not disclose the below limitations.
Lambert discloses wherein the decryption key comprises a second private key (Lambert [0090] “At 614, a second encryption key is generated based on a private key of the device and the public key of the remote device.”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Zhang to incorporate the teaching of Lambert to utilize the above feature, with the motivation of secure device authentication, as recognized by (Lambert Abstract).
 
Regarding claim 9 (Currently Amended), Zhang in view of Lambert teaches the method of claim 1, 
wherein the first cryptographic key and the decryption key are symmetrical cryptographic keys (Zhang [0089] “…generate a second key according to the incomplete key and the first part of the first key corresponding to the encrypted data, the generated second key being the same as the first key in a case that the incomplete key is the same as the second part of the first key… decrypt the encrypted data according to the second key”, where the generated decryption key is the same key used to encrypt the plaintext data, which indicates that symmetrical cryptographic keys).
  
Regarding claim 12 (New), Zhang in view of Lambert teaches the method of claim 1, wherein the first source comprises the sending computing system (Zhang illustrates in Figure 4 the access authorization server 103, corresponding to the  receiving computing system, receiving the first half of the key from the first client 101, as disclosed in [0070] “In step 402, the first client 101 may upload, to the access authorization server 103, the first half of the key used for encryption in step 401”, and receiving the second half of the key from the second client 102, as disclosed in [0072, 0074], e.g. [0072] “In step 403, the first client 101 may combine the second half of the key used for encryption in step 401 and the received authorization code to form a data viewing token, and associate the data viewing token with the file identifier of the encrypted data.”, [0074] “In step 404, the second client 102 may transmit a viewing request to the access authorization server 103 after holding the data viewing token, where the request carries the user identifier of the holder of the encrypted data, the file identifier, and the data viewing token.”, Therefore, the access authorization server 103 receives the first part and the second part of the key, i.e. second key, from different sources, i.e. the first client 101 and second client 102, respectively, where the sending device, i.e. client 101, corresponds to the first source).

Claims 3 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang in view of Lambert and further in view of Lambert (US 8885820 B1), hereinafter Lambert2 and Obata et. al. (US 6072876 A), hereinafter Obata.

Regarding claim 3 (Original), Zhang in view of Lambert teaches the method of claim 1, 
Lambert2 discloses wherein the complete second cryptographic key is a quasi-prime number, [and the incomplete version of the second cryptographic key is] a first prime number that is a factor of the quasi-prime number (Lambert2 discloses a key value may be a semi-prime number, Col. 4 line 32-40 “…checking whether the key 150 is a semi-prime number”, where semi-prime numbers, i.e. quasi-prime numbers, mathematically, are the product of two prime numbers, indicating a first and second prime number factors of any semi-prime number). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Zhang in view of Lambert to incorporate the teaching of Lambert2 to utilize the above feature, with the motivation of ensuring a secure key that complies with cryptographic standard, as recognized by (Lambert2 Col. 4 line 55-56, line 60-66).
While Zhang in view of Lambert and Lambert2 disclose the above limitations. Lambert2 explicitly disclose the concept of cryptographic key being a semi-prime/quasi-prime number, where semi-prime numbers are mathematically is the product of two prime numbers indicating a first and a second prime number factors, where it would have been obvious for one of ordinary skill in the art before the effective date of the claimed invention to conceive of two prime numbers as two parts of the key, however, Zhang in view of Lambert and Lambert2 do not explicitly disclose the incomplete version, i.e. the partial key is a prime number.
  Obata discloses the incomplete version of the second cryptographic key is a first prime number (Obata discloses in Col. 8 line 48-50 “…generating a new first partial private key and a new Second partial private key from the prime numbers p and q.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Zhang in view of Lambert and Lambert2 to incorporate the teaching of Obata to utilize the above feature, with the motivation of maintain the private key more safely, without carrying the private key of different prime numbers in one location, as recognized by (Obata Abstract).

 Regarding claim 5 (Original), Zhang in view of Lambert, Lambert2 and Obata teaches the method of claim 3, 
Zhang discloses the service comprises the sending computing device (Zhang discloses in [0089] the service of providing the remaining part of the key, which is performed by the first client 101, corresponding to the sending device, via the second client 102)
Zhang in view of Lambert do not disclose below limitations.
Lambert2 discloses [the remainder of the first cryptographic key comprises] a second prime number that is a second factor of the quasi-prime number (Lambert2 discloses a key value may be a semi-prime number, Col. 4 line 32-40 “checking whether the key 150 is a semi-prime number”, where semi-prime numbers, mathematically, are the product of two prime numbers, indicating a first and second prime number factors of any semi-prime number). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Zhang in view of Lambert to incorporate the teaching of Lambert2 to utilize the above feature, with the motivation of ensuring a secure key that complies with cryptographic standard, as recognized by (Lambert2 Col. 4 line 55-56, line 60-66).
While Zhang in view of Lambert and Lambert2 disclose the above limitations. Lambert2 explicitly disclose the concept of cryptographic key being a semi-prime/quasi-prime number, where semi-prime numbers are mathematically is the product of two prime numbers indicating a first and a second prime number factors, where it would have been obvious for one of ordinary skill in the art before the effective date of the claimed invention to conceive of the two prime numbers as two parts of the key, however, Zhang in view of Lambert and Lambert2 do not explicitly disclose the incomplete version, i.e. the partial key is a prime number.
Obata discloses the remainder of the first cryptographic key comprises a second prime number (Obata discloses in Col. 8 line 48-50 “…generating a new first partial private key and a new Second partial private key from the prime numbers p and q.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Zhang in view of Lambert and Lambert2 to incorporate the teaching of Obata to utilize the above feature, with the motivation of maintain the private key more safely, without carrying the private key with two prime numbers in one location, as recognized by (Obata Abstract).

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang in view of Lambert, Lambert2, Obata and further in view of Bunch et. al. (US 20190238323 A1), hereinafter Bunch.
  
Regarding claim 4 (Original), Zhang in view of Lambert, Lambert2 and Obata teaches the method of claim 3, 
Zhang discloses a partial key of cryptographic key, i.e. incomplete version of the second cryptographic key, Obata discloses partial key from a prime number, however, Zhang in view of Lambert, Lambert2 and Obata do not disclose prime number corresponding to a cryptographic key is reduced/truncated.
Bunch discloses wherein the incomplete version of the second cryptographic key is a truncated version of the first prime number (Bunch discloses in [0033] the use of reduced/minimized in size prime number for partial keys, “to reduce and/or minimize a size of the prime number used, the master key MK may be split into portions (e.g., 32 bit chunks in some examples, 16 bit chunks” indicating that the partial/incomplete version of a key utilizes reduced size of a prime number).
  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Zhang in view of Lambert, Lambert2 and Obata to incorporate the teaching of Bunch to utilize the above feature, with the motivation of reducing a large prime number size sufficient for key share techniques, as recognized by (Bunch [0033]).

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang in view of Lambert and further in view of Worthy (US 20080107274 A1), hereinafter Worthy.

Regarding claim 6 (Original), Zhang in view of Lambert teaches the method of claim 1, 
Zhang discloses in e.g. [0041] expiration time of authentication code, where the combining the partial keys, corresponding to the second key parts is contingent on the validity of the authorization code, however, Zhang in view of Lambert do not explicitly disclose the partial keys of the keys change over time.
Worthy discloses wherein the remainder of the second cryptographic key changes over time (Worthy [0037 “the encryption codes and keys may have portions that continuously change over time, to prevent their replication”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Zhang in view of Lambert to incorporate the teaching of Worthy to utilize the above feature, with the motivation of preventing replications of the key, as recognized by (Worthy [0037]).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Zhang in view of Lambert and further in view of Lambert (US 8885820 B1), hereinafter Lambert2 and Obata et. al. (US 6072876 A), hereinafter Obata and further in view of Miller (US 9674162 B1), hereinafter Miller.

Regarding claim 10. (Previously Presented), Zhang in view of Lambert, Lambert2 and Obata teaches the method of claim 5, further comprising 
Zhang in view of Lambert do not disclose the below limitations.
Lambert2 discloses wherein the [third] prime number and [fourth] prime number are both factors of the quasi-prime number (Lambert2 discloses a key value may be a semi-prime number, Col. 4 line 32-40 “…checking whether the key 150 is a semi-prime number”, where semi-prime numbers, i.e. quasi-prime numbers, mathematically, are the product of two prime numbers, indicating a third and fourth prime number factors of any semi-prime number).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Zhang in view of Lambert to incorporate the teaching of Lambert2 to utilize the above feature, with the motivation of ensuring a secure key that complies with cryptographic standard, as recognized by (Lambert2 Col. 4 line 55-56, line 60-66).
Zhang in view of Lambert and Lambert2 do not disclose the below limitations.
Obata discloses changing incomplete version of the second cryptographic key [to a third prime number] and the remainder [to a fourth prime number] (Obata discloses in Col. 8 line 48-50 “…generating a new first partial private key and a new Second partial private key from the prime numbers p and q.”). Col. 9 line 62-64 “…at the partial private key generation unit 220, using the prime numbers p and q in the deposit key information, the partial private keys are changed…”, Col. 11 line 61-61 “….the two partial private keys of the user can be changed at any time, without changing the public key kp.”, where the keys or key parts which comprises of prime numbers as disclosed above may be updated by updating the primary numbers governing he aforementioned keys/key parts) 
Zhang in view of Lambert and Lambert2 and Obata discloses the above limitations, where Obata disclose changing the partial keys. However, Zhang in view of Lambert and Lambert2 and Obata do not disclose that the partial keys are changed based on changing the prime numbers
Miller discloses changing the prime numbers, i.e. third and fourth prime numbers (Miller discloses changing new set of prime numbers in order to update keys, key pair, Col. 3 line 42-44 “the computing device generates a new private key using a different set of the prime numbers”, Col. 14 line 25-28 “the computing device can be configured to receive a new set of prime numbers from the provisioning server, and use the new set of prime numbers to generate a new RSA key pair”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Zhang in view of Lambert, Lambert2 and Obata to incorporate the teaching of Miller to utilize the above feature, with the motivation of impeding attacks using compromised keys, as recognized by (Miller Col. 18 line 57-62).


Claim 11 are rejected under 35 U.S.C. 103 as being unpatentable over Zhang et. al. (US 20200084037 A1), hereinafter Zhang in view of Lambert (US 20190089532 A1), hereinafter Lambert and further in view of Boneh et. al. (US 20030081785 A1), hereinafter Boneh.

Regarding claim 11 (New), Zhang in view of Lambert teaches the method of claim 1, wherein the decrypting computing system receives both (a) the first part of the second cryptographic key [and (b) the third cryptographic key] from the sending computing system (Zhang illustrates in Figure 4 the access authorization server 103, corresponding to the  receiving computing system, receiving the first half of the key from the first client 101, as disclosed in [0070] “In step 402, the first client 101 may upload, to the access authorization server 103, the first half of the key used for encryption in step 401”, and receiving the second half of the key from the second client 102, as disclosed in [0072, 0074], e.g. [0072] “In step 403, the first client 101 may combine the second half of the key used for encryption in step 401 and the received authorization code to form a data viewing token, and associate the data viewing token with the file identifier of the encrypted data.”, [0074] “In step 404, the second client 102 may transmit a viewing request to the access authorization server 103 after holding the data viewing token, where the request carries the user identifier of the holder of the encrypted data, the file identifier, and the data viewing token.”, Therefore, the access authorization server 103 receives the first part and the second part of the key, i.e. second key, from different sources, i.e. the first client 101 and second client 102, respectively, where the sending device, i.e. client 101, corresponds to the first source).
Zhang in view of Lambert disclose the aforementioned and Lambert further discloses, as described in claim 1, using the received second and third cryptographic keys to derive a decryption key for decrypting data, however, Zhang in view of Lambert do not explicitly disclose receiving the third key from the sending computing system.  
Boneh discloses receiving a third key from the sending computing system  (Boneh illustrates in Figure 1 the sender encrypts a message to be sent to a receiver, and the receiver receiving two types of keys, one is received from the sender, i.e. rP construed as the third key, and one that is received from the PKG system 120, i.e. dID construed as the second key, [0045] “The sender may then send an encrypted message together with rP to the receiver. The receiver then receives rP and uses it together with the private key sQ.sub.ID to compute the secret message key g.sub.ID.sup.r=(sQ.sub.ID, rP). This secret message key is equal to the secret message key computed by the sender because of the bilinearity of the map. This computed element g.sub.ID.sup.r.epsilon..sub.2 is thus an identity-based secret of the sender which the receiver may compute using the element rP and the private key sQ.sub.ID. This secret may be used as a message key for cryptographic communication between the sender and receiver.”, [0064] “as illustrated in FIG. 1. A sender 100 uses Encrypt, a receiver 110 uses Decrypt, and a PKG 120 uses Setup and Extract. To send a message M to receiver 110, the sender 100 obtains an ID of the receiver (e.g., the receiver's e-mail address) and combines it with a randomly selected integer r to compute a secret message key g.sub.ID.sup.r. The element rP is sent to receiver 110 who combines it with a private key d.sub.ID to determine the same message key g.sub.ID.sup.r. Because the sender and receiver share the secret message key, a message encrypted with the key by the sender can be decrypted by the receiver. In particular, the sender encrypts M with the message key to produce ciphertext V which is communicated with rP to the receiver. The receiver then uses the secret message key to decrypt the ciphertext to recover the original message.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Zhang in view of  Lambert to incorporate the teaching of Boneh to utilize the above feature, with the motivation of deriving a cryptographic message key at the sender and receiver and establishing cryptographic communication between a sender and a receiver , as recognized by (Boneh [0045]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Su (JP 2007336556 A) discloses a receiving device retrieves a public key of the sender and a private key of the recipient from a server and decrypts the received
document using the retrieved keys.	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BASSAM A NOAMAN/Examiner, Art Unit 2497