DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Notice of Supplemental Office Action
	This Supplemental Office Action is responsive to application 16/147,490 that the Applicant filed on September 8, 2020 and presented 21 claims.  This Supplemental Office Action is identical to the May 9, 2022 Office Action except that it includes the PE2E search notes that were not attached with the May 9, 2022 Office Action.  This Supplemental Office Action supersedes the May 9, 2022 Office Action.
Drawings
The drawings are objected to because in Fig. 2A the reference numeral 205 incorrectly illustrate “Public Key pk:” and it should seemingly illustrate “Private Key sk:” as described in ¶ [0033] of the specification as filed.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: 
267 and 270 in Fig. 2B;
410B in Fig. 4B (noting 420A in ¶ [0050] should mostly likely be amended to be 410B); and
1044 in Fig. 10;
Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The following conventions apply to the mapping of the prior art to the claims:
Italicized text – claim language.
Parenthetical plain text – Examiner’s citation and explanation.
Quotation marks – language quoted from a prior art reference.
Underlining – language quoted from a claim.
Brackets – material altered from either a prior art reference or a claim, which includes the Examiner’s explanation that relates a claim limitation to the quoted material of a reference.
Braces – a limitation previously addressed in the primary reference analysis, but presented to provide context to a further limitation addressed in a secondary reference analysis.
Numbered footnote – a first phrase to be moved upwards to the primary reference analysis.
Lettered footnote – a second phrase to be moved after the movement of the first phrase from which it was lifted, or more succinctly, move numbered material first, lettered material last.
A.	Claims 1-4, 8-11, and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Vacek et al. (US 2022/0086009, “Vacek”) in view of Di Nicola (US 2019/0354972, “Di Nicola”), and further in view of Vivek et al. (US 2020/0353167, “Vivek”).
Regarding Claim 1
Vacek discloses
An apparatus (Fig. 1, ¶ [0007], i.e., collectively the “key management system”), comprising: a computer readable memory (¶ [0050], “According to a third aspect, this invention therefore relates also to a computer program product directly loadable into the memory of at least one computer, comprising software code instructions for performing the steps of the method according to the first or second aspect when said product is run on the computer.”); 
a plurality of hardware security modules (¶ [0073], “In these paragraphs, the plurality of tamper-proof computing devices comprises two or more HSMs that are asked to issue these signatures in parallel by the manager device.”), at least a first hardware security module in the plurality of hardware security modules comprising processing circuitry (Fig. 4A, ¶ [0087], “Therefore, during a third step S3, for each message to be signed, the manager device selects a tamper-proof computing device [as a first hardware security module, with a “computing device” possessing processing circuitry] for signing the message and assigns one generated slave merkle tree to the selected tamper-proof computing device.;” and ¶ [0073], “In these paragraphs, the plurality of tamper-proof computing devices comprises two or more HSMs that are asked to issue these signatures in parallel by the manager device.”) to: 
generate a first plurality of pairs of cryptographic key pairs comprising a first plurality of private keys and a first plurality of public keys (Fig. 4A, ¶¶ [0075]-[0076], “During a second step S2, the manager device of the KMS triggers the generation of a predetermined number [or a plurality] of slave merkle trees 301. Each leaf of a slave merkle tree is an OTS public key associated to an OTS private key. These are the keys that will be used by the HSM to issue signatures of the messages to be signed,” i.e., a plurality of private keys are generate[d] upon the creation of Merkle trees, and with one leaf of a tree comprising a public key, each tree comprises a pair[] of cryptographic key pairs comprising a [] private key[] and a [] public key[], with the first of a plurality of trees possessing one private key and at least one public key thereby forming a first plurality of private keys and a first plurality of public keys); 
forward the first plurality of public keys to a remote computing device (¶¶ [0078]- [0079], “If it is not, the OTS public keys may be generated by a tamper-proof device. In a first embodiment, the tamper-proof device may send [and thereby forward] only the OTS public keys to the manager device [as a remote device];” and Fig. 1, ¶ [0059], “As described on FIG. 1, such a signature generation takes place in a key management system KMS 100, comprising a manager device 101. Such a device may for example be a personal computer or a server,” i.e., the “manager device 101” as a “server” suggests a remote device); 
receive, from the remote computing device, a first plurality of ciphertexts (¶ [0068], “In the method described here below, all the data transmitted from one device of the KMS to another device of the KMS using the computer network 105 may be encrypted [to create a cipher text] in order to prevent any attacker from getting knowledge of such data;” and ¶ [0115], “In such a case, the method according to the invention may comprise a seed transfer step S83 during which the manager device [as the remote computing device] sends to the HSM [and thereby receive[s]] a seed;” and a plurality of ciphertexts being created in association with the plurality of HSMs and the generation of a plurality of Merkle trees), 
wherein each ciphertext in the plurality of ciphertexts represents an encryption of a cryptographic seed (¶¶ [0114]-[0115], “In such a case, the method according to the invention may comprise a seed transfer step S83 during which the manager device sends to the HSM a seed,…”) with a public key selected from the plurality of public keys (¶ [0068] and ¶¶ [0078]- [0079], i.e., public keys are forwarded to the “manager device” as the remote computing device, and data transmitted between devices may be encrypted, thus the “manager device” encrypts the seed via a selected public key to be transmitted and sent to the associated selected HSM, and the HSM selected to implement the Merkle tree can decrypt the transmitted data via the private key associated with the selected public key); 
1 …; and
2 …; or
3 ….
Vacek doesn’t disclose
1 receive, from a subset of hardware security modules in the plurality of hardware security modules, a subset of private keys; and 
2 generate at least one of: 
a first signal when the subset of private keys comprises a number of private keys that exceeds a threshold; or 
3 a second signal when the subset of private keys comprises a number of private keys that does not exceed a threshold.
Di Nicola, however, discloses
1 receive, from a subset of hardware security modules in the plurality of hardware security modules, a subset of private keys (Fig. 3, ¶¶ [0036]-[0037], “The master device (e.g., Device 2 [as an HSM]) receives portion 333 [as a private key] of the master private key from Device 3 [as an HSM] and portion 444 [as a private key] of the master private key rom Device 4 [as an HSM],” i.e., Devices 2, 3, and 4 create a subset of hardware security modules, and the “portions” used to recover the master private key serve as private keys and the collection of the private keys creating a subset of private keys, noting there is nothing within the claims that establishes a relationship between the subset of private keys and the plurality of private keys); and 
2 generate at least one of: 
a first signal when the subset of private keys comprises a number of private keys that exceeds a threshold (¶ [0036], “For example, K is a parameter of an algorithm comprising a threshold number of the plurality master private key portions [as a subset of private keys] necessary for later reconstruction of the master private key [as or involving a first signal], the threshold number of the plurality master private key portions being a subset of the plurality master private key portions [as private keys].”); or 
Vivek, however, discloses
3 a second signal when the subset of private keys comprises a number of private keys that does not exceed a threshold (¶ [0058], “If there are fewer than [and does not exceed] the threshold number of secret shares [comprising the subset of private keys], then a valid digital signature may be impossible or computationally infeasible to determine. In this instance, the authorization process may be aborted, and/or an error message [as a second signal] or other failure message may be returned to the application server 500.”).
Regarding the combination of Vacek and Di Nicola, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the signature system of Vacek to have included the private key feature of Di Nicola. One of ordinary skill in the art would have been motivated to incorporate the threshold/private key feature of Di Nicola because Di Nicola discusses the problem of “safeguard[ing a] private key,” see Di Nicola ¶ [0026], and Di Nicola provides a system that “allows for a safe creation, custody, recovery, and management of a digital asset” and “effectively prevent the loss or theft of digital assets,” see Di Nicola ¶ [0027].
Regarding the combination of Vacek-Di Nicola, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the signature system of Vacek-Di Nicola to have included the messaging feature of Vivek. One of ordinary skill in the art would have been motivated to incorporate the messaging feature of Vivek because Vivek teaches that if an insufficient number of secret shares are available, then “a valid digital signature may be impossible or computationally infeasible to determine,” and an error message is an appropriate for the circumstances,” see Vivek ¶ [0058].
Regarding Claim 2
Vacek in view of Di Nicola and further in view of Vivek (“Vacek-Di Nicola-Vivek”) discloses the apparatus of claim 1, and Vacek further discloses
wherein the at least a first hardware security module in the plurality of hardware security modules comprising processing circuitry (Fig. 4A, ¶¶ [0073], [0087]) to: 
Vivek discloses
generate an error message when the subset of private keys comprises a number of private keys that does not exceed the threshold (¶ [0058]).
Regarding the rationale to combine Vacek-Di Nicola and Vivek, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 2.
Regarding Claim 3
Vacek-Di Nicola-Vivek discloses the apparatus of claim 1, and Vacek further discloses 
wherein the at least a first hardware security module in the plurality of hardware security modules comprising processing circuitry (Fig. 4A, ¶¶ [0073], [0087]) to: 
decrypt the cryptographic seed (¶ [0068] and ¶¶ [0078]- [0079], i.e., data transmitted between devices may be encrypted, thus the “manager device” encrypts the seed via a selected public key to be transmitted and sent to the associated selected HSM, and the HSM selected to implement the Merkle tree can decrypt the transmitted data comprising the cryptographic seed via the private key associated with the selected public key) when the subset of private keys comprises a number of private keys that exceeds the threshold (Di Nicola Fig. 3, ¶¶ [0036]-[0037], i.e., with a sufficient number of subset of private keys, the master private key can be determined to decrypt the cryptographic seed that was received from the “manager device”/remote computing device).
Regarding the rationale to combine Vacek and Di Nicola, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 3.

Regarding Claim 4
Vacek-Di Nicola-Vivek discloses the apparatus of claim 3, and Vacek further discloses 
wherein the at least a first hardware security module in the plurality of hardware security modules comprising processing circuitry (Fig. 4A, ¶¶ [0073], [0087]) to: 
generate a first plurality of digital signatures for a first plurality of leaf nodes in a Merkle tree (Fig. 3, ¶ [0076], “During a second step S2, the manager device of the KMS triggers the generation of a predetermined number [or plurality] of slave Merkle trees 301. Each leaf [node] of a slave merkle tree is an OTS public key associated to an OTS private key. These are the keys that will be used by the HSM to issue [digital] signatures of the messages to be signed.”).
B.	Claims 5-7, 12-14, and 19-21 are rejected under 35 U.S.C. 103 as being unpatentable over Vacek in view of Di Nicola and Vivek, and further in view of Norum (US 2020/0059373, “Norum”).
Regarding Claim 5
Vacek-Di Nicola-Vivek discloses the apparatus of claim 1, and Di Nicola further discloses 
wherein the threshold is…1 (Fig. 3, ¶¶ [0036]-[0037], “a threshold number of the plurality master private key portions [as a subset of private keys] necessary for later reconstruction of the master private key”) 
Vacek-Di Nicola-Vivek doesn’t disclose
1 …a static threshold that represents a fixed number of hardware security modules.
Norum, however, discloses
1 …a static threshold that represents a fixed number of hardware security modules (¶¶ [0024]-[0026], “The load balancer may also monitor the virtual HSM and determine whether the [HSM] fleet size should be increased, decreased, or remain unchanged,” i.e., when the number of HSMs “remain unchanged” and thereby fixed, then there is no reason to change the threshold number of “private key portions” that are required to regenerate the private key and that represent[] a fixed number of hardware security modules since each HSM can donate one “private key portion”).
Regarding the combination of Vacek-Di Nicola-Vivek and Norum, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the signature system of Vacek-Di Nicola-Vivek to have included the dynamic/static threshold feature of Norum. One of ordinary skill in the art would have been motivated to incorporate the dynamic/static threshold feature because Norum teaches a system that can beneficially “accommodate a rate of requests” to efficiently manage the number of HSMs in a fleet, see Norum ¶¶ [0025]-[0026].   
Regarding the rationale to combine Vacek and Di Nicola, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 5.
Regarding Claim 6
Vacek-Di Nicola-Vivek discloses the apparatus of claim 1, and Di Nicola further discloses 
wherein the threshold is…1 (Fig. 3, ¶¶ [0036]-[0037], “a threshold number of the plurality master private key portions [as a subset of private keys] necessary for later reconstruction of the master private key”) 
Vacek-Di Nicola-Vivek doesn’t disclose
1 …a dynamic threshold that represents a variable number of hardware security modules.
Norum, however, discloses
 1 …a dynamic threshold that represents a variable number of hardware security modules (¶¶ [0024]-[0026], “The load balancer may also monitor the virtual HSM and determine whether the [HSM] fleet size should be increased, decreased, or remain unchanged,” i.e., when the number of HSMs is “decreased,” then the threshold number of “private key portions” must comprise a dynamic threshold to prevent the situation where the required number of “private key portions” exceeds the number of HSMs, meaning the threshold could never be met and the private key recovered).
Regarding the rationale to combine Vacek and Di Nicola, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 6.
Regarding the rationale to combine Vacek-Di Nicola-Vivek and Norum, the rationale to combine is the same as provided for claim 5 due to the overlapping subject matter of claims 5 and 6.
Regarding Claim 7
Vacek-Di Nicola-Vivek discloses the apparatus of claim 1, and Vacek further discloses 
further comprising
1 …one of the first hardware security module or a second hardware security module to generate a signature (¶ [0086], “In another embodiment, such an assignment may be dynamic. Each slave merkle tree may be assigned to a [first] HSM just for the issuance of one signature. The same slave merkle tree may be assigned to another [second] HSM for another signature issuance at a later time, after the issuance process of the first signature is over.”).
Vacek-Di Nicola-Vivek doesn’t disclose
1 a state synchronization manager comprising: a load balancer to select…
Norum, however, discloses
1 a state synchronization manager comprising: a load balancer to select… (¶ [0028], “The virtual HSM may include various subcomponents such as a fleet of HSMs 110 that includes one or more HSMs 112A and 112B, a load monitor 114, and a load balancer 116;” and ¶ [0054], “In some embodiments, such a design would result in improved performance when adding and removing HSMs to and from the fleet, respectively, as less key material would need to be synchronized [via a synchronization manager that involves the load balancer to manage requests] and removed when an unused HSM is added to and removed from the fleet, respectively.)
Regarding the combination of Vacek-Di Nicola-Vivek and Norum, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the signature system of Vacek-Di Nicola-Vivek to have included the load balancer of Norum. One of ordinary skill in the art would have been motivated to incorporate the load balancer because Norum teaches a system that relies upon a load balancer to beneficially “accommodate a rate of requests” to efficiently manage the number of HSMs in a fleet, see Norum ¶¶ [0025]-[0026].   
Regarding Independent Claims 8 and 15
With respect to independent claims 8 and 15, a corresponding reasoning as given earlier for independent claim 1 applies, mutatis mutandis, to the subject matter of claim 1. Therefore, claims 8 and 15 are rejected, for similar reasons, under the grounds set forth for claim 1.
Regarding Dependent Claims 9-14 and 16-21
With respect to dependent claims 9-14 and 16-21, a corresponding reasoning as given earlier for dependent claims 2-7 applies, mutatis mutandis, to the subject matter of claims 9-14 and 16-21. Therefore, claims 9-14 and 16-21 are rejected, for similar reasons, under the grounds set forth for claims 2-7.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405. The examiner can normally be reached Monday-Friday 9:00-5:00 Mountain Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/D'Arcy Winston Straub/Examiner, Art Unit 2491