DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claims 4, 8, and 11 are objected to because of the following informalities:  
Claim 4 recites “and threshold ECC-EIGamal decryption scheme, threshold Paillier decryption scheme”.  The “and” should be before the last item in the list.  
Claim 8 recites “performing the steps of performing a method”.  The phrase “performing the steps of” should be deleted.
Claim 11 has a dash after “configured to:” which needs deleted.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-11 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites “a first entity of said plurality of entities, owner of data to be shared”.  This is unclear.  How is “owner” grammatically connected to the rest of the limitation?  Perhaps this should read, “who is an owner of data to be shared”.
Claim 1 recites “encrypting data to be shared”.  Is this the data previously recited?  If so, it should read “encrypting said data to be shared”.  
Claim 1 recites “said generated first cryptographic encryption key”.  This lacks sufficient antecedent basis.  The cryptographic encryption key was obtained, not generated.  
Claim 1 recites “sharing encrypted data”.  Is this the same data that was encrypted in the previous step?  Then it should recite “sharing said encrypted data”.
Claim 3 recites “obtaining said requested data encrypted with the first cryptographic encryption key”.  This phrase lacks sufficient antecedent basis.  The requested data has not been encrypted in previous steps.  Also “the first cryptographic encryption key” lacks sufficient antecedent basis.
Claim 3 recites “the determined first encryption algorithm” lacks sufficient antecedent basis.  
Claim 3 recites “a plurality of trusted decrypting entities, among said trusted entities”.  The term “said trusted entities” is unclear.  Are these the trusted decrypting entities?  Or is it referring back to the devices called entities?
Claim 3 recites “each using the first cryptographic decryption key secret share transmitted to it by the first entity”.  No transmission step was previously recited.
Claim 3 recites “said prerequisites”.  This lacks sufficient antecedent basis.
Claim 5 recites “the first smart contract” which lacks sufficient antecedent basis.
Claim 5 recites “only if prerequisites verified by the first smart contract are fulfilled”.  Are these the same prerequisites recited in claim 3?
Claim 6 recites “the first cryptographic decryption key” which lacks antecedent basis (only the shares have been recited).
Claim 8 recites “said generated first cryptographic encryption key”.  This lacks sufficient antecedent basis.  The first cryptographic encryption key was obtained, not generated.
Claim 8 recites “share encrypted data”.  Is this the same data that was encrypted in the previous step?  If so, it should recite “share said encrypted data”.
Claim 9 recites “said generated first cryptographic encryption key”.  This lacks sufficient antecedent basis.
Claim 9 recites “share encrypted data”.  Is this the same data that was encrypted in the previous step?  Then it should read “share said encrypted data”.
Claim 10 recites “said requested data” which lacks sufficient antecedent basis.
Claim 10 recites “obtain said requested data encrypted with the first cryptographic encryption key”.  This phrase lacks sufficient antecedent basis.  The requested data has not been encrypted in previous steps.  Also “the first cryptographic encryption key” lacks sufficient antecedent basis.
Claim 10 recites “the determined first encryption algorithm” which lacks sufficient antecedent basis.
Claim 10 recites “a plurality of trusted decrypting entities, among said trusted entities”.  The term “said trusted entities” is unclear.  Are these the trusted decrypting entities?  Or is it referring back to the devices called entities?
Claim 10 recites “each using the first cryptographic decryption key secret share transmitted to it by the first entity”.  No transmission step was previously recited.
Claim 10 recites “said first threshold” which lacks sufficient antecedent basis.
Claim 11 recites “said generated first cryptographic encryption key” which lacks sufficient antecedent basis.  The key was obtained, not generated.
Claim 11 recites “share encrypted data”.  Is this the same data that was encrypted in the previous step?  Then it should read “share said encrypted data”.
Claim 11 recites “said plurality of entities” which lacks sufficient antecedent basis.
Claim 11 recites “a second device configured to be connected to a network on which a ledger is distributed”.  The terms “a ledger” and “a network” were previously recited.  Are these the same network/ledger or a different network/ledger?
Claim 11 recites “the first device having performed a method to share said requested data and first cryptographic decryption key secret shares”.  It is unclear how this ties into the rest of the claim.   The phrase “said requested data” lacks sufficient antecedent basis.  What are “first” cryptographic decryption key shares?  It is unclear what the sharing of the requested data and shares are in relation to the rest of the claim.
Claim 11 recites “the first cryptographic decryption key secret share” which lacks sufficient antecedent basis.
In general, it appears the claims were rewritten to delete multiple dependencies, etc.  However, this caused many issues where the claims refer back to different features which are no longer part of the claims from which they depend.  The examiner recommends that all claims be thoroughly reviewed so that each claim makes sense regarding what has previously been recited and what is being referred back to.  There may be some similar issues that were not specifically pointed out by the Examiner.  All claims need reviewed and corrected for this type of issue.
 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3 and 8-11 are rejected under 35 U.S.C. 103 as being unpatentable over O’Hare et al. (US 2015/0249687) in view of Mehedy et al. (US 2019/0342084).
Regarding claims 1, 8, and 9, O’Hare teaches a method (and corresponding product and device) for secure data and cryptographic key sharing distributed on a network between a plurality of network connected devices called entities, comprising:
Performed by a first entity of said plurality of entities, owner of data to be data to be shared: (see figure 27)
Determining a first encryption algorithm (see [0373], encryption algorithm chosen from RSA encryption algorithms, see figure 21 RC4 encryption)
Obtaining a first cryptographic key pair comprising a first cryptographic encryption key and a first cryptographic decryption key (see [0097] and [0098] cryptographic key pair)
Encrypting data to be shared using said generated first cryptographic encryption key and said determined first encryption algorithm (Data to be parsed is encrypted with session master key using RC4 algorithm - see figure 21).
Sharing encrypted data with said plurality of entities (Splitting the data and scattering or storing in any devices - see [0307] and figures 8 and 27).
Specifying prerequisites to be fulfilled before decryption of the shared encrypted data (See figure 17 and [0262] - [0263]: trust level required for user to be authenticated).
Determining a first predetermined number of trusted entities among said plurality of entities (Users authenticated (i.e., trusted), so clearly the system would know how many are authenticated for security purposes - see figure 17 and [0262] - [0263]).
Defining a first threshold equal to a minimum number of entities required for decryption of the shared encrypted data among said trusted entities (N-1 shares are necessary to restore the data (i.e., decrypt) - see [0316]).
Computing as many secret shares of said first cryptographic decryption key as the first predetermined number of trusted entities by applying a secret sharing scheme to said first cryptographic decryption key (Data and key are split into portions and stored on devices - see figures 21 and 27 and [0320] - [0307]).
Securely transmitting said computed secret shares to the trusted entities (Splitting the data and scattering or storing in any devices - see [0307] and figures 8 and 27).
O’Hare does not teach that the key sharing is on a ledger.
Mehedy teaches that storage on a distributed ledger creates a permanent record of the key shares in encrypted form so that the ledger can be audited and verified - see [0065].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of O’Hare by using a ledger for key sharing in order to create a permanent record of the key shares for auditing purposes, based upon the beneficial teachings provided by Mehedy.  These modifications would result in increased security to the system.

Regarding claims 3, 10, and 11, O’Hare teaches that to restore the original data, the steps are done in reverse - see [0326].  Therefore, decryption in this manner is taught by O’Hare.

Regarding claim 2, O’Hare teaches the decryption of the data being performed if authenticated, as previously discussed (trust level - see fig 17 and [0262] - [0236]).  In addition, Mehedy teaches using smart contracts on a distributed ledger - see [0065].  Smart contracts by definition are programs that run when predetermined conditions are met.  Therefore, the combination of O’Hare and Mehedy reasonably suggests decrypting when prerequisite are fulfilled.

	
	
Claims 4-7 are rejected under 35 U.S.C. 103 as being unpatentable over O’Hare et al. (US 2015/0249687) in view of Mehedy et al. (US 2019/0342084), and further in view of Herzberg et al. (US 5,625,692).
The teachings of O’Hare and Mehedy are relied upon for the reasons set forth above.

Regarding claim 4, O’Hare and Mehedy do not teach that the used threshold decryption scheme is among: threshold EIGamal decryption scheme, threshold symmetric one-time key use decryption scheme, threshold RSA decryption scheme, threshold ECC-EIGamal decryption scheme, and threshold Paillier decryption scheme.
Herzberg teaches adapting the distributed EIGamal to proactive secret sharing scheme in order to be secure against an adversary - see column 16 lines 37-45.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of O’Hare and Mehedy by using a threshold EIGamal scheme, in order to secure from adversaries, based upon the beneficial teachings provided by Herzberg.  These modifications would result in increased security to the system.

Regarding claim 5, O’Hare teaches the decryption of the data being performed if authenticated, as previously discussed (trust level - see fig 17 and [0262] - [0236]).  In addition, Mehedy teaches using smart contracts on a distributed ledger - see [0065].  Smart contracts by definition are programs that run when predetermined conditions are met.  Therefore, the combination of O’Hare and Mehedy reasonably suggests decrypting when prerequisite are fulfilled.

Regarding claims 6 and 7, O’Hare teaches that to restore the original data, the steps are done in reverse - see [0326].  Therefore, decryption in this manner is taught by O’Hare.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LISA C LEWIS whose telephone number is (571)270-7724. The examiner can normally be reached Monday - Thursday 7am-2pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/LISA C LEWIS/Primary Examiner, Art Unit 2495