Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This office action is responsive to the amendment filed on 3/23/22. Claims 1 – 20 are pending.

Response to Arguments
Applicant's arguments filed 3/23/22 have been fully considered but they are not persuasive. Applicant argues “the cited references do not disclose or suggest at least the elements of claim 10 "decrypt and read an encrypted record including information to establish a network connection with a receiving electronic device,....wherein the record includes a secret key to derive keys for encrypting and decrypting a data stream by the receiving electronic device, establish the data stream with a receiving electronic device using the information...transmit, to the receiving electronic device, the location for the electronic device via the data stream, the location encrypted using a key derived from the secret key," as amended.” However, Examiner respectfully disagrees and points to the rejection below. Van Liesdonk teaches “…to derive keys for encrypting and decrypting a data stream by the receiving electronic device” in at least paragraph 142, which describes: Device 232 computes E.sub.K.sub.2 and enters it as a private input in the computation, in the same way. If there are more location analysis devices, then each may compute the encrypting stream E.sub.K.sub.i from their share K.sub.i. The multi-party computation may then proceed with computing the location update from the inputs of the devices. This is an efficient computation, since only addition or subtractions are needed. For example, the addition may be implemented as an XOR, which means that it suffices to perform multi-party XOR to obtain a secret-shared decrypted location update. The multi-party computation type may, e.g., be Shamir or SPDZ. In this example, the computation related to the decryption operations, is performed almost fully locally without mpc interaction. This increases the efficiency of this option.
Applicants also argues “the cited references do not disclose or suggest at least the elements of claim 1 "generating a set of keys at the first device, the set of keys generated based on the secret key, sending a message from the first device to the second device to establish a location data stream, the location data stream encrypted by the second device using one or more keys in the set of keys, and displaying a location received from the location data stream on a graphical interface of the first device, wherein the location data stream is decrypted using the one or more keys." However, Examiner respectfully disagrees and points to the rejection below. Van Liesdonk teaches these limitations in at least paragraphs 140, 142, 143 and 151. Amended limitation “wherein the location data stream is decrypted using the one or more keys” is taught by Van Liesdonk in at least paragraph 143: The mpc can now proceed by computing the secret-shared key K, and decrypting the location update with it and also described in the abstract and paragraph 151.
Therefore, it is the Examiner’s position that the claim limitations as written have been met.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 10, 13 and 14 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Van Liesdonk et al. (US2020/0082113 A1).
Regarding claim 10, Van Liesdonk teaches an electronic device (Figs. 4: device 231 and Fig. 7B: device 1100) comprising: a wireless radio system (Figs. 1 and 4: gathering subsystem 110) coupled to a bus (see Figs. 4 and 7B); a memory to store instructions (Fig. 7B; paragraph 168: memory 1130); and one or more processors to execute the instructions (paragraph 168: processor 1120), wherein the instructions cause the one or more processors to: decrypt and read an encrypted record including information to establish a network connection with a receiving electronic device (device 232; see Fig. 4; paragraph 142: The location updates in database 120 may be encrypted… Device 231 then enters the partially decrypted location update in the multi-party computation, but as a private input. For example, device 231 may compute shares L.sub.i for the location updates, in which i runs over the location analysis devices, and provide each location analysis device with a share), the record read from a cache of an online data store (paragraph 142: The location updates in database 120 may be encrypted… device 231 and 232. For example, device 231 may retrieve a fully encrypted location update), wherein the record includes a secret key (paragraph 142: The location updates in database 120 may be encrypted with two stream ciphers. For example, consider a database encryption key that comprises multiple subkeys: K=(K.sub.1, K.sub.2, . . . )... The multi-party computation may then proceed with computing the location update from the inputs of the devices… obtain a secret-shared decrypted location update. Also described in paragraphs 66-68 and 143-144) to derive keys for encrypting and decrypting a data stream by the receiving electronic device (paragraph 142: Device 232 computes E.sub.K.sub.2 and enters it as a private input in the computation, in the same way. If there are more location analysis devices, then each may compute the encrypting stream E.sub.K.sub.i from their share K.sub.i. The multi-party computation may then proceed with computing the location update from the inputs of the devices. This is an efficient computation, since only addition or subtractions are needed. For example, the addition may be implemented as an XOR, which means that it suffices to perform multi-party XOR to obtain a secret-shared decrypted location update. The multi-party computation type may, e.g., be Shamir or SPDZ. In this example, the computation related to the decryption operations, is performed almost fully locally without mpc interaction. This increases the efficiency of this option); establish a data stream with a receiving electronic device using the information, the data stream established via the wireless radio system (see Fig. 4; paragraph 140: as in FIG. 4, by simply forwarding the location updates; paragraph 142: Device 232 computes E.sub.K.sub.2 and enters it as a private input in the computation); determine a location for the electronic device via a location determination service (see Fig. 4; paragraph 140: as in FIG. 4, by simply forwarding the location updates); and transmit, to the receiving electronic device, the location for the electronic device via the data stream (see Fig. 4; paragraph 140: as in FIG. 4, by simply forwarding the location updates; paragraph 142: Device 231 then enters the partially decrypted location update in the multi-party computation, but as a private input. For example, device 231 may compute shares L.sub.i for the location updates, in which i runs over the location analysis devices, and provide each location analysis device with a share. Device 232 computes E.sub.K.sub.2 and enters it as a private input in the computation, in the same way. If there are more location analysis devices, then each may compute the encrypting stream E.sub.K.sub.i from their share K.sub.i. The multi-party computation may then proceed with computing the location update from the inputs of the devices), the location encrypted using a key derived from the secret key (paragraph 142: The location updates in database 120 may be encrypted with two stream ciphers. For example, consider a database encryption key that comprises multiple subkeys: K=(K.sub.1, K.sub.2, . . . )… Device 231 has access to key K.sub.1; device 232 has access to key K.sub.2. For example, device 231 may retrieve a fully encrypted location update. Device 231 may then compute E.sub.K.sub.1 itself, and from that compute L+E.sub.K.sub.2, that is a partially decrypted location update. Device 231 then enters the partially decrypted location update in the multi-party computation, but as a private input). 
Regarding claim 13, Van Liesdonk teaches the electronic device as in claim 12, the one or more processors further to: determine an updated location for the electronic device (paragraph 142: The location updates in database 120 may be encrypted with two stream ciphers. For example, consider a database encryption key that comprises multiple subkeys: K=(K.sub.1, K.sub.2, . . . )... The multi-party computation may then proceed with computing the location update from the inputs of the devices… obtain a secret-shared decrypted location update. Also described in paragraphs 66-68 and 143-144); encrypt the updated location with the key derived from the secret key (paragraph 142: The location updates in database 120 may be encrypted with two stream ciphers. For example, consider a database encryption key that comprises multiple subkeys: K=(K.sub.1, K.sub.2, . . . )... The multi-party computation may then proceed with computing the location update from the inputs of the devices… obtain a secret-shared decrypted location update. Also described in paragraphs 66-68 and 143-144); and transmit the updated location for the electronic device to the receiving electronic device via the data stream (see Fig. 4; paragraph 140: as in FIG. 4, by simply forwarding the location updates; paragraph 142: Device 232 computes E.sub.K.sub.2 and enters it as a private input in the computation), the location encrypted using a key derived from the secret key (paragraph 142: The location updates in database 120 may be encrypted with two stream ciphers. For example, consider a database encryption key that comprises multiple subkeys: K=(K.sub.1, K.sub.2, . . . )… Device 231 has access to key K.sub.1; device 232 has access to key K.sub.2. For example, device 231 may retrieve a fully encrypted location update. Device 231 may then compute E.sub.K.sub.1 itself, and from that compute L+E.sub.K.sub.2, that is a partially decrypted location update. Device 231 then enters the partially decrypted location update in the multi-party computation, but as a private input). 
Regarding claim 14, Van Liesdonk teaches the electronic device as in claim 13, the one or more processors further to: receive a notification of an update of the secret key (paragraph 142: The location updates in database 120 may be encrypted with two stream ciphers. For example, consider a database encryption key that comprises multiple subkeys: K=(K.sub.1, K.sub.2, . . . )... The multi-party computation may then proceed with computing the location update from the inputs of the devices… obtain a secret-shared decrypted location update. Also described in paragraphs 66-68 and 143-144); retrieve an update for the encrypted record via the online data store (paragraph 142: The location updates in database 120 may be encrypted with two stream ciphers. For example, consider a database encryption key that comprises multiple subkeys: K=(K.sub.1, K.sub.2, . . . )... The multi-party computation may then proceed with computing the location update from the inputs of the devices… obtain a secret-shared decrypted location update. Also described in paragraphs 66-68 and 143-144); store the update for the encrypted record to the cache of the online data store (paragraph 142: The location updates in database 120 may be encrypted with two stream ciphers. For example, consider a database encryption key that comprises multiple subkeys: K=(K.sub.1, K.sub.2, . . . )... The multi-party computation may then proceed with computing the location update from the inputs of the devices… obtain a secret-shared decrypted location update. Also described in paragraphs 66-68 and 143-144: the decryption information is computed from a key share and entered as a private input to facilitate decrypting the location updates in the multi-party computation); decrypt the encrypted record and read an updated secret key, the encrypted record decrypted using the share key (paragraph 142: The location updates in database 120 may be encrypted with two stream ciphers. For example, consider a database encryption key that comprises multiple subkeys: K=(K.sub.1, K.sub.2, . . . )... The multi-party computation may then proceed with computing the location update from the inputs of the devices… obtain a secret-shared decrypted location update. Also described in paragraphs 66-68 and 143-144: the decryption information is computed from a key share and entered as a private input to facilitate decrypting the location updates in the multi-party computation); derive a new key based on the updated secret key (paragraph 142: For example, device 231 may compute shares L.sub.i for the location updates, in which i runs over the location analysis devices, and provide each location analysis device with a share. Device 232 computes E.sub.K.sub.2 and enters it as a private input in the computation, in the same way… For example, the addition may be implemented as an XOR, which means that it suffices to perform multi-party XOR to obtain a secret-shared decrypted location update); and encrypt subsequent locations using the new key (paragraph 142: For example, device 231 may compute shares L.sub.i for the location updates, in which i runs over the location analysis devices, and provide each location analysis device with a share. Device 232 computes E.sub.K.sub.2 and enters it as a private input in the computation, in the same way. If there are more location analysis devices, then each may compute the encrypting stream E.sub.K.sub.i from their share K.sub.i. The multi-party computation may then proceed with computing the location update from the inputs of the devices). 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1 – 5, 7 – 9, 11, 15, 16 and 18 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over Van Liesdonk et al. (US2020/0082113 A1) in view of Chheda et al. (US 2019/0149945 A1).
Regarding claims 1 and 15, Van Liesdonk teaches a data processing system (Figs. 1 and 4) and non-transitory machine-readable medium storing instructions which, when executed, cause one or more processors of a data processing system (paragraph 173) to perform operations comprising: creating record to specify a location streaming relationship between a first device registered with a first user (Fig. 4: device 231) and a second device registered with a second (device 232), the record including a secret key (paragraph 142: The location updates in database 120 may be encrypted with two stream ciphers. For example, consider a database encryption key that comprises multiple subkeys: K=(K.sub.1, K.sub.2, . . . )... The multi-party computation may then proceed with computing the location update from the inputs of the devices… obtain a secret-shared decrypted location update. Also described in paragraphs 66-68 and 143-144); storing the record to an online datastore associated with the first user (paragraph 142: The location updates in database 120 may be encrypted… device 231 and 232); sharing an encrypted version of the record via the online datastore, the encrypted version of the record shared with the second online account (see Fig. 4; paragraph 142: Device 231 then enters the partially decrypted location update in the multi-party computation, but as a private input. For example, device 231 may compute shares L.sub.i for the location updates, in which i runs over the location analysis devices, and provide each location analysis device with a share); generating a set of keys at the first device, the set of keys generated based on the secret key (paragraph 142: The location updates in database 120 may be encrypted with two stream ciphers. For example, consider a database encryption key that comprises multiple subkeys: K=(K.sub.1, K.sub.2, . . . )… Device 231 has access to key K.sub.1; device 232 has access to key K.sub.2. For example, device 231 may retrieve a fully encrypted location update. Device 231 may then compute E.sub.K.sub.1 itself, and from that compute L+E.sub.K.sub.2, that is a partially decrypted location update. Device 231 then enters the partially decrypted location update in the multi-party computation, but as a private input); sending a message from the first device to the second device to establish a location data stream, the location data stream encrypted by the second device using one or more keys in the set of keys (see Fig. 4; paragraph 140: as in FIG. 4, by simply forwarding the location updates; paragraph 142: Device 232 computes E.sub.K.sub.2 and enters it as a private input in the computation), wherein the location data stream is decrypted using the one or more keys (paragraph 143: The mpc can now proceed by computing the secret-shared key K, and decrypting the location update with it. Also described in the abstract and paragraph 151).
Although Van Liesdonk teaches creating, storing and sharing a record, Van Liesdonk fails to explicitly disclose sending a request to create, sending a request for storage, sending a request to share; and a first device registered with a first user account and a second device registered with a second online account; storing the record to an online datastore associated with the first user account; and displaying a location received from the location data stream on a graphical interface of the first device.
However, Chheda teaches sending a request to create (paragraph 30: In one example, the request manage component 112 of the dispatch 110 can process the request 183 for the first user. The request manage component 112 can create a trip entry for the requested transport service in the trips database 143 and associate the user ID 184 of the first user with the trip entry (or an identifier of the trip entry)), sending a request for storage (paragraph 30: The request manage component 112 can create a trip entry for the requested transport service in the trips database 143 and associate the user ID 184 of the first user with the trip entry (or an identifier of the trip entry). The trip entry can correspond to a data structure that corresponds to a requested transport service and can store or be associated with information about the transport service. In addition, the request manage component 112 can determine the user-specified parameters or information from the request 183, and can provide the pickup location 185 and the vehicle type 186 to the driver select component 114. The request manage component 112 can also store the user-specified parameters with the trip entry. Also described in paragraph 58), sending a request to share (paragraph 47: the system 100 can enable the first user to request to share the fare for the transport service with the second user... If the first user makes the request to share the fare…); a first device registered with a first user account (Fig. 1; paragraph 32: While a user profile or account associated with the first user exists or is stored in the client database 141 (e.g., as a result of registering or signing up with the network service)) and a second device registered with a second online account (paragraphs 32-33: the second user has an associated profile or account); storing the record to an online datastore associated with the first user account (paragraph 32: While a user profile or account associated with the first user exists or is stored in the client database 141 (e.g., as a result of registering or signing up with the network service)); and displaying a location received from the location data stream on a graphical interface of the first device (paragraph 64: A rider can operate a designated client application on the rider device, which can display a graphical user interface on the rider device (310). The graphical user interface can correspond to a home page graphical user interface, such as the user interface 400 of FIG. 4A, which can include map content 402 showing a map of a region near or around a current location 404 of the rider (e.g., the current location of the rider device). For example, the client application can determine the current location of the rider or the rider device).
In view of this, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Van Liesdonk’s method by incorporating the teachings of Chheda, for the purpose of maintaining records and providing accurate location information.
Regarding claims 2 and 16, Van Liesdonk teaches the non-transitory machine-readable medium and data processing system as in claims 1 and 15, but fails to explicitly disclose wherein establishing the share for the record via the online datastore includes creating an invite to share the record and sending the invite to the second online account. 
	However, Chheda teaches wherein establishing the share for the record via the online datastore includes creating an invite to share the record and sending the invite to the second online account (paragraph 33: If the second user has an associated profile or account, the request manage component 112 can associate or add an identifier associated with the second user's profile to the trip entry. In addition, because the second user has an associated profile with the network service, the request manage component 112 can determine that communications in connection with the transport service can be made using a first messaging protocol and/or channel, such as an application push notification or an in-application message; paragraph 35: On the other hand, if the second user does not have an associated profile in the client database 141, the request manage 112 can provide the contact information 187 (that is determined or extracted from the request 183) to the message manage 150. The message manage 150 can determine, from the contact information 187 and/or the information about the selected messaging protocol, that data is to be transmitted to the second device 170 of the second user using the selected messaging protocol (e.g., the second messaging protocol). Further described in paragraphs 36-39).
In view of this, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Van Liesdonk’s method by incorporating the teachings of Chheda, for the purpose of exchanging records and providing accurate information.
Regarding claim 3, Van Liesdonk teaches the non-transitory machine-readable medium as in claim 2, but fails to explicitly disclose the operations additionally comprising sending the invite to the second user account via an identity server, the identity server to relay the invite to the second device, wherein the second user account is identified via a handle that identifies the online account.
However, Chheda teaches the operations additionally comprising sending the invite to the second user account via an identity server, the identity server to relay the invite to the second device, wherein the second user account is identified via a handle that identifies the online account (paragraph 33: If the second user has an associated profile or account, the request manage component 112 can associate or add an identifier associated with the second user's profile to the trip entry. In addition, because the second user has an associated profile with the network service, the request manage component 112 can determine that communications in connection with the transport service can be made using a first messaging protocol and/or channel, such as an application push notification or an in-application message; paragraph 35: On the other hand, if the second user does not have an associated profile in the client database 141, the request manage 112 can provide the contact information 187 (that is determined or extracted from the request 183) to the message manage 150. The message manage 150 can determine, from the contact information 187 and/or the information about the selected messaging protocol, that data is to be transmitted to the second device 170 of the second user using the selected messaging protocol (e.g., the second messaging protocol). Further described in paragraphs 36-39).
In view of this, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Van Liesdonk’s method by incorporating the teachings of Chheda, for the purpose of exchanging records and providing accurate information.
Regarding claim 4, Van Liesdonk teaches the non-transitory machine-readable medium as in claim 3, but fails to explicitly disclose wherein the handle is an e-mail address or a telephone number associated with the second online account.
However, Chheda teaches wherein the handle is an e-mail address or a telephone number associated with the second online account (paragraph 29: The contact information 187 can include a phone number, a name, an email address, and/or other identifying information of the second user). 
In view of this, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Van Liesdonk’s method by incorporating the teachings of Chheda, for the purpose of exchanging records and providing accurate information.
Regarding claim 5, Van Liesdonk teaches the non-transitory machine-readable medium as in claim 3, but fails to explicitly disclose wherein the invite includes a uniform resource locator (URL) that identifies the share for the record via the online datastore.
However, Chheda teaches wherein the invite includes a uniform resource locator (URL) that identifies the share for the record via the online datastore (paragraph 45: In some examples, one or more messages that are transmitted to the second device 170 can include a link (e.g., a uniform resource locator)).
In view of this, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Van Liesdonk’s method by incorporating the teachings of Chheda, for the purpose of identifying records and providing accurate information.
Regarding claims 7 and 18, Van Liesdonk teaches the non-transitory machine-readable medium as in claim 1, but fails to explicitly disclose the operations additionally comprising receiving a motion status associated with the second device and displaying the motion status on the graphical interface of the first device, the motion status indicating an active or passive state for a user associated with the second device.
However, Chheda teaches the operations additionally comprising receiving a motion status associated with the second device and displaying the motion status on the graphical interface of the first device, the motion status indicating an active or passive state for a user associated with the second device (paragraph 27: The first user can provide input on the client application 181 (e.g., using a touch-sensitive display of the rider device 180) to specify a pickup location 185 for the second user; paragraph 45: to enable the second user to view the real-time or close to real-time progress of the driver and/or the trip. Also described at the end of paragraph 42 and in paragraphs 64 and 65). 
In view of this, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Van Liesdonk’s method by incorporating the teachings of Chheda, for the purpose of exchanging records and providing accurate information.
Regarding claims 8 and 19, Van Liesdonk teaches the non-transitory machine-readable medium as in claim 7, but fails to explicitly disclose wherein the motion status additionally indicates a walking, running, or driving state for the user associated with the second device. 
However, Chheda teaches wherein the motion status additionally indicates a walking, running, or driving state for the user associated with the second device; (paragraph 45: to enable the second user to view the real-time or close to real-time progress of the driver and/or the trip. Also described at the end of paragraph 42 and in paragraphs 64 and 65). 
In view of this, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Van Liesdonk’s method by incorporating the teachings of Chheda, for the purpose of exchanging records and providing accurate information.
Regarding claims 9 and 20, Van Liesdonk teaches the non-transitory machine-readable medium as in claim 1, but fails to explicitly disclose wherein the location data stream is established by the second device via connection information on a server, the connection information to map the first device to connection information for the first device. 
	However, Chheda teaches wherein the location data stream is established by the second device via connection information on a server, the connection information to map the first device to connection information for the first device (paragraph 54: the second user can still receive information when the transport service is arranged for the second user, or when the driver arrives at the pickup location of the second user, etc. As an addition or an alternative, the system 100 can also transmit one or more messages to the first user's device (e.g., concurrently as the one or more messages are transmitted to the second user's device) using a push notification messaging protocol or an in-application messaging protocol. Data received using application messaging protocols can also enable the client application to display, on a user interface, the progress of the transport service, including the location of the driver on map content, driver information, and one or more selectable features. Also described in paragraphs 61).
In view of this, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Van Liesdonk’s method by incorporating the teachings of Chheda, for the purpose of exchanging records and providing accurate information.
Regarding claim 11, Van Liesdonk teaches the electronic device as in claim 10, but fails to explicitly disclose the electronic device additionally comprising a global positioning system receiver and the location determination service is to determine a location via a satellite positioning service based on signals received via the global positioning system receiver or based on signals received via the wireless radio system. 
	However, Chheda teaches the electronic device additionally comprising a global positioning system receiver and the location determination service is to determine a location via a satellite positioning service based on signals received via the global positioning system receiver or based on signals received via the wireless radio system (paragraph 27: a global position system (GPS) receiver) to determine the current location of the first user (e.g., the rider device 180).
In view of this, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Van Liesdonk’s method by incorporating the teachings of Chheda, for the purpose of providing accurate location information.

Claims 6 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Van Liesdonk and Chheda as applied to claim 5 above, and further in view of Reddy et al. (US 2017/0070506 A1).
Regarding claim 6, Van Liesdonk and Chheda teach the non-transitory machine-readable medium as in claim 5, wherein the share is encrypted on the online datastore (paragraph 142: The location updates in database 120 may be encrypted with two stream ciphers. For example, consider a database encryption key that comprises multiple subkeys: K=(K.sub.1, K.sub.2, . . . )... The multi-party computation may then proceed with computing the location update from the inputs of the devices… obtain a secret-shared decrypted location update. Also described in paragraphs 66-68 and 143-144), but fail to explicitly disclose the URL including cryptographic material to derive an encryption key for the share.
However, Reddy teaches wherein the URL includes cryptographic material to derive an encryption key for the share (page 6, claim 2: forwarding a uniform resource locator (URL) to the cloud-based SECaaS server, the URL enabling the cloud-based SECaaS server to obtain cryptographic keying information from a cloud-based key management server having connectivity to the enterprise network, the keying information allowing the file to be decrypted when the file is encrypted). 
In view of this, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Van Liesdonk and Chheda’s method by incorporating the teachings of Reddy, for the purpose of securing access to data.
Regarding claim 17, Van Liesdonk and Chheda teach the same limitations described above in the rejections of claims 3 – 5. Van Liesdonk and Chheda teach fail to explicitly disclose the URL includes cryptographic material to derive an encryption key for the share. 
However, Reddy teaches wherein the URL includes cryptographic material to derive an encryption key for the share (page 6, claim 2: forwarding a uniform resource locator (URL) to the cloud-based SECaaS server, the URL enabling the cloud-based SECaaS server to obtain cryptographic keying information from a cloud-based key management server having connectivity to the enterprise network, the keying information allowing the file to be decrypted when the file is encrypted). 
In view of this, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Van Liesdonk and Chheda’s method by incorporating the teachings of Reddy, for the purpose of securing access to data.

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Van Liesdonk et al. (US2020/0082113 A1) in view of Lee et al. (US 2019/0215182 A1).
Regarding claim 12, Van Liesdonk teaches the electronic device as in claim 10, the one or more processors further to: retrieve the encrypted record via the online data store (paragraph 142: For example, device 231 may retrieve a fully encrypted location update. Further described in paragraph 143); and store the encrypted record to the cache of the online data store, wherein the encrypted record is decrypted using the share key (paragraph 142: The location updates in database 120 may be encrypted with two stream ciphers. For example, consider a database encryption key that comprises multiple subkeys: K=(K.sub.1, K.sub.2, . . . )... The multi-party computation may then proceed with computing the location update from the inputs of the devices… obtain a secret-shared decrypted location update. Also described in paragraphs 66-68 and 143-144: the decryption information is computed from a key share and entered as a private input to facilitate decrypting the location updates in the multi-party computation), but fails to explicitly disclose receiving a request to share a location of the electronic device with the receiving electronic device; in response to acceptance of the request, receiving a master key; and deriving a share key based on the master key.
However, Lee teaches receiving a request to share a location of the electronic device with the receiving electronic device (paragraph 100: receive a request for the information related to the electronic device 102 from the server 108. Also described in paragraph 186); in response to acceptance of the request, receiving a master key (paragraph 100: generate a group session key through the group master secret key in response to reception of the request. Also described in paragraph 186); and deriving a share key based on the master key (paragraph 100: master secret key to be shared)
In view of this, it would have been obvious to one skilled in the art before the effective filing date of the claimed invention to modify Van Liesdonk’s device by incorporating the teachings of Lee, for the purpose of securing access to data.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RHONDA L MURPHY whose telephone number is (571)272-3185. The examiner can normally be reached Monday-Friday 9:00-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yemane Mesfin can be reached on (571) 272-3927. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RHONDA L MURPHY/Primary Examiner, Art Unit 2462