DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Matthew Horton on 06/01/2022.

By this examiner's amendment Claims 1, 13 and 19 have been amended as the following:
1. (Currently Amended) A device-implemented method comprising: 
receiving, by a client device, a set of one or more security questions and a set of one or more security answers via a user interface, wherein a security question is at least one of a text and an image; 
calculating, by the client device, an entropy score for each security answer and a total entropy score for the set of security answers based upon the entropy score for each of the security answers; 
in response to the client device determining that the total entropy score for the set of security answers satisfies an entropic threshold: 
	encrypting, by the client device, one or more private keys using the set of security answers; and
	transmitting, by the client device, to a server the set of security questions and the one or more encrypted private keys.

13. (Currently Amended) A computer-implemented method comprising:
transmitting, by a client device, to a server an account identifier and a request to access one or more private keys associated with a user; 
displaying, by the client device, via a user interface one or more security questions associated with the account identifier and received from the server, wherein a security question is at least one of a text and an image; 
receiving, by the client device, via the user interface one or more security answers corresponding to the one or more security questions, wherein each of the one or more security answers corresponds to a calculated entropy score, and wherein a total entropy score is based upon the calculated entropy score for each of the one or more security answers and satisfies an entropic threshold; 
generating, by the client device, a passphrase using the one or more security answers; 
obtaining, by the client device, the one or more private keys in an encrypted form; and
decrypting, by the client device, the one or more private keys associated with the user using the passphrase.

19. (Currently Amended) The method according to claim 18, further comprising: 
wherein obtaining the one or more private keys includes receiving, by the client device, from the server the one or more private keys in [[an]] the encrypted form, 
wherein the proof of knowledge token transmitted to the server matches a stored proof of knowledge token, and wherein the client device decrypts the one or more private keys using the passphrase generated from the set of security answers.



Allowable Subject Matter
Claims 1-20 are allowed.

Reasons for Allowance
Examiner’s statement of reasons for allowance for claims 1-20 are stated below.
Regarding independent Claim 1, the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of said prior art that teaches “receiving, by a client device, a set of one or more security questions and a set of one or more security answers via a user interface, wherein a security question is at least one of a text and an image; calculating, by the client device, an entropy score for each security answer and a total entropy score for the set of security answers based upon the entropy score for each of the security answers; in response to the client device determining that the total entropy score for the set of security answers satisfies an entropic threshold: encrypting, by the client device, one or more private keys using the set of security answers; and transmitting, by the client device, to a server the set of security questions and the one or more encrypted private keys” in combination with all the elements of the claim. 
The dependent claims 2-12 and 20 are allowable due to their dependence on independent claim 1.

Regarding independent Claim 13, the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of said prior art that teaches “transmitting, by a client device, to a server an account identifier and a request to access one or more private keys associated with a user; displaying, by the client device, via a user interface one or more security questions associated with the account identifier and received from the server, wherein a security question is at least one of a text and an image; receiving, by the client device, via the user interface one or more security answers corresponding to the one or more security questions, wherein each of the one or more security answers corresponds to a calculated entropy score, and wherein a total entropy score is based upon the calculated entropy score for each of the one or more security answers and satisfies an entropic threshold; generating, by the client device, a passphrase using the one or more security answers; obtaining, by the client device, the one or more private keys in an encrypted form; and decrypting, by the client device, the one or more private keys associated with the user using the passphrase” in combination with all the elements of the claim. 
The dependent claims 14-19 are allowable due to their dependence on independent claim 13.


The closest prior art made of record are:
Patin US2019/0245688 teaches a system and method for private key recovery. A key recovery computing system is configured to provide an original private key. The original private key is associated with a storage location of a blockchain-based asset. The key recovery computing system is configured to receive supplemental recovery information provided by a user via a user computing device. A recovery seed is derived from at least a subset of the supplemental recovery information, wherein the recovery seed is non-invertible. The original private key and the recovery seed are stored relationally to the supplemental recovery information. 
Matyas, JR et al. US2003/0105959 teaches a system and method for user authentication and cryptographic key protection through the use of personal entropy (PE). A computing system generate secret values from answers to questions previously created by the user. The questions are displayed to the user on a user interface (UI), and the user is prompted to select a subset of the questions to answer. When the user provides answers for the selected subset, an attempt is made to generate the secret value from a portion of the subset and possibly other information. If the secret value cannot be generated from at least a portion of the selected subset, the user is prompted to select a second subset of the displayed questions and provide answers to the selected second set of questions. When the user provides answers to the second selected subset of questions, an attempt is made to generate the secret value from a portion of the first and second sets of answers and possibly other information. 
Ellison et al. “Protecting secret keys with personal entropy” teaches a method and apparatus for protecting secrets with personal entropy. Users to protect a secret key by selecting a password or passphrase.  A user can protect a secret key using the “personal entropy” in his own life, by encrypting the passphrase using the answers to several personal questions.
 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959.  The examiner can normally be reached on M-F 8am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HENRY TSANG/Primary Examiner, Art Unit 2495