Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 3/14/2022 has been entered.   Claims 1-21 are pending.
 Response to Arguments
Applicant’s arguments with respect to claim 1 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5-7, 9, 17 and 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over D’Souza et al. (US 2017/0262639 hereinafter D’Souza) in view of Mehedy et al. (US 2019/0342084 hereinafter Mehedy).
Regarding claim 1, D’Souza discloses a system for providing to a designated third party system access to a secret, the system comprising: 
a plurality of trustee systems (FIG. 1, ¶ [0013], [0021]-[0022]; i.e. cloud data storage system or a vast network of interlinked data storage computer systems), wherein each trustee system is configured to: 
receive a secret share of the secret from a first party system and store the secret share, wherein the secret or the secret share is encrypted such that only a designated third party system can access the secret (FIG. 1, ¶ [0013], [0021]-[0022], [0030]-[0032]; i.e. receiving user’s encrypted data wherein the data is encrypted using the user’s private key that prevents the storage system from gaining access to the encrypted data, the encrypted data is released to verified third parties and/or stored in the data storages); 
monitor [[a first ledger for]] published requests for the secret share (¶ [0014], [0029]-[0034]; i.e. monitoring whether requests for the encrypted data or encrypted key shares would be allowed based on checking a policy);
validate that a request for the secret share was made by the designated third party system (¶ [0014], [0028]-[0034]; i.e. upon receiving the request from a third party, such as a user, a business or a legal entity, to access user’s data, the data storage system sends a query to verified third parties such as judges, notaries public, government officials or other trusted person and receives the response or approvals from the verified third parties and allows the encrypted data to be released upon receiving a threshold number of approvals from the verified third parties according to the policy, in other word, the storage system verifies that the third party is approved or authenticated by at least a number of the trusted parties); 
and if the validation is successful, publish the secret share to [[the first ledger, or to a second ledger]] the third party, the publishing of the secret share being in response to the validated request for the secret share.
D’Souza discloses monitoring the requests for the secret shares from the third party but D’Souza does not explicitly disclose monitoring the first ledger and publishing the secret share to the first ledger or to a second ledger.
However, Mehedy discloses monitoring the first ledger and publishing the secret share to the first ledger or to a second ledger (FIG. 3, 4A-C & 5, ¶ [021], [0028], [0056]-[0057]; i.e. the blockchain storing peer receiving/monitoring one or more blockchain/ledger peer nodes the broadcasted file retrieve request, verifying the file share hash and the key share hash, and releasing the encrypted file shares to the ledger peer nodes).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Mehedy’s teaching in order to protect encrypted off-chain data storage by splitting blockchain encryption keys into key fragments and storing the key fragments that are accessible to the plurality of blockchain nodes (Mehedy, ¶ [0002]-[0006]).
Regarding claim 5, D’Souza in view of Mehedy discloses the system of claim 1, further comprising a first party system, wherein the first party system is configured to: encrypt the secret (D’Souza, ¶ [0023]; Mehedy, FIG. 4B); generate the secret share of the encrypted secret (D’Souza, ¶ [0023], [0030]-[0032] ; Mehedy, FIG. 4B); and transmit a secret share of the secret shares to the plurality of trustee systems (D’Souza, ¶ [0022], [0030]-[0032] ; Mehedy, FIG. 4B).
Regarding claim 6, D’Souza in view of Mehedy discloses the system of claim 1, further comprising a first party system, wherein the first party system is configured to: generate the secret share of the secret (D’Souza, ¶ [0023], [0030] ; Mehedy, FIG. 4B); encrypt the secret share (D’Souza, ¶ [0023], [0030]-[0032] ; Mehedy, FIG. 4B); and transmit the encrypted secret share to the plurality of trustee systems (D’Souza, ¶ [0023], [0030]-[0032] ; Mehedy, FIG. 4B).
Regarding claim 7, D’Souza in view of Mehedy discloses the system of claim 5, wherein the first party system is configured to encrypt the secret or secret share using a public encryption key associated with the third party system (D’Souza, ¶ [0041]).
Regarding claim 9, D’Souza in view of Mehedy discloses the system of claim 5, wherein the secret is a second object key of an object key pair (D’Souza, ¶ [0030], [0041]), and wherein the first party system is further configured to: encrypt data using the first object key of the object key pair (D’Souza, ¶ [0041]); and transmit the encrypted data to the third party system (D’Souza, ¶ [0041]).
Regarding claim 17, D’Souza in view of Mehedy discloses the system of claim 9, further comprising a third party system, wherein the third party system is further configured to: receive the encrypted data from the first party system (D’Souza, ¶ [0030], [0041]); decrypt the encrypted data using a decrypted second object key of the object key pair (¶ [0030], [0041]).
Regarding claim 20, D’Souza discloses a method for providing to a designated third party system access to a secret, the method comprising: 
receiving, at a trustee system, a secret share of the secret from a first party system and storing the secret share, wherein the secret or the secret share is encrypted such that only a designated third party system can access the secret (FIG. 1, ¶ [0013], [0030]-[0032]; i.e. receiving user’s encrypted data wherein the data is encrypted using the user’s private key that prevents the storage system from gaining access to the encrypted data, the encrypted data is released to verified third parties and/or stored in the data storages); 
monitoring [[a first ledger for]] published requests for the secret share (¶ [0014], [0029]-[0034]; i.e. monitoring whether requests for the encrypted data or encrypted key shares would be allowed based on checking a policy).
validating that a request for the secret share was made by the designated third party system (¶ [0014], [0028]-[0034]; i.e. upon receiving the request from a third party, such as a user, a business or a legal entity, to access user’s data, the data storage system sends a query to verified third parties such as judges, notaries public, government officials or other trusted person and receives the response or approvals from the verified third parties and allows the encrypted data to be released upon receiving a threshold number of approvals from the verified third parties according to the policy, in other word, the storage system verifies that the third party is approved or authenticated by at least a number of the trusted parties); 
and if the validation is successful, publishing the secret share to [[the first ledger, or to a second ledger]] the third party, the publishing of the secret share being in response to the validated request for the secret share.
D’Souza discloses monitoring the requests for the secret shares from the third party but D’Souza does not explicitly disclose monitoring the first ledger and publishing the secret share to the first ledger or to a second ledger.
However, Mehedy discloses monitoring the first ledger and publishing the secret share to the first ledger or to a second ledger (FIG. 3, 4A-C & 5, ¶ [021], [0028], [0056]-[0057]; i.e. the blockchain storing peer receiving/monitoring one or more blockchain/ledger peer nodes the broadcasted file retrieve request, verifying the file share hash and the key share hash, and releasing the encrypted file shares to the ledger peer nodes).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Mehedy’s teaching in order to protect encrypted off-chain data storage by splitting blockchain encryption keys into key fragments and storing the key fragments that are accessible to the plurality of blockchain nodes (Mehedy, ¶ [0002]-[0006]).
Regarding claim 21, D’Souza discloses a non-transitory computer-readable medium comprising instructions which, when executed by a computer, cause the computer to: 
receive a secret share of the secret from a first party system and store the secret share, wherein the secret or the secret share is encrypted such that only a designated third party system can access the secret (FIG. 1, ¶ [0013], [0030]-[0032]; i.e. receiving user’s encrypted data wherein the data is encrypted using the user’s private key that prevents the storage system from gaining access to the encrypted data, the encrypted data is released to verified third parties and/or stored in the data storages); 
monitor [[a first ledger for]] published requests for the secret share (¶ [0014], [0029]-[0034]; i.e. monitoring whether requests for the encrypted data or encrypted key shares would be allowed based on checking a policy).
validate that a request for the secret share was made by the designated third party system (¶ [0014], [0028]-[0034]; i.e. upon receiving the request from a third party, such as a user, a business or a legal entity, to access user’s data, the data storage system sends a query to verified third parties such as judges, notaries public, government officials or other trusted person and receives the response or approvals from the verified third parties and allows the encrypted data to be released upon receiving a threshold number of approvals from the verified third parties according to the policy, in other word, the storage system verifies that the third party is approved or authenticated by at least a number of the trusted parties); 
and if the validation is successful, publishing the secret share to [[the first ledger, or to a second ledger]] the third party, the publishing of the secret share being in response to the validated request for the secret share.
D’Souza discloses monitoring the requests for the secret shares from the third party but D’Souza does not explicitly disclose monitoring the first ledger and publishing the secret share to the first ledger or to a second ledger.
However, Mehedy discloses monitoring the first ledger and publishing the secret share to the first ledger or to a second ledger (FIG. 3, 4A-C & 5, ¶ [021], [0028], [0056]-[0057]; i.e. the blockchain storing peer receiving/monitoring one or more blockchain/ledger peer nodes the broadcasted file retrieve request, verifying the file share hash and the key share hash, and releasing the encrypted file shares to the ledger peer nodes).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Mehedy’s teaching in order to protect encrypted off-chain data storage by splitting blockchain encryption keys into key fragments and storing the key fragments that are accessible to the plurality of blockchain nodes (Mehedy, ¶ [0002]-[0006]).
Claims 2-4, 8, 10-16 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over D’Souza in view of Mehedy and further in view of Bermudez (US 2017/0279807).
Regarding claim 2, D’Souza in view of Mehedy discloses the system of claim 1.
D’Souza in view of Mehedy does not explicitly disclose wherein the request for the secret share comprises a validation token and an encrypted validation token, and wherein each trustee system is further configured to: receive a second key of a validation key pair from the first party system along with the secret share and store the second key of the validation key pair; validate that the request for the secret share was made by the designated third party system by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token; and if the validation token of a validation message matches the decrypted validation token, publish the associated secret share.
However, Bermudez discloses wherein the request for the secret share comprises a validation token and an encrypted validation token (¶ [0046], [0054]), and wherein each trustee system is further configured to: receive a second key of a validation key pair from the first party system along with the secret share and store the second key of the validation key pair (¶ [0065]-[0071]); validate that the request for the secret share was made by the designated third party system by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token (¶ [0069]-[0072]); and if the validation token of a validation message matches the decrypted validation token, publish the associated secret share (¶ [0073]-[0076]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Bermudez’s teaching of authenticating a user using certificate into D’Souza in view of Mehedy in order to verify that the data requestor has the permission to view the data (Bemudez, ¶ [0069]).
Regarding claim 3, D’Souza in view of Mehedy discloses the system of claim 1.
D’Souza in view of Mehedy does not explicitly disclose wherein the request for the secret share comprises an encrypted validation token, and wherein each trustee system is further configured to: receive a second key of a validation key pair from the first party system along with the secret share and store the second key of the validation key pair; receive a validation token from the first party system and store the validation token; validate that the request for the secret share was made by the designated third party system by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token that was received from the first party system.
However, Bermudez discloses wherein the request for the secret share comprises an encrypted validation token, and wherein each trustee system is further configured to: receive a second key of a validation key pair from the first party system along with the secret share and store the second key of the validation key pair (¶ [0065]-[0071]); receive a validation token from the first party system and store the validation token (¶ [0046], [0056], [0069]); validate that the request for the secret share was made by the designated third party system by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token that was received from the first party system(¶ [0069]-[0072]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Bermudez’s teaching of authenticating a user using certificate into D’Souza in view of Mehedy in order to verify that the data requestor has the permission to view the data (Bemudez, ¶ [0069]).
Regarding claim 4, D’Souza in view of Mehedy discloses the system of claim 1.
D’Souza in view of Mehedy does not explicitly disclose wherein each secret share further comprises a share of an identifier associated with the third party system such that the identifier can be derived from the secret share, or wherein each trustee system is further configured: to receive an identifier associated with the third party system from the first party system along with the secret share; and publish the identifier associated with the third party system along with the secret share.
However, Bermudez discloses wherein each secret share further comprises a share of an identifier associated with the third party system such that the identifier can be derived from the secret share, or wherein each trustee system is further configured: to receive an identifier associated with the third party system from the first party system along with the secret share; and publish the identifier associated with the third party system along with the secret share (¶ [0044]-[0046).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Bermudez’s teaching of splitting encryption keys into multiple portions and storing the portions of key in different locations into D’Souza in view of Mehedy for the purpose of security and privacy (Bemudez, ¶ [0003]-[0004], [0013]).
Regarding claim 8, D’Souza in view of Mehedy and Bermudez discloses the system of claim 2, further comprising the first party system, wherein the first party system is configured to encrypt the secret or secret share using the second validation key of the validation key pair, and wherein the key required to decrypt the secret or secret share is the first validation key of the validation key pair (Bermudez, ¶ [0042]-[0043]).
Regarding claim 10, D’Souza in view of Mehedy and Bermudez discloses the system of claim 3, further comprising a first party system, wherein the first party system is further configured to: generate a validation token, transmit the validation token to the plurality of trustee systems: and transmit the validation token to the third party system (Bermudez, ¶ [0042]-[0043], [0046]).
Regarding claim 11, D’Souza in view of Mehedy discloses the system of claim 5.
D’Souza in view of Mehedy does not explicitly disclose wherein the first party system is further configured to select the plurality of trustee systems from a group of available trustee systems, wherein the plurality of trustee systems is a subset of the group of available trustee systems.
However, Bermudez discloses wherein the first party system is further configured to select the plurality of trustee systems from a group of available trustee systems, wherein the plurality of trustee systems is a subset of the group of available trustee systems (¶ [0034]-[0038]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Bermudez’s teaching of splitting encryption keys into multiple portions and storing the portions of key in different locations into D’Souza in view of Mehedy for the purpose of security and privacy (Bemudez, ¶ [0003]-[0004], [0013]).
Regarding claim 12, D’Souza in view of Mehedy and Bermudez discloses the system of claim 2, further comprising a first party system wherein the first party system is further configured to: analyse a published request for the secret share by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token: and if the validation token of the validation message matches the decrypted validation token, determine that the request for the secret share was published by the designated third party system (Bermudez, ¶ [0073]-[0078]).
Regarding claim 13, D’Souza in view of Mehedy and Bermudez discloses the system of claim 3, further comprising a first party system, wherein the first party system is further configured to: analyse the request for the secret share by decrypting the encrypted validation token using the second key of the validation key pair and comparing the decrypted validation token with the validation token held by the first party system, and if the validation token held by the first party system matches the decrypted validation token, determine that the request for the secret share was published by the designated third party system (Bermudez, ¶ [0073]-[0078]).
Regarding claim 14, D’Souza in view of Mehedy discloses the system claim 1, further comprising a third party system, wherein the third party system is configured to: publish the request for the secret share (D’Souza, ¶ [0023], [0030]).
D’Souza in view of Mehedy does not explicitly discloses monitor a plurality of published secret share; validate the secret shares published by the plurality of trustee systems in response to the request for the secret share; reassemble the encrypted secret from the published secret shares; and decrypt the encrypted secret.
However, Bemudez discloses monitor a plurality of published secret shares (¶ [0073]-[0078]); validate the secret shares published by the plurality of trustee systems in response to the request for the secret share (¶0078]); reassemble the encrypted secret from the published secret shares (¶0078]); and decrypt the encrypted secret (¶0078]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Bermudez’s teaching of splitting encryption keys into multiple portions and storing the portions of key in different locations into D’Souza in view of Mehedy for the purpose of security and privacy (Bemudez, ¶ [0003]-[0004], [0013]).
Regarding claim 15, D’Souza in view of Mehedy discloses the system of claim 1, further comprising a third party system, wherein the third party system is configured to: publish the request for the secret share (D’Souza, ¶ [0023], [0030]).
D’Souza in view of Mehedy does not explicitly discloses monitor a plurality of published secret shares; validate the secret shares published by the plurality of trustee systems in response to the request for the secret share; decrypt the encrypted secret share from the published secret shares; and reassemble the secret from the decrypted secret share.
However, Bemudez discloses monitor a plurality of published secret shares (¶ [0073]-[0078]); validate the secret shares published by the plurality of trustee systems in response to the request for the secret share (¶0078]); decrypt the encrypted secret share from the published secret shares (¶0078]); and reassemble the secret from the decrypted secret share (¶0078]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Bermudez’s teaching of splitting encryption keys into multiple portions and storing the portions of key in different locations into D’Souza in view of Mehedy for the purpose of security and privacy (Bemudez, ¶ [0003]-[0004], [0013]).
Regarding claim 16, D’Souza in view of Mehedy and Bemudez discloses the system of claim 14, wherein the third party system is further configured to decrypt the encrypted secret or secret share using a private key of a key pair associated with the third party system or with a first validation key of a validation key pair (D’Souza, ¶ [0030], [0041]; Bemudez, ¶ [0073], [0077]).
Regarding claim 18, D’Souza in view of Mehedy and Bermudez discloses the system of claim 10, further comprising a third party system, wherein the third party system is further configured to validate the secret shares published in response to the request for the secret share by comparing the decrypted second validation token published with the secret shares to a local copy of the second validation token, such that when the decrypted second validation token matches the local copy of the second validation token, the third party system retrieves the associated secret share (Bermudez, ¶ [0054]-[0056]).
Regarding claim 19, D’Souza in view of Mehedy and Bermudez discloses the system of claim 14, wherein each trustee system is further configured to: generate a second validation token (Bermudez, ¶ [0049]-[0055]); encrypt the second validation token using a second validation key of a validation key pair to generate an encrypted second validation token (Bermudez, ¶ [0049]-[0055]); and publish the second validation token and the encrypted second validation token with the secret share (Bermudez, ¶ [0049]-[0055]); and wherein third party system is further configured to: validate the secret shares published in response to the request for the secret share by: decrypting the encrypted second validation token using the first validation key of the validation key pair (Bermudez, ¶ [0073]-[0078]); comparing the decrypted second validation token with the second validation token (Bermudez, ¶ [0073]-[0078]); and retrieving the associated secret share when the decrypted second validation token matches the second validation token (Bermudez, ¶ [0073]-[0078]).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHI D NGUY whose telephone number is (571)270-7311.  The examiner can normally be reached on Monday-Friday 9-5 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/C.D.N/Examiner, Art Unit 2435

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435