DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the amendment dated on 07/25/2022.
Claims 1-5, 7-13, 15 and 17-19 have been amended, Claim 20 newly added and all other Claims are previously presented.
Claims 1-20 are submitted for examination.
Claims 1-20 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority
This application filed on September 14, 2020 does not claim any priority.

Response to Arguments
Applicant’s amendment, filed on July 25, 2022, has claims 1-5, 7-13, 15 and 17-19 amended, Claim 20 newly added and all other Claims are previously presented. Among the amended claims, claims 1, 10-11 are independent ones, and thus the amendment necessitates a new ground of rejection.
The prior objection of Claim 10 has been withdrawn in view of the amendment received on July 25, 2022.
Applicant’s remark, filed on July 25, 2022 on top of page 9 regarding, “Beery, as constructed by the Office Action, cannot teach the amended limitations of "wherein the data is received from the second device via one or more intermediary data storage devices without routing the data through a network server" and "sending the partially signed data from the first device to the second device via the one or more intermediary data storage devices without routing the partially signed data through the network server"” has been considered and found persuasive. Applicant’s amendment necessitates a new ground of rejection, accordingly newly cited art by Dolan et al.  (US PUB. # 2020/0389306) discloses, user devices, remote computing devices and trusted computing devices. The trusted computing devices are air-gapped with the user devices and remote computing devices. A data transfer between trusted computing devices and remote computing devices, user computing devices is done utilizing a portable USB device. Particularly Dolan teaches, the trusted computing devices 106 (such as first trusted computing device 106-1, second trusted computing device 106-2, and optional trusted computing device 106-A) are air-gapped computing devices, meaning that they are not networked with any other devices. In such examples, data can be communicated between the remotely located computing device(s) 104 and the trusted computing devices 106 using a mobile storage device, such as a USB drive, or by other suitable means. In examples, an operator shuttles data between the remotely located computing device(s) 104 and the first trusted computing device(s) 106. (Fig. 1A, ¶27). Dolan further teaches, In examples where the trusted computing devices 106 are air-gapped, the remotely located computing device(s) 104 includes a removeable storage interface for providing data onto a mobile storage device that can be transported to and interfaced with the trusted computing device(s) 106 where the trusted computing device(s) 106 also have a mobile storage interface. Data can also be provided using the mobile storage device in reverse from the trusted computing device(s) 106 to the remotely located computing device(s) 104. (¶41). A second encrypted share 120-2, the recovery public encryption key 126, optional public signature key 130, and a customer identifier are provided to the second trusted computing device 106-2. In examples, this data is provided from the remotely located computing device(s) 104 to the trusted computing devices 106 using one or more mobile storage devices, such as a USB drive. (¶51). Beery teaches, the at least one first computing device 210 may sign 303 the received message 202 with the at least one first share 211, and the at least one second computing device 220 may receive 304 the message 212 signed with the at least one first share 211. The at least one second computing device 220 may sign 305 the message 212 signed with the at least one first share 211 with the at least one second share 221. (Figs. 3A-3B, ¶73). Beery teaches, partially signing data and sending the partially singed data to a second device. Dolan teaches, transferring data utilizing a portable USB device between two off-line (air-gapped) devices. Thus a person having an ordinary skill in the art would combined Beery with Dolan to transfer partially singed data with a USB device without passing data through a server. The motivation/suggestion for doing so would be to secure confidential data from malicious user attacking network.
Applicant’s remark, filed on July 25, 2022 on bottom of page 9 regarding combination of Beery and Cheng cannot establish a prima facie case of obviousness against amended claim 1 has been considered. Please see above paragraph 10 for combination of Beery and Dolan clearly teaches the limitation(s).
Applicant’s remark, filed on July 25, 2022 on bottom of page 9 regarding independent claims 10 and 11 has been considered. Please refer to above paragraph 10 for combination of Beery and Dolan clearly teaches the limitation(s). 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be 
negated by the manner in which the invention was made.


Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Beery et al. (US PGPUB. # US 2022/0045867, hereinafter “Beery”, Priority based on PCT application PCT/IL2019/051005, filed on 09/09/2019), and further in view of Cheng et al. (USPGPUB. # US 2018/0367316, hereinafter “Cheng”), and further in view of Dolan et al. (US PGPUB. # US 2020/0389306, hereinafter “Dolan”).

Referring to Claims 1, 10 and 11:
Regarding Claim 1, Beery teaches,
A method for digitally signing data, comprising: 
generating, by a first device of a plurality of devices, at least one first secret share based on a secret key chosen by the first device, (¶39, “The at least one first computing device 210 may generate (e.g., by a processor 105 of a computing device 100 shown in FIG. 1) at least one first share 211 of a cryptographic key, based on a distributed key generation MPC protocol”, /Fig. 3A(301), ¶72, “The at least one first computing device 210 may generate 301 at least one first share 211 of the cryptographic key, based on a distributed key generation MPC protocol”, i.e. first share of a secret key is generated) the plurality of devices including the first device and a second device, (Fig. 2A(210, 220), ¶36, “while a single first computing device 210 and a single second computing device 220 are illustrated in FIGS. 2A-2B, any number of computing devices may similarly apply and therefore hereinafter a plurality of computing devices is described”, i.e. first device and second device of plurality of devices) [wherein the first device is offline at least with respect to the second device]; 
partially signing data by the first device using the at least one first secret share, (¶43, “the at least one first computing device 210 may sign the received message 202 with the at least one first share 211”, Fig. 3A(303), ¶73, “the at least one first computing device 210 may sign 303 the received message 202 with the at least one first share 211”) [wherein the data is received from the second device via one or more intermediary data storage devices without routing the data through a network server]; and 
sending the partially signed data from the first device to the second device (¶43, “The at least one first computing device 210 may send the message 212 signed with the at least one first share 211 to the at least one second computing device 220“, Fig. 3A(304), ¶73, “the at least one second computing device 220 may receive 304 the message 212 signed with the at least one first share 211”) [via the one or more intermediary data storage devices without routing the] partially signed (¶43, “the at least one first computing device 210 may sign the received message 202 with the at least one first share 211”, Fig. 3A(303), ¶73, “the at least one first computing device 210 may sign 303 the received message 202 with the at least one first share 211”) [data through the network server], wherein the signed data is generated using the partially signed data, (¶44, “The at least one second computing device 220 may sign the message 212 signed with the at least one first share 211 with the at least one second share 221”, Fig. 3B(305), ¶73, “The at least one second computing device 220 may sign 305 the message 212 signed with the at least one first share 211 with the at least one second share 221”) wherein the signed data corresponds to a public key, and wherein the public key is generated based on a plurality of secret shares including the at least one first secret share and at least one second secret share. (¶11, “the message signed by the at least one first share and the at least one second share may be validated to correspond to a public cryptographic key of the computer network”, ¶53). 
Beery does not teach explicitly,
[generating, by a first device of a plurality of devices, at least one first secret share based on a secret key chosen by the first device, the plurality of devices including the first device and a second device], wherein the first device is offline at least with respect to the second device; 
[partially signing data by the first device using the at least one first secret share], wherein the data is received from the second device via one or more intermediary data storage devices without routing the data through a network server;
[sending the partially signed data from the first device to the second device] via the one or more intermediary data storage devices without routing the [partially signed] data through the network server, [wherein signed data is generated using the partially signed data, wherein the signed data corresponds to a public key, and wherein the public key is generated based on a plurality of secret shares including the at least one first secret share and at least one second secret share].
However, Cheng teaches,
[generating, by a first device of a plurality of devices, at least one first secret share based on a secret key chosen by the first device, the plurality of devices including the first device and a second device], wherein the first device is offline at least with respect to the second device; (Fig. 2A, ¶82, “A cold wallet (e.g., holding the majority of funds offline), is using an offline (e.g., PCI-e) HSM hosting a SFTS component and a RSA private key used for decrypting a cold wallet master private key retrieved from a portable HSM”, Fig. 4A, ¶87-¶90, Fig. 5B, ¶104, “the client may be an air-gapped desktop, a laptop, a tablet, a smartphone, and/or the like that is executing a client application”, i.e. Examiner submits that Client device  and  HSM are offline).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Cheng with the invention of Beery.
Beery teaches, a first device and second device generating its own key share and partially signing a message with the generated keys. Cheng teaches, client device and server device having an air-gapped communication. Therefore, it would have been obvious to have client device and server device an air-gapped communication of Cheng with a first device and second device generating its own key share and partially signing a message with the generated keys of Beery to secure at least one signing key from a hacker when the hacker is able to hack a device to retrieve the signing key. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 
Combination of Beery and Cheng does not teach explicitly,
[partially signing data by the first device using the at least one first secret share], wherein the data is received from the second device via one or more intermediary data storage devices without routing the data through a network server;
[sending the partially signed data from the first device to the second device] via the one or more intermediary data storage devices without routing the [partially signed data] through the network server, [wherein signed data is generated using the partially signed data, wherein the signed data corresponds to a public key, and wherein the public key is generated based on a plurality of secret shares including the at least one first secret share and at least one second secret share].
However, Dolan taches,
[partially signing data by the first device using the at least one first secret share], wherein the data is received from the second device via one or more intermediary data storage devices without routing the data through a network server; (¶27, “the trusted computing devices 106 (such as first trusted computing device 106-1, second trusted computing device 106-2, and optional trusted computing device 106-A) are air-gapped computing devices, meaning that they are not networked with any other devices. In such examples, data can be communicated between the remotely located computing device(s) 104 and the trusted computing devices 106 using a mobile storage device, such as a USB drive, or by other suitable means”, ¶41, ¶51, “data is provided from the remotely located computing device(s) 104 to the trusted computing devices 106 using one or more mobile storage devices, such as a USB drive”, i.e. data is received via USB drive (intermediary device) without routing through a network server)
[sending the partially signed data from the first device to the second device] via the one or more intermediary data storage devices without routing the [partially signed] data through the network server, (¶27, “the trusted computing devices 106 (such as first trusted computing device 106-1, second trusted computing device 106-2, and optional trusted computing device 106-A) are air-gapped computing devices, meaning that they are not networked with any other devices. In such examples, data can be communicated between the remotely located computing device(s) 104 and the trusted computing devices 106 using a mobile storage device, such as a USB drive, or by other suitable means”, ¶41, ¶51, “data is provided from the remotely located computing device(s) 104 to the trusted computing devices 106 using one or more mobile storage devices, such as a USB drive”, i.e. data is transferred via USB drive (intermediary device) without routing through a network server) [wherein signed data is generated using the partially signed data, wherein the signed data corresponds to a public key, and wherein the public key is generated based on a plurality of secret shares including the at least one first secret share and at least one second secret share].
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Dolan with the invention of Beery in view of Cheng.
Beery in view of Cheng teaches, a first device and second device generating its own key share and partially signing a message with the generated keys where a client device and server device having an air-gapped communication. Dolan teaches, transferring data with a USB drive between air-gapped devices. Therefore, it would have been obvious to transfer data with a USB drive between air-gapped devices of Dolan into the teachings of Beery in view of Cheng to secure confidential data from malicious user attacking network. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 10, it is a non-transitory computer readable medium claim of above method Claim 1 and therefore Claim 10 is rejected with the same rationale as applied against Claim 1 above.

Regarding Claim 11, it is a system claim of above method Claim 1 and therefore Claim 11 is rejected with the same rationale as applied against Claim 1 above.
In addition Beery teaches a processor (Fig. 2(203)) and a memory (Fig. 1(120)).

Referring to Claims 2 and 12:
Regarding Claim 2, rejection of Claim 1 is included and for the same motivation Beery teaches,
The method of claim 1, wherein the data is partially signed by the first device in a single round of interactions with other devices of the plurality of devices. (¶43, “the at least one first computing device 210 may sign the received message 202 with the at least one first share 211”, Fig. 3A(303), ¶73, “the at least one first computing device 210 may sign 303 the received message 202 with the at least one first share 211”, i.e. data is signed by the first share indicates that the data is partially signed by the first device in a single round).

Regarding Claim 12, rejection of Claim 11 is included and Claim 12 is rejected with the same rationale as applied against Claim 2 above.

Referring to Claims 3 and 13:
Regarding Claim 3, rejection of Claim 1 is included and for the same motivation Beery teaches,
The method of claim 1, wherein no portion of the at least one first secret share is revealed to the second device due to a partial signing of the data by the first device, (¶41, ¶43, “the at least one first computing device 210 may sign the received message 202 with the at least one first share 211”, ¶61, “first/second computing device 210, 220 may hold a share of the secret key and the other first/second computing device 210, 220 may hold the other share for combined signing (without revealing each other share of the secret key), Fig. 3A(303), ¶73, “the at least one first computing device 210 may sign 303 the received message 202 with the at least one first share 211”, i.e. data is signed by the first share indicates that the data is partially signed by the first device and first secret share is not revealed to the second device) wherein no portion of the at least one second secret share is revealed to the first device due to a generation of the signed data by the second device. (¶41, ¶44, “The at least one second computing device 220 may sign the message 212 signed with the at least one first share 211 with the at least one second share 221”, Fig. 3B(305), ¶61, “first/second computing device 210, 220 may hold a share of the secret key and the other first/second computing device 210, 220 may hold the other share for combined signing (without revealing each other share of the secret key), ¶73, “The at least one second computing device 220 may sign 305 the message 212 signed with the at least one first share 211 with the at least one second share 221”, ¶11, “the message signed by the at least one first share and the at least one second share may be validated to correspond to a public cryptographic key of the computer network”, ¶53, ¶43, “the at least one second computing device 220 may include at least one processor 203 and at least one server 204, such that the processor 203 and/or the server 204 may generate shares of the cryptographic key and/or sign messages accordingly”, Fig. 3A(302), ¶72, “ the at least one second computing device 220 may generate 302 at least one second share 221 of the cryptographic key, based on the distributed key generation MPC protocol”, i.e. second secret share is generated and the data is signed by the second device indicates that no portion of second secret share is revealed to the first device).

Regarding Claim 13, rejection of Claim 11 is included and Claim 13 is rejected with the same rationale as applied against Claim 3 above.

Referring to Claims 4 and 14:
Regarding Claim 4, rejection of Claim 1 is included and for the same motivation Beery teaches,
The method of claim 1, wherein the at least one second secret share is generated based on a secret key chosen by the second device. (¶3, “the key generation can be done locally using the client's secret key”,  ¶61, ¶43, “the at least one second computing device 220 may include at least one processor 203 and at least one server 204, such that the processor 203 and/or the server 204 may generate shares of the cryptographic key and/or sign messages accordingly”, Fig. 3A(302), ¶72, “ the at least one second computing device 220 may generate 302 at least one second share 221 of the cryptographic key, based on the distributed key generation MPC protocol”).

Regarding Claim 14, rejection of Claim 11 is included and Claim 14 is rejected with the same rationale as applied against Claim 4 above.

Referring to Claims 5 and 15:
Regarding Claim 5, rejection of Claim 1 is included and for the same motivation Beery teaches,
The method of claim 1, wherein the data is partially signed using a digital signature, and wherein the method further comprises: generating the digital signature based on the data, the at least one first secret share, and a value determined via a deterministic key derivation process, wherein the value determined via the deterministic key derivation process is known to each of the plurality of devices. (¶43, “the at least one first computing device 210 may sign the received message 202 with the at least one first share 211”, Fig. 3A(303), ¶73, “the at least one first computing device 210 may sign 303 the received message 202 with the at least one first share 211”, ¶60, “due to utilization of a hierarchical deterministic (HD) property, applied to the MPC protocol. In some embodiments, the HD property may be combined with a rotation property that allows the solution to change the different shares while maintaining the same equivalent private/public key pair”, ¶61-¶62).

Regarding Claim 15, rejection of Claim 11 is included and Claim 15 is rejected with the same rationale as applied against Claim 5 above.

Referring to Claims 6 and 16:
Regarding Claim 6, rejection of Claim 1 is included and for the same motivation Beery does not teach explicitly,
The method of claim 1, wherein the first device is an air-gapped device lacking a network interface.
However, Cheng teaches,
The method of claim 1, wherein the first device is an air-gapped device lacking a network interface. (¶104, “the client may be an air-gapped desktop, a laptop, a tablet, a smartphone, and/or the like that is executing a client application”).

Regarding Claim 16, rejection of Claim 11 is included and Claim 16 is rejected with the same rationale as applied against Claim 6 above.

Referring to Claims 7 and 17:
Regarding Claim 7, rejection of Claim 1 is included and for the same motivation Beery does not teach explicitly,
The method of claim 1, further comprising: storing the at least one first secret share in a hardware security module.
However, Cheng teaches,
The method of claim 1, further comprising: storing the at least one first secret share in a hardware security module. (¶62, “one of the most secure ways) to store information (e.g., crypto keys) securely is inside a FIPS 140-2-certified hardware security module (HSM) appliance that provides tamper-proof storage of sensitive information”, ¶70, “two paired HSMs may be utilized such that a first HSM storing a first master key share receives an encrypted second master key share from a second HSM whose access is controlled by M-of-N authentication policy”, ¶89, “The second HSM's tamper-proof storage (e.g., the second HSM's firmware) may store a master private key (e.g., an ECDSA private key)”).

Regarding Claim 17, rejection of Claim 11 is included and Claim 17 is rejected with the same rationale as applied against Claim 7 above.

Referring to Claims 8 and 18:
Regarding Claim 8, rejection of Claim 1 is included and for the same motivation Beery teaches, ,
The method of claim 1, [wherein the data is received from the second device via at least one first intermediary data storage, wherein] the partially signed]  (¶43, “the at least one first computing device 210 may sign the received message 202 with the at least one first share 211”, Fig. 3A(303), ¶73, “the at least one first computing device 210 may sign 303 the received message 202 with the at least one first share 211”)  [data is sent to the second device via at least one second intermediary data storage].
Combination of Beery and Cheng does not teach explicitly,
The method of claim 1, wherein the data is received from the second device via at least one first intermediary data storage, wherein [the partially signed] data is sent to the second device via at least one second intermediary data storage.
However, Dolan teaches,
The method of claim 1, wherein the data is received from the second device via at least one first intermediary data storage, (¶27, “the trusted computing devices 106 (such as first trusted computing device 106-1, second trusted computing device 106-2, and optional trusted computing device 106-A) are air-gapped computing devices, meaning that they are not networked with any other devices. In such examples, data can be communicated between the remotely located computing device(s) 104 and the trusted computing devices 106 using a mobile storage device, such as a USB drive, or by other suitable means”, ¶41, ¶51, “data is provided from the remotely located computing device(s) 104 to the trusted computing devices 106 using one or more mobile storage devices, such as a USB drive”) wherein [the partially signed] data is sent to the second device via at least one second intermediary data storage. (¶27, “the trusted computing devices 106 (such as first trusted computing device 106-1, second trusted computing device 106-2, and optional trusted computing device 106-A) are air-gapped computing devices, meaning that they are not networked with any other devices. In such examples, data can be communicated between the remotely located computing device(s) 104 and the trusted computing devices 106 using a mobile storage device, such as a USB drive, or by other suitable means”, ¶41, ¶51, “data is provided from the remotely located computing device(s) 104 to the trusted computing devices 106 using one or more mobile storage devices, such as a USB drive”).

Regarding Claim 18, rejection of Claim 11 is included and Claim 18 is rejected with the same rationale as applied against Claim 8 above.

Referring to Claims 9 and 19:
Regarding Claim 9, rejection of Claim 8 is included and for the same motivation combination of Beery and Cheng does not teach explicitly,
The method of claim 8, wherein each of the one or more intermediary data storage devices comprises: an external hard drive, a memory card, or a universal serial bus key. 
However, Dolan teaches,
The method of claim 8, wherein each of the one or more intermediary data storage devices comprises: an external hard drive, a memory card, or a universal serial bus key. (¶27, “the trusted computing devices 106 (such as first trusted computing device 106-1, second trusted computing device 106-2, and optional trusted computing device 106-A) are air-gapped computing devices, meaning that they are not networked with any other devices. In such examples, data can be communicated between the remotely located computing device(s) 104 and the trusted computing devices 106 using a mobile storage device, such as a USB drive, or by other suitable means”, ¶41, ¶51, “data is provided from the remotely located computing device(s) 104 to the trusted computing devices 106 using one or more mobile storage devices, such as a USB drive”).

Regarding Claim 19, rejection of Claim 18 is included and Claim 18 is rejected with the same rationale as applied against Claim 9 above.

Regarding Claim 20, rejection of Claim 1 is included and for the same motivation Beery teaches,
The non-transitory computer readable medium of claim 10, wherein: a partial signing of the data by the first device does not reveal the at least one first secret share to the second device; (¶61, “the first/second computing device 210, 220 may hold a share of the secret key and the other first/second computing device 210, 220 may hold the other share for combined signing (without revealing each other share of the secret key)”, Fig. 3A(303), ¶73, “The at least one first computing device 210 may sign 303 the received message 202 with the at least one first share 211”, i.e. first device does not reveal one first secret share to the second device when signing partially) a generation of the signed data does not reveal the at least one second secret share to the first device. (¶61, “the first/second computing device 210, 220 may hold a share of the secret key and the other first/second computing device 210, 220 may hold the other share for combined signing (without revealing each other share of the secret key)”, Fig. 3B(305), ¶73, “The at least one second computing device 220 may sign 305 the message 212 signed with the at least one first share 211 with the at least one second share 221 ”, i.e. second device does not reveal one second secret share to the first device when signing).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Craige et al. (US PAT. # US 10,903,991) discloses, a method for distributed signature generation functions to restrict information about a private key, such that the private key does not need to exist in the clear outside of key generation. The system and method enables cryptographic signature generation with t of n participants without requiring the signing private key to be in the clear (e.g., reconstituted) for signing.
Patil et al. (US PGPUB. # US 2020/0226332) discloses, an air-gapped system enables the secure transfer and control of digital assets, such as those associated with crypto-currency. The system includes an Integration Server for receiving requests from an application interface, a Central Control Center for verifying the requests received and authorizing the requests using digital signatures, and multiple Distributed Data Centers, each including a cold Data Center Hardware Security Module (DC HSM). These DC HSMs securely store and manage cryptographic keys. Each Data Center also includes an offline Processing Unit coupling its DC HSM to a dedicated Remote Controlled Server. The Remote Controlled Server receives requests from the Integration Server and forwards them to the Processing Unit of a DC HSM using a Near-Field Communication (NFC) Interface between the two. Preferably, the NFC interface is physically shielded to resist side channel attacks.
Smith et al. (US PGPUB. # US 20180123804) discloses, a  method for a distributed security model that may be used to achieve one or more of the following: authenticate system components; securely transport messages between system components; establish a secure communications channel over a constrained link; authenticate message content; authorize actions; and distribute authorizations and configuration data amongst users' system components in a device-as-a-key system.
Rohloff et al. (US PGPUB. # US 2017/0155628) discloses, a method for fast and secure Proxy Re-Encryption (PRE) using key switching. A first user is assigned first encryption and decryption keys and a second user is assigned second encryption and decryption keys. First encrypted data encrypted with the first encryption key may be re-encrypted using a proxy re-encryption key to simultaneously switch encryption keys by adding the second encryption key and cancelling the first encryption key by the first decryption key to transform the first encrypted data encrypted by the first encryption key to second encrypted data encrypted by the second encryption key, without decrypting the underlying data. The second user may be the sole system device that possesses the (e.g., private) second decryption key to decrypt the second encrypted data.
Takeuchi et al. (US PGPUB. # US 2010/0153746) discloses, a secure memory card of the present patent application has a communication unit receiving encryption data and data to be signed; an encryption/decryption unit subjecting arbitrary data to encryption/decryption processing; a checking unit for checking the data to be signed against a signature stored in the encryption data decrypted by the encryption/decryption unit; a determination unit for determining validity of the data to be signed on the basis of a checking result of the checking unit; and a storage unit for storing, as valid data, data other than the signature of the encryption data including the signature when the determination unit determines that the data to be signed are valid.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/           Primary Examiner, Art Unit 2498