DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the application filed on 06/03/2022. Claims 1, 11, and 13 are amended. Claims 19, and 20 are cancelled. Claim 21 newly added. Claims 1-18, and 21 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

                                          EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner's amendment was given via email with Arush Gadkar (Reg. No. 72776) on 09/09/2022. 
 The application has been amended as follows:
Please replace claim 1 with:
Listing of Claims:
1. (Currently Amended) A method comprising:
 receiving a cryptographic request to perform an encryption or a decryption using a data encryption key;
sending, as a requesting device, a share request to at least M-1 devices of N devices in a trusted network, wherein each share of the data encryption key is encrypted using a public key of a corresponding device in the at least M-1 devices;
receiving at least M-1 encrypted shares of the data encryption key from the at least M-1 devices, each encrypted share being generated by the corresponding device in the at least M-1 devices [[,]] by: (i) decrypting a corresponding share using a private key of the corresponding device, and (ii) re-encrypting the corresponding share using a public key of the requesting device;
decrypting the at least M-1 encrypted shares using a private key that is locally-stored;
generating the data encryption key using the at least M-1 decrypted shares and a local share of the requesting device; and 
performing a cryptographic operation on data using the data encryption key, wherein the private key and the public key of the requesting device are generated by:
generating a random number;
selecting the random number as a seed for a key derivation process;
sending the seed to a key generator as one derivation component of a plurality of derivation components, wherein the key generator derives the private key using the plurality of derivation components and derives the public key from the private key;
receiving the private key and the public key from the key generator; and
storing the private key and the public key in a memory of the requesting device.

Please replace claim 6 with:
6. (Currently Amended)	The method of claim 5, wherein the corresponding device:
obtains the certificate of the requesting device upon receiving the share request; 
compares the certificate of the requesting device or the identifier associated with the certificate of the requesting device to the registry of certificates for the N devices in the trusted network; and
locally retrieves the corresponding share requested by the requesting device based on a result of [[the]] a comparison.

Please cancel claim 8.

Please replace claim 11 with:
11. (Currently Amended) A method performed by a computing device, the method comprising:
receiving, from a requesting device in a trusted network, a share request for a share of a data encryption key, the share request comprising a certificate for the requesting device;
comparing the certificate for the requesting device to a registry of certificates for N devices in the trusted network;
determining that the requesting device is trusted based on the comparing;
retrieving a first encrypted local share of the data encryption key from a memory of the computing device, the first encrypted local share of the data encryption key being encrypted using a local public key of the computing device;
decrypting the first encrypted local share using a local private key of the computing device to obtain a local share;
re-encrypting the local share using a public key of the requesting device to obtain a second encrypted local share; and
sending the second encrypted local share to the requesting device, wherein the requesting device generates the data encryption key from M of N shares and uses the data encryption key to perform a cryptographic operation, wherein the local private key and the local public key are generated by:
generating, by an operating system of the computing device, a random number;
	selecting the random number as a seed for a key derivation process;
selecting the random number as a seed for a key derivation process;
obtaining a network address of the computing device;
obtaining a service secret from a key generator;
encrypting the service secret;
sending the seed, the network address of the computing device, and the encrypted service secret to the key generator as derivation components, wherein the key generator derives the local private key from the derivation components and derives the local public key from the local private key;
receiving the local private key and the local public key from the key generator; and
storing the local private key and the local public key in the memory of the computing device.

Please cancel claim 13.
Please replace claim 14 with:
14. (Currently Amended) The method of claim [[13]] 11, wherein decrypting the local share comprises:
retrieving the local private key from the memory of the computing device; and
decrypting the local share using the local private key.

Please replace claim 17 with:
17. (Currently Amended) A method performed by a computing device, the method comprising:
receiving a command for creating N shares of a data encryption key;
creating the data encryption key;
determining N;
splitting the data encryption key into N shares in an M-of-N secret sharing scheme;
determining N public keys for N devices;
encrypting the N shares using the N public keys of the N devices;
sending N-1 encrypted shares to N-1 devices; and
storing a local encrypted share in a memory of the computing device, wherein each of the N devices comprises a local public key and a local private key generated by:
generating, by an operating system of the computing device, a random number;
selecting the random number as a seed for a key derivation process;
obtaining a network address of the computing device;
obtaining a service secret from a key generator;
encrypting the service secret;
sending the seed, the network address of the computing device, and the encrypted service secret to the key generator as derivation components, wherein the key generator derives the local private key from the derivation components and derives the local public key from the local private key;
receiving the local private key and the local public key from the key generator; and
storing the local private key and the local public key in the memory of the computing device.

Please cancel claim 21.

Allowable Subject Matter
Claims 1-7, 9-12, and 14-17 are allowed.
The following is an examiner’s statement of reasons for allowance:
The present invention is relating to Systems and methods for secure peer-to-peer communications are described. Devices registered into trusted network may be capable of establishing a shared data encryption key (DEK). In embodiments, each device may be configured to obtain a share of a data encryption key (DEKi) that can be stored locally. The shares may be shares in an M of N Secret Sharing Scheme. This may involve a network that includes an integer, N, devices, and in which M devices may share a secret (i.e. the DEK) during communications, M being an integer less than or equal to N. To obtain the entire DEK during encryption/decryption, a requesting device may send requests to M of N devices for their shares of the DEK. Once M shares are obtained, they may be used generate the DEK for encrypting/decrypting data between the devices.
Regarding claim 1, although the prior art of record teaches receiving a cryptographic request to perform an encryption or a decryption using a data encryption key; sending, as a requesting device, a share request to at least M-1 devices of N devices in a trusted network, wherein each share of the data encryption key is encrypted using a public key of a corresponding device in the at least M-1 devices; receiving at least M-1 encrypted shares of the data encryption key from the at least M-1 devices, each encrypted share being generated by the corresponding device in the at least M-1 devices by: (i) decrypting a corresponding share using a private key of the corresponding device, and (ii) re-encrypting the corresponding share using a public key of the requesting device; decrypting the at least M-1 encrypted shares using a private key that is locally-stored; generating the data encryption key using the at least M-1 decrypted shares and a local share of the requesting device; and  performing a cryptographic operation on data using the data encryption key.
None of the prior art, alone or in combination teaches wherein the local private key and the local public key are generated by: generating, by an operating system of the computing device, a random number; selecting the random number as a seed for a key derivation process; selecting the random number as a seed for a key derivation process; obtaining a network address of the computing device; obtaining a service secret from a key generator; encrypting the service secret; sending the seed, the network address of the computing device, and the encrypted service secret to the key generator as derivation components, wherein the key generator derives the local private key from the derivation components and derives the local public key from the local private key; receiving the local private key and the local public key from the key generator; and storing the local private key and the local public key in the memory of the computing device  in view of the other limitations of claim 1.
Regarding claim 11, although the prior art of record teaches receiving, from a requesting device in a trusted network, a share request for a share of a data encryption key, the share request comprising a certificate for the requesting device; comparing the certificate for the requesting device to a registry of certificates for N devices in the trusted network; determining that the requesting device is trusted based on the comparing; retrieving a first encrypted local share of the data encryption key from a memory of the computing device, the first encrypted local share of the data encryption key being encrypted using a local public key of the computing device; decrypting the first encrypted local share using a local private key of the computing device to obtain a local share; re-encrypting the local share using a public key of the requesting device to obtain a second encrypted local share; and sending the second encrypted local share to the requesting device, wherein the requesting device generates the data encryption key from M of N shares and uses the data encryption key to perform a cryptographic operation.
None of the prior art, alone or in combination teaches wherein the local private key and the local public key are generated by: generating, by an operating system of the computing device, a random number; selecting the random number as a seed for a key derivation process; selecting the random number as a seed for a key derivation process; obtaining a network address of the computing device; obtaining a service secret from a key generator; encrypting the service secret; sending the seed, the network address of the computing device, and the encrypted service secret to the key generator as derivation components, wherein the key generator derives the local private key from the derivation components and derives the local public key from the local private key; receiving the local private key and the local public key from the key generator; and storing the local private key and the local public key in the memory of the computing device  in view of the other limitations of claim 11.
Regarding claim 17, although the prior art of record teaches receiving a command for creating N shares of a data encryption key; creating the data encryption key; determining N; splitting the data encryption key into N shares in an M-of-N secret sharing scheme; determining N public keys for N devices; encrypting the N shares using the N public keys of the N devices; sending N-1 encrypted shares to N-1 devices ; and storing a local encrypted share in a  memory of the computing device.
None of the prior art, alone or in combination teaches wherein the local private key and the local public key are generated by: generating, by an operating system of the computing device, a random number; selecting the random number as a seed for a key derivation process; selecting the random number as a seed for a key derivation process; obtaining a network address of the computing device; obtaining a service secret from a key generator; encrypting the service secret; sending the seed, the network address of the computing device, and the encrypted service secret to the key generator as derivation components, wherein the key generator derives the local private key from the derivation components and derives the local public key from the local private key; receiving the local private key and the local public key from the key generator; and storing the local private key and the local public key in the memory of the computing device  in view of the other limitations of claim 17.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496