Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8/16/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claims 4 and 12 objected to because of the following informalities:
Claims 4, 12: “HSM” is an abbreviation that should be defined in that claims prior to use. Examiner suggests replacing instances of “HSM” in claims 4 and 12 with “Hardware Security Modules (HSMs)” as is defined in the instant specification at [0006].
Claim 12: “controlled by the each validator entity” should read “controlled by each validator entity”
Appropriate correction is required.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-11 and 18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

The term “sufficient” in claims 1 and 3 is a relative term which renders the claim indefinite. The term is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention.

Claims 1 and 7 recite the limitation "the blockchain.”  There is insufficient antecedent basis for this limitation in the claims. For purposes of examination, it is assumed, “the blockchain,” refers to the “authoritative blockchain,” recited earlier in both claims.

Claim 2 recites the limitation "each shard manager" in lines 5, 9 and 11.  There is insufficient antecedent basis for this limitation in the claim. The term “each” refers to a plurality or multiplicity of shard managers, but claim 1 only recites “a shard manager.” For examination purposes, the limitation “a shard manager” recited in claim 1 is interpreted as meaning, “a shard manager of a plurality of shard managers of the blockchain.”

Claims 3-4 recite the limitation "providing the public key” in the preamble.  There is insufficient antecedent basis for this limitation in the claim. It cannot be determined whether the limitation refers to the “public key of the recipient public/private key pair” or the “public key of a public/private key pair” used to encrypt each shard. For examination purposes, “providing the public key” is being interpreted as referring to the “public key of the recipient public/private key pair.”

Claim 10 recites the limitation "the retrieval transaction" in line 1.  There is insufficient antecedent basis for this limitation in the claim. No prior recitation of a “retrieval transaction” is made in claim 10. Claim 10 depends upon claim 7, which also does not recite a “retrieval transaction.” For examination purposes, it is assumed the “retrieval transaction” referred to by claim 10 is the “retrieval transaction” of claim 9.

Claims 5-6, 8-9, and 11 fall together accordingly. 

Claim 18 recites the limitation "the user" in line 7.  There is insufficient antecedent basis for this limitation in the claim. There is no prior mention of “a user” in any of claims 12-18.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.



Claim(s) 1, 7, 8, 10 and 11 is/are rejected under 35 U.S.C. 102(a)(2) as anticipated by Xu et al. (US-PGPUB 2020/0358600 A1), hereinafter Xu.

	Regarding claim 1, Xu discloses a method of storing secret data on an authoritative blockchain, the method comprising: 
receiving a plurality of shards of secret data from a user, the plurality of shards being sufficient to construct the secret data; ([0059] “in Block 830, U-owner can run a public verifiable secret sharing scheme to divide dek into n pieces ( deki, . . . dekn) for key preparation and access policy preparation prior to storage in the distributed ledger… in Block 840, Uowner can then select another integer t such that any t pieces can rebuild dek, where t ≤ n.”)
encrypting each shard of the plurality of shards with a public key of a public/private key pair to create a ciphertext of the shard, ([0061] “For each device di in the Decentralized Ledger based Access Control Component, Uowner encrypts deki using di's public key pkdi…”)
 wherein each corresponding private key is known to a shard manager of the blockchain and not known to the user; ([0059] “there are n devices in the decentralized ledger-based access control component, and each participant is equipped with a public/private key pair…”)
and storing each ciphertext on the authoritative blockchain via a transaction submitted to the authoritative blockchain. ([0061] “…and sends the result cipher-text to the Decentralized Ledger based Access Control Component to store in the ledger. All hash values of partial keys are also uploaded to the Decentralized Ledger based Access Control Component and stored on the ledger.”).
It is noted, the “n devices” are the participant nodes of the blockchain, which is interpreted as being analogous to the hardware security modules, hereinafter HSMs, or the shard managers of the authoritative blockchain of the present invention.
	
	Regarding claim 7 discloses a method of storing an external secret on an authoritative blockchain, the method comprising: 
generating an import public/private key pair; (Xu, [0059] “there are n devices in the decentralized ledger-based access control component, and each participant is equipped with a public/private key pair…”) 
receiving, by the blockchain, an import transaction comprising secret data encrypted with the public key of the import public/private key pair; (Xu, [0061] “…and sends the result cipher-text to the Decentralized Ledger based Access Control Component to store in the ledger.”).
and adding the import transaction to the blockchain. (Xu, [0061] “All hash values of partial keys are also uploaded to the Decentralized Ledger based Access Control Component and stored on the ledger.”). 

	Regarding claim 8, Xu discloses the method of claim 7 as set forth above, and further comprising, prior to the step of adding the import transaction to the blockchain, 
verifying, by a plurality of computerized validator nodes associated with the authoritative blockchain, the encrypted secret using the private key of the import public/private key pair.  (Xu, [0073] “…detection of faulty nodes. This can be achieved by having the data owner generate a key proof at the time of encryption that can be used by individual nodes to verify if key fragment is correct… during key reconstruction random selection of leader peer for partial key validation without knowledge of peer and key fragment pair information it receives…”)

	Regarding claim 10, Xu discloses the method of claim 7 as set forth above, and wherein the retrieval transaction is generated in response to an approval to retrieve the secret data from the authoritative blockchain by a quorum of users. (Xu, [0063] “The request includes the identity of data, and a ring signature… Members that are involved in the ring signature can come from the access control list attached to data.”)

	Regarding claim 11, Xu discloses the method of claim 10 as set forth above, further comprising: 
receiving, by the authoritative blockchain, an approval transaction from each of the quorum of users, the approval transaction identifying the secret data. (Xu, [0063] “The request includes the identity of data, and a ring signature… Members that are involved in the ring signature can come from the access control list attached to data.”)

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 2-6 is/are rejected under 35 U.S.C. 102(a)(2) as anticipated by or, in the alternative, under 35 U.S.C. 103 as obvious over Xu in view of Martin et al. (US-PGPUB 2019/0318356 A1).

	Regarding claim 2, Xu discloses the method of claim 1 as set forth above, and 
on a destination computing device, creating a recipient public/private key pair; providing a public key of the recipient public/private key pair to the authoritative blockchain; (Xu, [0063] “A user urqst can submit a request to access data to the Decentralized Ledger based Access Control Component through the Client Component. The request includes the identity of data, and a ring signature on a randomly selected public key pktemp. The user urqst can keep corresponding private key sktemp locally.”)
decrypting, by each shard manager and using the private key of the public/private key pair of the shard manager, a ciphertext of the secret data that was generated using the corresponding public key of the public/private key pair of the shard manager and a shard of the secret data to obtain the shard of the secret data; (Xu, [0061] “…Uowner encrypts deki using di's public key pkdi and sends the result cipher-text…”; [0065] “the device di can encrypt its share of the original AES key dek”)
encrypting, by each shard manager and with the public key of the recipient public/private key pair, the shard of the secret data; (Xu, [0065] “Each d, verifies the validity of the ring signature first. If it is valid, the device di, can encrypt its share of the original AES key dek using the newly provided random public key pktemp”)
and providing, by each shard manager to the destination computing device, the shard of the secret data encrypted with the public key of the recipient public/private key pair. (Xu, [0067] “The user urqst decrypts received partial key pieces using sktemp, and leveraging hash information stored on the ledger to check whether the partial key is correct.”). 
In order for device di to have access to the share of the original AES key dek, it must have used its private key to decrypt the encrypted share received from uowner, as it was encrypted by the public key distributed to uowner from device di. Although Xu does not explicitly disclose the decrypting, the step must necessarily be present for the invention to be operable. If the decryption step was not present, the cipher-text generated by encrypting the original AES key share would be retrieved by urqst, which would have no way to decrypt it since only device di has possession of the private key needed to decrypt the cipher-text of the encrypted key share.

In the event that the 102(a)(2) anticipation rejection over Xu is overcome, Martin teaches 
decrypting, by each shard manager and using the private key of the public/private key pair of the shard manager, a ciphertext of the secret data that was generated using the corresponding public key of the public/private key pair of the shard manager and a shard of the secret data to obtain the shard of the secret data; (Martin, S730, [0109] “Determining the alpha shards can include: decrypting the alpha shards using the secondary encryption keys, calculating the alpha shards from the beta shards, or otherwise determination the alpha shards.”).
Martin is directed to storing a cryptocurrency private key offline. The difference between the invention of the present disclosure and the prior art is that Martin teaches storing the secret data shards offline, or off a blockchain environment. However, the process of splitting the secret data into shards and distributing them to various devices of a secure computing system is analogous to the same for devices of a blockchain. Further, the systems and methods taught by Martin are disclosed as being used for enhancing security for a blockchain system. Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xu to incorporate the teachings of Martin to include the decrypting step set forth above. Such modification(s) would be motivated to recover the original data shard that was encrypted prior to sending to be stored in the blockchain. Xu, [0109]

	Regarding claim 3, Xu discloses the method of claim 2, and wherein providing the public key to the authoritative blockchain comprises: 
receiving authentication data for a known user of the authoritative blockchain sufficient to register the public key with the blockchain (Xu, “The request includes the identity of data, and a ring signature on a randomly selected public key pktemp”)
and thereby make the public key available for use by one or more security hardware modules that approve transactions on the authoritative blockchain. 
It is noted, the language following “thereby,” is an intended result of the prior recited process limitation of “receiving,” and is therefore non-limiting. See MPEP 2111.04(I). The prior art does not need to explicitly teach the intended result.

	Regarding claim 4, Xu discloses the method of claim 2, and wherein providing the public key to the authoritative blockchain comprises 
providing the public key to one or more HSMs in an approved transaction submitted for inclusion on the blockchain.  (Xu, [0065] “Each d, verifies the validity of the ring signature first. If it is valid, the device di, can encrypt its share of the original AES key dek using the newly provided random public key pktemp”).
 
	Regarding claim 5, Xu discloses the method of claim 2 as set forth above, further comprising, by the destination computing device: 
receiving, from each shard manager, the shard of the secret data generated by the shard manager by encrypting the shard of the secret data with the public key of the recipient public/private key pair; (Xu, [0067] “…received partial key pieces…”)
decrypting each shard received from the each shard manager to obtain a shard of the secret data; (Xu, [0067] “The user urqst decrypts received partial key pieces using sktemp, and leveraging hash information stored on the ledger to check whether the partial key is correct.”)
and combining all shards of the secret data to generate the secret data. (Xu, [0053] “…a key splitting/reconstruction module 412 can split a symmetric key into multiple pieces (partial keys) and reconstruct the original symmetric key from a subset or all partial keys. This module is also able to verify whether a partial key is valid.”). 

	Regarding claim 6, Xu discloses the method of claim 1 as set forth above. 
Xu fails to disclose decrypting, by each shard manager and using the private key of the public/private key pair of the shard manager, a ciphertext of the secret data that was generated using the corresponding public key of the public/private key pair of the shard manager and a shard of the secret data to obtain the shard of the secret data; 21031442-00051OUS 
combining, by a computerized management system of the authoritative blockchain, the shards of the secret data decrypted by the shard managers to generate the secret data; 
and using the secret data, signing a transaction on behalf of the user. 

Martin teaches decrypting, by each shard manager and using the private key of the public/private key pair of the shard manager, a ciphertext of the secret data that was generated using the corresponding public key of the public/private key pair of the shard manager and a shard of the secret data to obtain the shard of the secret data; 21031442-00051OUS (Martin, S730, [0109] “…decrypting the alpha shards using the secondary encryption keys.”; [0110] “S730 is preferably performed by the key holder interfaces ( or user devices), but can alternatively be performed by the secure computing system or by any suitable system…”)
combining, by a computerized management system of the authoritative blockchain, the shards of the secret data decrypted by the shard managers to generate the secret data; (Martin, S740, [0118] “Reconstructing the encrypted information (e.g., encrypted cryptocurrency private key) by recombining the regenerated alpha shards S740 functions to piece together the information (e.g., encrypted cryptocurrency private key) from all or a subset (Nor more) of the alpha shards… S740 is preferably performed by the secure computing system, but can alternatively be performed in a remote system (e.g., at an aggregation user device).”)
and using the secret data, signing a transaction on behalf of the user. (Martin, S770, [0121] “Signing the transaction with the cryptocurrency private key S770 functions to authorize asset removal from the identified cryptocurrency address.”).
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xu to incorporate the teachings of Martin to include the decrypting, the combining and the using steps set forth above. Such modifications would be motivated to retrieve the original secret data.

	Regarding claim 9, Xu discloses the method of claim 7 as set forth above, further comprising: 
receiving, by the authoritative blockchain from a requestor, a retrieval transaction specifying the secret data is to be retrieved; (Xu, [0063] “A user urqst can submit a request to access data to the Decentralized Ledger based Access Control Component through the Client Component. The request includes the identity of data, and a ring signature on a randomly selected public key pktemp. The user urqst can keep corresponding private key sktemp locally.”)
decrypting, by a secure hardware module of the authoritative blockchain and using the private key of the import public/private key pair, the encrypted secret (Xu, [0061] “…Uowner encrypts deki using di's public key pkdi and sends the result cipher-text…”; [0065] “the device di can encrypt its share of the original AES key dek”)
encrypting the secret data with a public key of a secure digital vault to which the secret data is to be provided according to the retrieval transaction; (Xu, [0065] “Each d, verifies the validity of the ring signature first. If it is valid, the device di, can encrypt its share of the original AES key dek using the newly provided random public key pktemp”)
and providing the secret data encrypted with the public key of the secure digital vault to the requestor or to the secure digital vault. (Xu, [0067] “The user urqst decrypts received partial key pieces using sktemp, and leveraging hash information stored on the ledger to check whether the partial key is correct.”).
The steps of claim 9 are similar to those of claim 2. The decrypting of a single shard is analogous to decrypting a single encrypted secret. Therefore, for the reasons outline in the rejection for claim 2 above, the decrypting step is necessarily present in Xu.
In the event the 102(a)(2) for claim 9 is overcome, Martin teaches decrypting, by a secure hardware module of the authoritative blockchain and using the private key of the import public/private key pair, the encrypted secret; (Martin, S730, [0109] “Determining the alpha shards can include: decrypting the alpha shards using the secondary encryption keys, calculating the alpha shards from the beta shards, or otherwise determination the alpha shards.”).
As stated before, the decrypting of a single shard is analogous to decrypting a single encrypted secret. Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xu to incorporate the teachings of Martin to include decrypting, by a secure hardware module of the authoritative blockchain and using the private key of the import public/private key pair, the encrypted secret. Such modifications would be motivated to retrieve the original secret data.



Claims 12-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Xu in view of Mahajan et al. (US Patent No. 10,810,167 B1).

	Regarding claim 12, Xu discloses a system for implementing an authoritative blockchain, comprising: 
a plurality of groups of HSMs, each group comprising one or more HSMs, (Xu, 415-420, [0051] “n access control component 420 that can be associated with the decentralized ledger 415.”) 
a plurality of instructions encoded in each HSM in each group of HSMs that govern operation of the HSMs and specify criteria for use of data stored on the authoritative blockchain, (Xu, 423, [0055] “access control policy module 423, which can check whether a data access request is valid or not”)
wherein each validator entity is unable to access secret data stored according to the plurality of instructions on the respective HSMs operated and controlled by the each validator entity.  (Xu, [0073] “during key reconstruction random selection of leader peer for partial key validation without knowledge of peer and key fragment pair information it receives…”)
However, Xu fails to disclose each group operated and controlled by an independent validator entity, wherein each validator entity is separate and distinct from each other validator entity. 

Mahajan teaches each group operated and controlled by an independent validator entity, (Xu, [0073] “leader peer”) wherein each validator entity is separate and distinct from each other validator entity; (Mahajan, 306, Col. 10 ln. 38-48, “endorsement node”) 
Mahajan is directed to a permissioned-based blockchain system wherein nodes of the blockchain comprise a consensus network for verifying transactions. The difference between the invention of the present disclosure and the prior art is that Mahajan does not teach splitting secret data into shards. Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Xu to incorporate the teachings of Mahajan to include each group operated and controlled by an independent validator entity, wherein each validator entity is separate and distinct from each other validator entity. Such modification(s) would be motivated to enforce access control. Mahajan, Col. 10 ln. 38-39.

	Regarding claim 13, Xu in view of Mahajan discloses the system of claim 12 as set forth above, wherein each HSM is configured to store a secret data by: 
receiving a shard of secret data encrypted with a public key corresponding to a private key of the HSM; and storing the shard of secret data encrypted with the public key on the authoritative blockchain via a transaction submitted to the authoritative blockchain.  (Xu, [0061] “uowner encrypts dek_i using di's public key pkdi and sends the result cipher-text to the Decentralized Ledger based Access Control Component to store in the ledger.”)

	Regarding claim 14, Xu in view of Mahajan discloses the system of claim 13 as set forth above, wherein the secret data cannot be reconstructed from fewer than a predefined quorum of shards.  (Xu, [0059] “in Block 840, Uowner can then select another integer t such that any t pieces can rebuild dek, where t ≤ n.”)

	Regarding claim 15, Xu in view of Mahajan discloses the system of claim 14 as set forth above, wherein no shard of the secret data is encrypted with the same public key as any other shard of the secret data.  (Xu, [0061] “For each device di in the Decentralized Ledger based Access Control Component, Uowner encrypts deki using di's public key pkdi…”)

	Regarding claim 16, Xu in view of Mahajan discloses the system of claim 13 as set forth above, wherein each group of HSMs provides high-availability redundancy to each other group of HSMs. (Mahajan, Col. 3 ln. 15-19, “An entity can have multiple roles 15 (e.g., consensus and commit, commit and endorse, or consensus and endorse). An entity can change roles over time. In some embodiments, entities that endorse can assign roles to other entities.”)
	The ability for nodes to have various roles that may change over time can be understood to give redundancy to the system. This is similar to what the applicant describes in [0016] of the instant specification. 
	
	Regarding claim 17, Xu in view of Mahajan disclose the system of claim 13 as set forth above, wherein, within each group of HSMs, one or more HSMs provides high-availability redundancy to at least one other HSM in the same group. (Xu, [0073] “…the key fragment verification can be achieved if system can tolerate random exposure to a single additional node.”) 

Regarding claim 18, Xu in view of Mahajan disclose the system of claim 12 as set forth above, wherein: 
each HSM is further configured to decrypt, using the private key of the each HSM, a ciphertext of the secret data that was generated using the corresponding public key of the public/private key pair of the HSM and a shard of the secret data to obtain the shard of the secret data; (Xu, [0061] “…Uowner encrypts deki using di's public key pkdi and sends the result cipher-text…”; [0065] “the device di can encrypt its share of the original AES key dek”)
and a computerized management system of the authoritative blockchain is configured to combine the shards of the secret data decrypted by the HSMs to generate the secret data (Xu, 410, [0053] “and a key splitting/reconstruction module 412 can split a symmetric key into multiple pieces (partial keys) and reconstruct the original symmetric key from a subset or all partial keys”)
and to sign a transaction on behalf of the user after receiving an instruction to do so from the user and verifying the instruction is valid and originates from the user. (Xu, [0053] “An access request generation module 414, can generate an access request in a privacy preserving way, i.e., the client does not need to disclose its own identity in the request.”)

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Law et al. (WO 2020/123926 A1) – Regarding a distributed computing system used to form a login network to perform an action for a user, using private data.
Li et al. (US-PGPUB 2022/0247573 A1) – Regarding a digital signature generation method and apparatus.
Raman, Ravi Kiran, and Lav R. Varshney. "Distributed storage meets secret sharing on the blockchain." 2018 information theory and applications workshop (ITA). IEEE, 2018.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA NEIL GONZALES whose telephone number is (571)272-0286. The examiner can normally be reached 10:00 AM-8:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/J.N.G./Examiner, Art Unit 2496                                                                                                                                                                                                        
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496