Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is a response to an application filed 19/23/2019 wherein claims 9 – 24 are pending and ready for examination.  

Response to Arguments
Applicant’s arguments with respect to claims 9-24 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08/09/2022 has been entered.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 9, 12-17, and 20-24 are rejected under 35 U.S.C. 102(a1) (a2) as being anticipated by Agrawal; Punit, US 9049011 B1, June 2, 2015, hereafter referred to as Agrawal.

           As to Claim 9, Agrawal teaches a decryption method – Agrawal [column 13, lines 66-68] FIG. 8 is flow diagram of an example process for obtaining a private key from a distributed security system.  Here, the claimed ‘decryption method’ is taught by Agrawal as ‘example process’) performed by a computing apparatus including one or more processors and a memory for storing one or more programs executed by the one or more processors – Agrawal [column 17, lines 7-14] FIG. 10 ... a server system, ... one or more redundant processors, ...   memory 1012.  Here, the claimed ‘computing apparatus’ is taught by Agrawal as ‘server system’ which is Security System 102 of Figure 1.  The claimed ‘one or more processors’ is taught by Agrawal as ‘one or more redundant processors’ whereas the claimed ‘memory’ is taught by Agrawal as ‘memory 1012’.  The claimed ‘programs’ is taught by Agrawal at least as ‘video display adapter 1002’), the decryption method comprising:

            generating a partial decryption result for a ciphertext with a public key by performing partial decryption of the ciphertext using a private key share of a user since at ‘[column 6, lines 17-20]’– Agrawal [column 2, lines 58-64] ... The computing resources of security system may use the encrypted blinding factor to compute a product of the encrypted publication private key and the encrypted blinding factor, that remains encrypted with the security system public key and then partially decrypt the product using their assigned security system private key shares.  Here, the claimed ‘generating’ is taught by Agrawal as ‘compute’ whereas the claimed ‘a ciphertext’ is taught by Agrawal as ‘publication private key’ ultimately revealed by the decryption operation.  The claimed ‘public key’ is taught by Agrawal as ‘system public key’.  The claimed ‘partial decryption’ is taught by Agrawal as ‘partially decrypt’ whereas the claimed ‘private key share’ is taught by Agrawal as ‘system private share’ as the requesting user is becomes a resource 103.  The claimed ‘user’ is taught by Agrawal as ‘computer resource’ which uses a subscriber or publisher’s encrypted blinding factor (share) to partially decrypt ciphertext into plaintext);               requesting terminals of one or more other users  – Agrawal [column 16, lines 4 -10]  Upon receiving the request for the publication private key, the delegate of the security system notifies a set of the security system computing resources of the request for the publication private key and provides the encrypted blinding factor.  Here, the claimed ‘requesting’ is taught by Agrawal as ‘notifies’ as the delegate requests computing resources to partially decrypt.  The claimed ‘terminals’ is taught by Agrawal as ‘system computing resources’) to perform partial decryption of the ciphertext to generate partial decryption results – Agrawal [column 14, lines 45-48] The security system computing resources, in response to receiving the notification, create a partial decryption of the stored encrypted publication private key using its security system private key share.  Here, the claimed ‘perform partial decryption’ is taught by Agrawal as ‘create a partial decryption’.  The claimed ‘partial decryption results’ is taught by ‘publication private key’) corresponding to one or more other users' private key shares - Agrawal [column 16, lines 48-52] The computing resource of the security system acting as a delegate obtains the required number of partial decryptions of the product and combines those partial decryptions using threshold cryptography to decrypt and obtain the product (b*p).  Here, the claimed ‘one or more private key shares’ is taught by Agrawal as ‘b*p’ since each subscriber provides the blind share to produce the private key product and as multiplied to the one or more computing resources in the system)
         receiving partial decryption results for the ciphertext using private key shares of the one or more other users– Agrawal [column 14, lines 58-61] Upon completing partial decryption of the stored publication private key, each responding security system computing resource provides the partial decryption to the computing resource of the security system designated as the delegate. Here, the claimed ‘receiving’ is taught by Agrawal as ‘provides’ whereby the results are provided to the designate.  The claimed ‘shares of the one or more other users’ is taught by Agrawal as ‘each responding security system computing resource’ since each resource has the subscriber private blinding factor as a product component and any other subscriber) from the one or more other user terminals - Agrawal [column 4, lines 33-40] ... the subscribers 114-118 may be any type of computing resource that desires to receive encrypted data. For example, a subscriber may be a personal computer, a tablet computer, an eBook reader device, a laptop computer, a desktop computer, a netbook, a personal digital assistant (PDA), a portable gaming device, a wireless communication device, such as a smart phone or mobile handset.  Here, the claimed ‘one or more user terminals’ is taught by Agrawal as ‘a desktop computer, a tablet computer’ as one terminal); and

         generating plaintext for the ciphertext using the generated partial decryption result and the partial decryption results received from the one or more other users - Agrawal [column 15, lines 57-63] …Once the product (b*p) has been decrypted the computing resource of the security system acting as a delegate provides the product to the subscriber, as in 920, and the subscriber receives the product. Finally, the subscriber divides the product (b*p) by the blinding factor (b) to obtain the publication private key (p).  Here, the claimed ‘generating plaintext’ is taught by Agrawal as ‘divides the product (b*p) by the blinding factor (b)’ because the decryption produces the publication private key in plaintext). 

          As to Claim 12, Agrawal teaches the decryption method of claim 9, wherein the ciphertext is a ciphertext generated by evaluating a plurality of ciphertexts encrypted with the public key in an encrypted state - Agrawal ([column 6, lines 34-38] and [column 6, lines 39-41]) since at ‘lines 34-36 … A cryptographic process is blindable if its encryption function E and decryption function D are both homomorphic (i.e., E(a*b)=E(a)*E(b) and D(a*b)=D(a)*D(b)) since at ‘lines 39-41 As noted above the publication private key k stored in the computing resources 103 of the security system 102 is encrypted using the security system public key.  Here, the claimed ‘the ciphertext’ is taught by Agrawal as ‘E(a*B)’ because it is the result or product of the evaluating a plurality of ciphertexts.  The claimed ‘plurality of ciphertexts’ is taught by Agrawal as ‘E(a) and E(b)’ whereas the claimed ‘encrypted state’ is taught by Agrawal as ‘E(a*b)=E(a)*E(b) and D(a*b)=D(a)*D(b)’ because homomorphic encryption operates on encrypted data.  The claimed ‘public key’ is taught by Agrawal as ‘security system public key’).

           As to claim 13 Agrawal teaches the decryption method of claim 12, wherein the plaintext is a result of performing evaluation on plaintexts for the plurality of ciphertexts - Agrawal [column 8, lines 37-45] ... a random blinding factor b.sub.s encrypted using the security system public key, a name N, and/or a non-malleable proof .pi.(b.sub.s, s)... the non-malleable proof illustrates to the receiving computing resource that the subscriber 114 knows the plaintext B.sub.s, along with the ciphertext E(b.sub.s).  Here, the claimed ‘plaintext’ is taught by Argwal as ‘plaintext B.sub.s’.  The claimed ‘plurality of ciphertexts’ is taught by Agrawal as ‘.pi.(b.sub.s, s and E(b.sub.s) ’ whereas the claimed ‘performing evaluation on plaintexts’ is taught by Agrawal as ‘collect…decryptions’).

           As to claim 14 Agrawal teaches the decryption method of claim 12, wherein the ciphertext is a ciphertext generated by adding a plurality of ciphertexts – Agrawal [column 8, ‘lines 50-53] … The delegate, upon receiving the request, forwards the request to the computing resources of the security system 102 and awaits bindings from the names N from a quorum of computing resources 103. Upon receiving bindings from a quorum of computing resources, the delegate selects a set of computing resources.  Here, the claimed ‘the ciphertext’ is taught by Agrawal as ‘blindings’ which are subscriber private key shares distributed by the system to the computer resources 103 encrypted using the system public key. The claimed ‘adding’ and ‘a plurality’ is taught above by Agrawal as ‘a quorum’ because the quorum functions to accumulate private key shares which constitute a plurality) encrypted with the public key in an encrypted state - Agrawal [column 6, ‘lines 39-41] ... the publication private key k stored in the computing resources 103 of the security system 102 is encrypted using the security system public key.  The claimed ‘public key’ is taught by Agrawal as ‘system public key’). 

          As to claim 15, Agrawal teaches the decryption method of claim 14, wherein the plaintext is a result of adding plaintexts for the plurality of ciphertexts – Agrawal [column 14, ‘lines 58-61] Upon completing partial decryption of the stored publication private key, each responding security system computing resource provides the partial decryption to the computing resource of the security system designated as the delegate.  Here, the claimed ‘result’ is taught by Agrawal as ‘partial decryption’.  The claimed ‘plurality of ciphertexts’ is taught by Agrawal as ‘each responding …resource’ because the resources contribute to a plurality of partial decryptions yielding a plurality of ciphertexts added together).   

            As to claim 16, Agrawal teaches the decryption method of claim 15, wherein the generating of the plaintext comprises generating plaintext for the ciphertext by adding the generated partial decryption result - Agrawal [column 15, ‘lines 12-19]…Once the publication private key has been decrypted and re-encrypted with the subscriber public key the computing resource of the security system acting as a delegate provides the encrypted publication private key to the subscriber, as in 822, and the subscriber receives the encrypted publication private key, as in 824. Finally, the subscriber uses the subscriber private key to decrypt and obtain the encrypted publication private key.  Here, the claimed ‘generating plaintext’ is taught by Agrawal as ‘decrypt and obtain’ because the decryption produces the publication private key that renders the requested resource to plaintext) and the partial decryption results received from the one or more other users  – Agrawal [column 14, ‘lines 58-61] Upon completing partial decryption of the stored publication private key, each responding security system computing resource provides the partial decryption to the computing resource of the security system designated as the delegate.  Here, the claimed ‘receiving’ is taught by Agrawal as ‘provides’ whereby the results are provided to the designate.  The claimed ‘shares of the one or more other users’ is taught by Agrawal as ‘each responding security system computing resource’).

           As to claim 17, Agrawal teaches a decryption apparatus – Agrawal [column 2, lines 15-18] FIG. 10 is a pictorial diagram of an illustrative implementation of a security system computing resource implemented as a server system that may be used with the various implementations.  Here, the claimed ‘apparatus’ is taught by Agrawal as ‘security system’ comprising:
            one or more processors – Agrawal [column 17, lines 10-11] ... The computing resource 103 may include a processor 1000, such as one or more redundant processors); a memory – Agrawal [column 2, lines 34-35] The memory 1012 generally comprises random access memory (RAM), read-only memory (ROM), flash memory, and/or other volatile or permanent memory; and one or more programs – Agrawal [column 2, lines 34-35] ... The memory 1012 additionally stores program code and data for providing network services that allow publishers, subscribers, the system management component and other computing resources 103 to exchange information and data files, wherein the one or more programs are stored in the memory and executed by the one or more processors; and the program comprises instructions for:
         generating a partial decryption result for a ciphertext with a public key by performing partial decryption of the ciphertext using a private key share of a user – Agrawal [column 2, lines 58-64] ... The computing resources of security system may use the encrypted blinding factor to compute a product of the encrypted publication private key and the encrypted blinding factor, that remains encrypted with the security system public key and then partially decrypt the product using their assigned security system private key shares.  Here, the claimed ‘generating’ is taught by Agrawal as ‘to compute’ whereas the claimed ‘a ciphertext’ is taught by Agrawal as ‘publication private key’ which is the object of the decryption operation.  The claimed ‘public key’ is taught by Agrawal as ‘system public key’.  The claimed ‘partial decryption’ is taught by Agrawal as ‘partially decrypt’ whereas the claimed ‘private key share’ is taught by Agrawal as ‘encrypted blinding factor’ whereby each resource 103 has a blinding factor of the subscriber as a share.  The claimed ‘user’ is taught by Agrawal as ‘subscriber’ since a user may be any computational element within the system)               requesting terminals of one or more other users to perform partial decryption of the ciphertext to generate partial decryption results corresponding to one or more other users' private key shares – Agrawal [column 13, lines 45-48] The security system computing resources, in response to receiving the notification, create a partial decryption of the stored encrypted publication private key using its security system private key share.  Here, the claimed ‘requesting’ is taught by Agrawal as ‘notification’.  The claimed ‘one or more users’ is taught by ‘computing resources’ since the resources participate in the partial decryption scheme.  The claimed ‘cipher text’ is taught by Agrawal as ‘encrypted publication’ whereas the claimed ‘private key shares’ is taught by Agrawal as ‘system private key shares’),  

         receiving partial decryption results for the ciphertext using private key shares of the one or more other users from the one or more other user terminals – Agrawal [column 14, lines 58-61] Upon completing partial decryption of the stored publication private key, each responding security system computing resource provides the partial decryption to the computing resource of the security system designated as the delegate.  Here, the claimed ‘receiving’ is taught by Agrawal as ‘provides’ whereby the results are provided to the designate.  The claimed ‘shares of the one or more other users’ is taught by Agrawal as ‘each responding security system computing resource’); and

         generating plaintext for the ciphertext using the generated partial decryption result and the partial decryption results received from the one or more other users - Agrawal [column 15, lines 12-19] …Once the publication private key has been decrypted and re-encrypted with the subscriber public key the computing resource of the security system acting as a delegate provides the encrypted publication private key to the subscriber, as in 822, and the subscriber receives the encrypted publication private key ... the subscriber uses the subscriber private key to decrypt and obtain the encrypted publication private key.  Here, the claimed ‘generating plaintext’ is taught by Agrawal as ‘decrypt and obtain’ because the decryption produces the publication private key that renders the requested resource to plaintext). 

           As to claim 20, Agrawal teaches the decryption apparatus of claim 17, wherein the ciphertext is a ciphertext generated by evaluating a plurality of ciphertexts encrypted with the public key in an encrypted state - Agrawal ([column 6, lines 34-38] and [column 6, lines 39-41]) since at ‘lines 34-36 … A cryptographic process is blindable if its encryption function E and decryption function D are both homomorphic (i.e., E(a*b)=E(a)*E(b) and D(a*b)=D(a)*D(b)) since at ‘lines 39-41 As noted above the publication private key k stored in the computing resources 103 of the security system 102 is encrypted using the security system public key.  Here, the claimed ‘the ciphertext’ is taught by Agrawal as ‘E(a*B)’ because it is the result or product of the evaluating a plurality of ciphertexts.  The claimed ‘plurality of ciphertexts’ is taught by Agrawal as ‘E(a) and E(b)’ whereas the claimed ‘encrypted state’ is taught by Agrawal as ‘E(a*b)=E(a)*E(b) and D(a*b)=D(a)*D(b)’ because homomorphic encryption operates on encrypted data.  The claimed ‘public key’ is taught by Agrawal as ‘security system public key’).  

          As to claim 21, Agrawal teaches the decryption apparatus of claim 20, wherein the plaintext is a result of performing evaluation on plaintexts for the plurality of ciphertexts - Agrawal [column 6, lines 35-38]  The computing resources of security system may use the encrypted blinding factor to compute a product of the encrypted publication private key and the encrypted blinding factor, that remains encrypted with the security system public key and then partially decrypt the product using their assigned security system private key shares. Finally, one of the computing resources may collect the partial decryptions and utilize threshold decryption to obtain the product of the publication private key and the blinding factor.  Here, the claimed ‘the plaintext’ is taught by Agrawal as ‘publication private key’ which is the plaintext required to unlock the publication.  The claimed ‘result’ is taught by Agrawal as ‘product’ whereas the claimed ‘performing evaluation on plaintexts’ is taught by Agrawal as ‘collect…decryptions’).
  
          As to claim 22, Agrawal teaches the decryption apparatus of claim 20, wherein the ciphertext is a ciphertext generated by adding a plurality of ciphertexts – Agrawal [column 8, ‘lines 50-53] … The delegate, upon receiving the request, forwards the request to the computing resources of the security system 102 and awaits bindings from the names N from a quorum of computing resources 103. Upon receiving bindings from a quorum of computing resources, the delegate selects a set of computing resources.  Here, the claimed ‘the ciphertext’ is taught by Agrawal as ‘blindings’ which is encrypted metadata. The claimed ‘adding’ and ‘a plurality’ is taught above by Agrawal as ‘a quorum’ because the quorum functions to accumulate private key shares which constitute a plurality) encrypted with the public key in an encrypted state - Agrawal [column 6, ‘lines 39-41] ... the publication private key k stored in the computing resources 103 of the security system 102 is encrypted using the security system public key.  The claimed ‘public key’ is taught by Agrawal as ‘system public key’).  

          As to claim 23, Agrawal teaches the decryption apparatus of claim 22, wherein the plaintext is a result of adding plaintexts for the plurality of ciphertexts – Agrawal [column 14, ‘lines 58-61] Upon completing partial decryption of the stored publication private key, each responding security system computing resource provides the partial decryption to the computing resource of the security system designated as the delegate.  Here, the claimed ‘adding plaintexts’ is taught by Agrawal as ‘provides…partial decryption’ since the partially decrypted ciphertext results in some plaintext.  The claimed ‘plurality of ciphertexts’ is taught by Agrawal as ‘each responding …resource’ because the resources contribute to a plurality of partial decryptions yielding a plurality of ciphertexts added together).   

           As to claim 24, Agrawal teaches the decryption apparatus of claim 23, wherein the generating of the plaintext comprises generating plaintext for the ciphertext by adding the generated partial decryption result - Agrawal [column 15, ‘lines 12-19]…Once the publication private key has been decrypted and re-encrypted with the subscriber public key the computing resource of the security system acting as a delegate provides the encrypted publication private key to the subscriber, as in 822, and the subscriber receives the encrypted publication private key, as in 824. Finally, the subscriber uses the subscriber private key to decrypt and obtain the encrypted publication private key.  Here, the claimed ‘generating plaintext’ is taught by Agrawal as ‘decrypt and obtain’ because the decryption produces the publication private key that renders the requested resource to plaintext) and the partial decryption results received from the one or more other users  – Agrawal [column 14, ‘lines 58-61] Upon completing partial decryption of the stored publication private key, each responding security system computing resource provides the partial decryption to the computing resource of the security system designated as the delegate.  Here, the claimed ‘receiving’ is taught by Agrawal as ‘provides’ whereby the results are provided to the designate.  The claimed ‘shares of the one or more other users’ is taught by Agrawal as ‘each responding security system computing resource’). Page 7 of 12  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 10-11 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Agrawal; Punit, US 9049011 B1, June 2, 2015, hereafter referred to as Agrawal in view of Gehrmann; Christian M, December 21, 2017 hereafter referred to as Gehrmann.

            As to claim 10, Agrawal teaches the decryption method of claim 9.  AGRAWAL DOES NOT TEACH  wherein the public key is generated using a public key share of the user and public key shares of the one or more other users HOWEVER GEHRMANN TEACHES wherein the public key is generated using a public key share of the user and public key shares of the one or more other users – Gehrmann … [0085] At system setup, one or more (e.g., each) CTRL.sub.i within a domain, A, may not be given the key MK.sub.A and may be given a public/secret share of MK.sub.A. The share for unit i may be denoted by S.sub.Ai. The shares may be generated using a secret sharing scheme, such that at least k-units in the domain may pool their shares to derive MK.sub. A.  Here, the claimed ‘the public key’ is taught by Gehrmann as ‘MK.sub. A’ which when decrypted yields the master secret MK.  The claimed ‘a public key share’ is taught by Gehrmann as ‘a public/secret share’ whereas the claimed ‘public key shares’ is taught by Gehrmann as ‘may pool their shares’.  The claimed ‘the user’ is taught by Gehrmann as ‘unit I’ which is a member of Group A.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to leverage a secret sharing scheme using a group public key such as Gehrmann Group sharing scheme.  Agrawal derives the private key using private key shares but does not contemplate the closed environment where groups can share privacy using the public key to derive the master secret unique to the Group. Gehrmann provides Agrawal the capability of generating a public key share of the user and public key shares of the one or more other users.  Leveraging both public/private key pair shares reduces costs and increases flexibility for data security).  
              
             As to claim 11, the combination of Agrawal and Gehrmann teaches the decryption method of claim 10 wherein the public key share of the user is generated using the private key share of the user - Gehrmann [0091] ... At 1035, the CTRL.sub.j and/or the administrator may use a threshold group signature scheme, G(k,n), to generate a private-public key pair, {Pr.sub.A Pk.sub.A}, and n different private-public key share pairs: {Pr.sub.A1,Pk.sub.A1}, {Pr.sub.A2,Pk.sub.A2}, {Pr.sub.An,Pk.sub.An}); and the public key shares of the one or more other users are generated using the private key shares of the one or more other users - Gehrmann [0115] ... the CTRL.sub.n+1 may use a suitable threshold group signature scheme, G(k,n), to generate a new private-public key pair, {Pr′A  b , Pk.sub.A′}, and n+1 private-public key share pairs: {Pr′.sub.A1,Pk′.sub.A1}, {Pr′.sub.A2,Pk′.sub.A2}). Here, the claimed ‘public key share’ is taught by Gehrmann as ‘Pk.subA’ which is a public key of the Administrator which is a user of the system.  The claimed ‘public key shares’ is taught by Gehrmann as ‘private-public key share pairs’ to which each member holds whereas the claimed ‘shares of ...users’ is taught by Gehrmann as ‘n+1 private-public key share pairs’. The rational to combine Gehrmann features to Agrawal in claim 10 apply here in claim 11).            
  
             As to claim 18, Agrawal teaches the decryption apparatus of claim 17, wherein the public key is generated using a public key share of the user and public key shares of the one or more other users HOWEVER GEHRMANN TEACHES wherein the public key is generated using a public key share of the user and public key shares of the one or more other users – Gehrmann … [0085] At system setup, one or more (e.g., each) CTRL.sub.i within a domain, A, may not be given the key MK.sub.A and may be given a public/secret share of MK.sub.A. The share for unit i may be denoted by S.sub.Ai. The shares may be generated using a secret sharing scheme, such that at least k-units in the domain may pool their shares to derive MK.sub. A.  Here, the claimed ‘the public key’ is taught by Gehrmann as ‘MK.sub. A’ which when decrypted yields the master secret MK.  The claimed ‘a public key share’ is taught by Gehrmann as ‘a public/secret share’ whereas the claimed ‘public key shares’ is taught by Gehrmann as ‘may pool their shares’.  The claimed ‘the user’ is taught by Gehrmann as ‘unit I’ which is a member of Group A.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to leverage a secret sharing scheme using a group public key such as Gehrmann Group sharing scheme.  Agrawal derives the private key using private key shares but does not contemplate the closed environment where groups can share privacy using the public key to derive the master secret unique to the Group. Gehrmann provides Agrawal the capability of generating a public key share of the user and public key shares of the one or more other users.  Leveraging both public/private key pair shares reduces costs and increases flexibility for data security).
  
              As to claim 19, the combination of Agrawal and Gehrmann teaches the decryption apparatus of claim 18, wherein the public key share of the user is generated using the private key share of the user - Gehrmann [0091] ... At 1035, the CTRL.sub.j and/or the administrator may use a threshold group signature scheme, G(k,n), to generate a private-public key pair, {Pr.sub.A Pk.sub.A}, and n different private-public key share pairs: {Pr.sub.A1,Pk.sub.A1}, {Pr.sub.A2,Pk.sub.A2}, {Pr.sub.An,Pk.sub.An}); and the public key shares of the one or more other users are generated using the private key shares of the one or more other users - Gehrmann [0115] ... the CTRL.sub.n+1 may use a suitable threshold group signature scheme, G(k,n), to generate a new private-public key pair, {Pr′A  b , Pk.sub.A′}, and n+1 private-public key share pairs: {Pr′.sub.A1,Pk′.sub.A1}, {Pr′.sub.A2,Pk′.sub.A2}). Here, the claimed ‘public key share’ is taught by Gehrmann as ‘Pk.subA’ which is a public key of the Administrator which is a user of the system.  The claimed ‘public key shares’ is taught by Gehrmann as ‘private-public key share pairs’ to which each member holds whereas the claimed ‘shares of ...users’ is taught by Gehrmann as ‘n+1 private-public key share pairs’. The rational to combine Gehrmann features to Agrawal in claim 10 apply here in claim 11).  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 7:00 a.m. to 3:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 249109/16/2022