DETAILED ACTION
This office action is in response to applicant’s RCE amendment filed on 08/18/2022, which has an effective filing date of 10/30/2019.  Claims 1-2, 4, 9, 11-12, 14, 16-17, and 21 have been amended.  Claims 1-18 and 20-21 are pending and are directed towards apparatus, method, and computer product for Threshold-Based Override of Data Privacy Using Distributed Ledgers and Key Shares.  This is second Non-Final action.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
1.	Applicant’s arguments filed 08/18/2022 have been fully considered.
A) Applicant’s arguments, with respect to the 103 rejection of claims 1, 11, and 16, that Sandberg-Maitland fails to teach “two-rounds of data encryption, such that (i) a first, inner key encrypts the user data as part of a first data encryption to "generate partially encrypted data," and then (ii) a second, outer key encrypts the25 result  the first encryption (e.g., the "partially encrypted data") as part of a second data encryption” and that “Sandberg-Maitland et al. teaches encrypting data once using a DEK key that has been encrypted by a KEK key one or more times” (page 9 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
B) Applicant’s arguments, with respect to the 103 rejection of claims 1, 11, and 16, that Sandberg-Maitland fails to teach “wherein the inner key comprises a secret key known to the user device and the service provider” and that “the DEK keys are only known to the peers (e.g., voters) and not to the service provider” (page 10 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
C) Applicant’s arguments, with respect to the 103 rejection of claims 1, 11, and 16, that Sandberg-Maitland and Jacobs fail to teach all the limitations recited in the currently amended independent claims (page 11 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
D) Applicant’s arguments, with respect to the 103 rejection of claims 4 and 14, that Sandberg-Maitland fails to teach “the service provider initiates the request to reconstruct the outer key in response to one or more of: the user violating a legal requirement of a legal authority and the use breaching one or more terms of the agreement with the service provider” and that “the "peers" of Sandberg Maitland et al. are more analogous to the claimed "voters" and do not correspond to a service provider” (page 12 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
E) Applicant’s arguments, with respect to the 103 rejection of claim 9, that Ramachandran fails to teach “the encrypted data of the user is stored (i) as part of the agreement in the distributed ledger” and that “the hash function described in par. 0051 is used to authenticate communications. ... Upon receipt of the message (or subpart), the receiver calculates a hash value using the received message and compares that hash value to the received hash value. If the hash values match, the message or subpart is valid” (page 12-13 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
F) Applicant’s arguments, with respect to the 103 rejection of claim 21, that Sandberg-Maitland fail and Levy fail to teach “the service provider initiates the request to reconstruct the outer key” and that “the "peers" of Sandberg Maitland et al. are more analogous to the claimed "voters" and do not correspond to a service provider” (page 13-14 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
Claim Objections
2.	Claim 1, 11, and 16 is objected to because of the following informalities:  
A.	Claim 1, line 20, recites “satisfies satisfying” when it should remove the word “satisfies”.  Claims 11 (on line 23) and 16 (on line 23) are also objected for same reason.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
4.	Claims 1, 3, 5-6, 10-11, 13, 16, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Sandberg-Maitland et al. (US Pub. 2019/0305938), hereinafter Sandberg-Maitland, filed on Dec. 31, 2018 in view of Wood et al. (US Pub. 2019/0065764), hereinafter Wood, filed Aug. 31, 2018 and Poffenbarger (US Pub. 2017/0012945) filed Oct. 29, 2015.
	Regarding claim 1, Sandberg-Maitland teaches a method, comprising: 
Sandberg-Maitland does not teach creating, by at least one processing device of a service provider, an agreement between the service provider and a user employing a user device, wherein at least a portion of data related to the agreement is maintained on a distributed ledger, 
Wood teaches creating, by at least one processing device of a service provider, an agreement between the service provider and a user employing a user device, wherein at least a portion of data related to the agreement is maintained on a distributed ledger (para 47, line 1-12 and para 48, line 1-12; user device 108 sends a transaction to SEDACS (Secure Data Access Control System) server 120, which confirms the transaction before storing the transaction on the blockchain),
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland to incorporate the teachings of Wood to provide user device 108 sends a transaction to SEDACS (Secure Data Access Control System) server 120, which confirms the transaction before storing the transaction on the blockchain.  Doing so would allow for a blockchain storing secret data, especially among many parties, in a way that doesn't compromise the blockchain distributed security guarantees, as recognized by Wood in para 4.
Sandberg-Maitland teaches encrypting data of the user that 10the user device sends to the distributed ledger (para 42, line 1-13 and para 54, line 1-16; peer with HSM service can write transaction to the blockchain, where transaction data uses key chaining method of using multiple layers of encryption keys to protect data),
Sandberg-Maitland and Wood do not teach wherein the user device comprises an inner key and an outer key for encrypting data, wherein the inner key comprises a secret key known to the user device and the service provider, wherein the user device encrypts the data of the user that the user device sends to the distributed ledger using the inner key to generate partially encrypted data of the user and then encrypts the partially encrypted data of the user using the outer key to generate encrypted data of the user, 
Poffenbarger teaches wherein the user device comprises an inner key and an outer key for encrypting data, wherein the inner key comprises a secret key known to the user device and the server, wherein the user device encrypts the data of the user that the user device using the inner key to generate partially encrypted data of the user and then encrypts the partially encrypted data of the user using the outer key to generate encrypted data of the user (para 39, lie 1-5 and para 56, line 1-22; data is encrypted using an inner key and the encrypted data is further encrypted using an outer key, where the inner key is transmitted from the client to the server),
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland and Wood to incorporate the teachings of Poffenbarger to provide data is encrypted using an inner key and the encrypted data is further encrypted using an outer key, where the inner key is transmitted from the client to the server.  Doing so would allow for double encryption of data, as recognized by Poffenbarger in para 38.
Sandberg-Maitland teaches wherein the 15outer key is split into a plurality of outer key shares using a threshold secret sharing scheme, wherein a predefined number of the plurality of outer key shares is required to reconstruct the outer key and wherein the plurality of outer key shares is distributed to two or more of the user, the service provider and one or more voters (para 36, line 1-15 and para 40, line 1-16 and para 42, line 1-13; the top layer key uses a threshold secret sharing scheme, where the secret key is divided into N parts with K parts ≤ N parts are needed to reconstruct the secret key and the N parts are given to participants, such as M peers, HSM providing service to peers, and voting candidate); 
Sandberg-Maitland do not teach performing the following steps, by the at least one processing device of the 20secret store server, to access at least a portion of the encrypted data of the user: 
initiating a request to reconstruct the outer key;
Wood teaches performing the following steps, by the at least one processing device of the 20secret store server, to access at least a portion of the encrypted data of the user: 
initiating a request to reconstruct the outer key (para 33, line 1-20 and para 36, line 1-12; secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland to incorporate the teachings of Wood to provide secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions.  Doing so would allow for distributed secret key generation, storing secret keys in a distributed fashion (part secret storage), and encrypted part secret collection, as recognized by Wood in para 33.
Sandberg-Maitland teaches obtaining the reconstructed outer key in response to the number of outer key shares provided by one or more of the user, the service provider and the one or more voters satisfies the predefined number of outer key shares required to reconstruct the outer key (para 36, line 1-15 and para 40, line 1-16 and para 63, line 1-11; receive the K parts given to participants, such as M peers, HSM providing service to peers, and voting candidate, where K parts ≤ N parts are needed to reconstruct the top level secret key); and 
Sandberg-Maitland and Wood do not teach 25decrypting the at least the portion of the encrypted data of the user using the outer key and the inner key.
Poffenbarger teaches decrypting the at least the portion of the encrypted data of the user using the outer key and the inner key (para 53, line 1-12 and para 56, line 1-22; decrypting the encrypted data using an outer and inner key).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland and Wood to incorporate the teachings of Poffenbarger to provide decrypting the encrypted data using an outer and inner key.  Doing so would allow for double encryption and decryption of shared data, as recognized by Poffenbarger in para 56.
Regarding claim 3, Sandberg-Maitland, Wood and Poffenbarger teach method of claim 1.
Sandberg-Maitland teaches the obtaining the reconstructed outer key further comprises 30obtaining one or more votes to release the outer key from one or more of the user, the service provider and the one or more voters (para 36, line 1-15 and para 40, line 1-16 and para 42, line 1-13; the top layer key uses a threshold secret sharing scheme, where the secret key is divided into N parts with K parts ≤ N parts are needed to reconstruct the secret key and the N parts are given to participants, such as M peers, HSM providing service to peers, and voting candidate).
Regarding claim 5, Sandberg-Maitland, Wood and Poffenbarger teach method of claim 1.
Sandberg-Maitland teaches a number of shares allocated to each of the user, the service provider and each voter comprises a voting weight granted to the respective party (para 36, line 1-15 and para 40, line 1-16 and para 42, line 1-13; the top layer key uses a threshold secret sharing scheme, where the secret key is divided into N parts with K parts ≤ N parts are needed to reconstruct the secret key and the N parts are given to participants, such as M peers, HSM providing service to peers, and voting candidate).
Regarding claim 6, Sandberg-Maitland, Wood and Poffenbarger teach method of claim 5.
Sandberg-Maitland teaches the number of shares assigned to the service provider and 10to each individual voter is less than the predefined number of outer key shares required to reconstruct the outer key (para 36, line 1-15 and para 40, line 1-16 and para 42, line 1-13; the top layer key uses a threshold secret sharing scheme, where the secret key is divided into N parts with K parts ≤ N parts are needed to reconstruct the secret key and the N parts are given to participants, such as M peers, HSM providing service to peers, and voting candidate).
Regarding claim 10, Sandberg-Maitland, Wood and Poffenbarger teach method of claim 1.
Sandberg-Maitland teaches the inner key is known only to the user 5and the service provider and whereby the data remains protected on the blockchain when the outer key is reconstructed (para 36, line 1-15 and para 42, line 1-13; peer with HSM service can write transaction to the blockchain, where transaction data uses key chaining method of using multiple layers of encryption keys to protect data and a top layer key encrypts a lower layer key which in turns encrypts the data and the top layer key can be reconstructed using a threshold secret sharing scheme).
Regarding claim 11, Sandberg-Maitland teaches an apparatus comprising: 
at least one processing device comprising a processor coupled to a memory; 10the at least one processing device corresponding to a service provider and being configured to implement the following steps (para 35, line 1-21; the HSM service includes a crypto-processing and secure storage 104 for data processing): 
Sandberg-Maitland does not teach creating, by at least one processing device of a service provider, an agreement between the service provider and a user employing a user device, wherein at least a portion of data related to the agreement is maintained on a distributed ledger, 
Wood teaches creating, by at least one processing device of a service provider, an agreement between the service provider and a user employing a user device, wherein at least a portion of data related to the agreement is maintained on a distributed ledger (para 47, line 1-12 and para 48, line 1-12; user device 108 sends a transaction to SEDACS (Secure Data Access Control System) server 120, which confirms the transaction before storing the transaction on the blockchain),
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland to incorporate the teachings of Wood to provide user device 108 sends a transaction to SEDACS (Secure Data Access Control System) server 120, which confirms the transaction before storing the transaction on the blockchain.  Doing so would allow for a blockchain storing secret data, especially among many parties, in a way that doesn't compromise the blockchain distributed security guarantees, as recognized by Wood in para 4.
Sandberg-Maitland teaches encrypting data of the user that 10the user device sends to the distributed ledger (para 42, line 1-13 and para 54, line 1-16; peer with HSM service can write transaction to the blockchain, where transaction data uses key chaining method of using multiple layers of encryption keys to protect data),
Sandberg-Maitland and Wood do not teach wherein the user device comprises an inner key and an outer key for encrypting data, wherein the inner key comprises a secret key known to the user device and the service provider, wherein the user device encrypts the data of the user that the user device sends to the distributed ledger using the inner key to generate partially encrypted data of the user and then encrypts the partially encrypted data of the user using the outer key to generate encrypted data of the user, 
Poffenbarger teaches wherein the user device comprises an inner key and an outer key for encrypting data, wherein the inner key comprises a secret key known to the user device and the server, wherein the user device encrypts the data of the user that the user device using the inner key to generate partially encrypted data of the user and then encrypts the partially encrypted data of the user using the outer key to generate encrypted data of the user (para 39, lie 1-5 and para 56, line 1-22; data is encrypted using an inner key and the encrypted data is further encrypted using an outer key, where the inner key is transmitted from the client to the server),
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland and Wood to incorporate the teachings of Poffenbarger to provide data is encrypted using an inner key and the encrypted data is further encrypted using an outer key, where the inner key is transmitted from the client to the server.  Doing so would allow for double encryption of data, as recognized by Poffenbarger in para 38.
Sandberg-Maitland teaches wherein the 15outer key is split into a plurality of outer key shares using a threshold secret sharing scheme, wherein a predefined number of the plurality of outer key shares is required to reconstruct the outer key and wherein the plurality of outer key shares is distributed to two or more of the user, the service provider and one or more voters (para 36, line 1-15 and para 40, line 1-16 and para 42, line 1-13; the top layer key uses a threshold secret sharing scheme, where the secret key is divided into N parts with K parts ≤ N parts are needed to reconstruct the secret key and the N parts are given to participants, such as M peers, HSM providing service to peers, and voting candidate); 
Sandberg-Maitland do not teach performing the following steps, by the at least one processing device of the 20secret store server, to access at least a portion of the encrypted data of the user: 
initiating a request to reconstruct the outer key;
Wood teaches performing the following steps, by the at least one processing device of the 20secret store server, to access at least a portion of the encrypted data of the user: 
initiating a request to reconstruct the outer key (para 33, line 1-20 and para 36, line 1-12; secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland to incorporate the teachings of Wood to provide secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions.  Doing so would allow for distributed secret key generation, storing secret keys in a distributed fashion (part secret storage), and encrypted part secret collection, as recognized by Wood in para 33.
Sandberg-Maitland teaches obtaining the reconstructed outer key in response to the number of outer key shares provided by one or more of the user, the service provider and the one or more voters satisfies the predefined number of outer key shares required to reconstruct the outer key (para 36, line 1-15 and para 40, line 1-16 and para 63, line 1-11; receive the K parts given to participants, such as M peers, HSM providing service to peers, and voting candidate, where K parts ≤ N parts are needed to reconstruct the top level secret key); and 
Sandberg-Maitland and Wood do not teach 25decrypting the at least the portion of the encrypted data of the user using the outer key and the inner key.
Poffenbarger teaches decrypting the at least the portion of the encrypted data of the user using the outer key and the inner key (para 53, line 1-12 and para 56, line 1-22; decrypting the encrypted data using an outer and inner key).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland and Wood to incorporate the teachings of Poffenbarger to provide decrypting the encrypted data using an outer and inner key.  Doing so would allow for double encryption and decryption of shared data, as recognized by Poffenbarger in para 56.
Regarding claim 13, Sandberg-Maitland, Wood and Poffenbarger teach apparatus of claim 11.
Sandberg-Maitland teaches the obtaining the reconstructed outer key further comprises 30obtaining one or more votes to release the outer key from one or more of the user, the service provider and the one or more voters (para 36, line 1-15 and para 40, line 1-16 and para 42, line 1-13; the top layer key uses a threshold secret sharing scheme, where the secret key is divided into N parts with K parts ≤ N parts are needed to reconstruct the secret key and the N parts are given to participants, such as M peers, HSM providing service to peers, and voting candidate).
Regarding claim 16, Sandberg-Maitland teaches a non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code when executed by at least one processing device of a service provider causes the at least one processing device of the service provider to perform the following steps (para 35, line 1-21 and para 93, line 1-12; the HSM service includes a crypto-processing and secure storage 104 for data processing and software running on one or more processors):
Sandberg-Maitland does not teach creating, by at least one processing device of a service provider, an agreement between the service provider and a user employing a user device, wherein at least a portion of data related to the agreement is maintained on a distributed ledger, 
Wood teaches creating, by at least one processing device of a service provider, an agreement between the service provider and a user employing a user device, wherein at least a portion of data related to the agreement is maintained on a distributed ledger (para 47, line 1-12 and para 48, line 1-12; user device 108 sends a transaction to SEDACS (Secure Data Access Control System) server 120, which confirms the transaction before storing the transaction on the blockchain),
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland to incorporate the teachings of Wood to provide user device 108 sends a transaction to SEDACS (Secure Data Access Control System) server 120, which confirms the transaction before storing the transaction on the blockchain.  Doing so would allow for a blockchain storing secret data, especially among many parties, in a way that doesn't compromise the blockchain distributed security guarantees, as recognized by Wood in para 4.
Sandberg-Maitland teaches encrypting data of the user that 10the user device sends to the distributed ledger (para 42, line 1-13 and para 54, line 1-16; peer with HSM service can write transaction to the blockchain, where transaction data uses key chaining method of using multiple layers of encryption keys to protect data),
Sandberg-Maitland and Wood do not teach wherein the user device comprises an inner key and an outer key for encrypting data, wherein the inner key comprises a secret key known to the user device and the service provider, wherein the user device encrypts the data of the user that the user device sends to the distributed ledger using the inner key to generate partially encrypted data of the user and then encrypts the partially encrypted data of the user using the outer key to generate encrypted data of the user, 
Poffenbarger teaches wherein the user device comprises an inner key and an outer key for encrypting data, wherein the inner key comprises a secret key known to the user device and the server, wherein the user device encrypts the data of the user that the user device using the inner key to generate partially encrypted data of the user and then encrypts the partially encrypted data of the user using the outer key to generate encrypted data of the user (para 39, lie 1-5 and para 56, line 1-22; data is encrypted using an inner key and the encrypted data is further encrypted using an outer key, where the inner key is transmitted from the client to the server),
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland and Wood to incorporate the teachings of Poffenbarger to provide data is encrypted using an inner key and the encrypted data is further encrypted using an outer key, where the inner key is transmitted from the client to the server.  Doing so would allow for double encryption of data, as recognized by Poffenbarger in para 38.
Sandberg-Maitland teaches wherein the 15outer key is split into a plurality of outer key shares using a threshold secret sharing scheme, wherein a predefined number of the plurality of outer key shares is required to reconstruct the outer key and wherein the plurality of outer key shares is distributed to two or more of the user, the service provider and one or more voters (para 36, line 1-15 and para 40, line 1-16 and para 42, line 1-13; the top layer key uses a threshold secret sharing scheme, where the secret key is divided into N parts with K parts ≤ N parts are needed to reconstruct the secret key and the N parts are given to participants, such as M peers, HSM providing service to peers, and voting candidate); 
Sandberg-Maitland do not teach performing the following steps, by the at least one processing device of the 20secret store server, to access at least a portion of the encrypted data of the user: 
initiating a request to reconstruct the outer key;
Wood teaches performing the following steps, by the at least one processing device of the 20secret store server, to access at least a portion of the encrypted data of the user: 
initiating a request to reconstruct the outer key (para 33, line 1-20 and para 36, line 1-12; secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland to incorporate the teachings of Wood to provide secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions.  Doing so would allow for distributed secret key generation, storing secret keys in a distributed fashion (part secret storage), and encrypted part secret collection, as recognized by Wood in para 33.
Sandberg-Maitland teaches obtaining the reconstructed outer key in response to the number of outer key shares provided by one or more of the user, the service provider and the one or more voters satisfies the predefined number of outer key shares required to reconstruct the outer key (para 36, line 1-15 and para 40, line 1-16 and para 63, line 1-11; receive the K parts given to participants, such as M peers, HSM providing service to peers, and voting candidate, where K parts ≤ N parts are needed to reconstruct the top level secret key); and 
Sandberg-Maitland and Wood do not teach 25decrypting the at least the portion of the encrypted data of the user using the outer key and the inner key.
Poffenbarger teaches decrypting the at least the portion of the encrypted data of the user using the outer key and the inner key (para 53, line 1-12 and para 56, line 1-22; decrypting the encrypted data using an outer and inner key).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland and Wood to incorporate the teachings of Poffenbarger to provide decrypting the encrypted data using an outer and inner key.  Doing so would allow for double encryption and decryption of shared data, as recognized by Poffenbarger in para 56.
Regarding claim 18, Sandberg-Maitland, Wood and Poffenbarger teach computer product of claim 16.
Sandberg-Maitland teaches the obtaining the reconstructed outer key further comprises 30obtaining one or more votes to release the outer key from one or more of the user, the service provider and the one or more voters (para 36, line 1-15 and para 40, line 1-16 and para 42, line 1-13; the top layer key uses a threshold secret sharing scheme, where the secret key is divided into N parts with K parts ≤ N parts are needed to reconstruct the secret key and the N parts are given to participants, such as M peers, HSM providing service to peers, and voting candidate).
5.	Claims 2, 4, 7-8, 12, 14-15, 17, and 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Sandberg-Maitland in view of Wood, Poffenbarger, and Levy (US Pub. 2012/0173439) filed on Jan. 4, 2012.
	Regarding claim 2, Sandberg-Maitland, Wood and Poffenbarger teach method of claim 1. 
	Sandberg-Maitland do not teach in response to the secret store server initiating the 25request to reconstruct the outer key to access the at least the portion of the encrypted data of the user 
	Wood teaches response to the secret store server initiating the 25request to reconstruct the outer key to access the at least the portion of the encrypted data of the user (para 33, line 1-20 and para 36, line 1-12; secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland to incorporate the teachings of Wood to provide secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions.  Doing so would allow for distributed secret key generation, storing secret keys in a distributed fashion (part secret storage), and encrypted part secret collection, as recognized by Wood in para 33.
Sandberg-Maitland, Wood and Poffenbarger do not teach the agreement further comprises one or more of a first buffer for storing evidence provided by the service provider and a second buffer for storing evidence provided by the user to prevent the service provider from accessing the at least a portion of the encrypted data of the user.  
Levy teaches the agreement further comprises one or more of a first buffer for storing evidence provided by the service provider and a second buffer for storing evidence provided by the user to prevent the service provider from accessing the at least a portion of the encrypted data of the user (para 66, line 1-4 and para 115, line 1-5 and para 124, line 1-10; store tenant related information where the encrypted data is secured against unauthorized access and store user’s service provider information).  
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland, Wood and Poffenbarger to incorporate the teachings of Levy to provide store tenant related information where the encrypted data is secured against unauthorized access and store user’s service provider information.  Doing so would allow for processing of an action for breach of contract, as recognized by Levy.
Regarding claim 4, Sandberg-Maitland, Wood and Poffenbarger teach method of claim 1.
Sandberg-Maitland do not the secret store server initiates the request to reconstruct the outer key 
	Wood teaches the secret store server initiates the request to reconstruct the outer key (para 33, line 1-20 and para 36, line 1-12; secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland to incorporate the teachings of Wood to provide secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions.  Doing so would allow for distributed secret key generation, storing secret keys in a distributed fashion (part secret storage), and encrypted part secret collection, as recognized by Wood in para 33.
Sandberg-Maitland, Wood and Poffenbarger do not teach in response to one or more of: the user violating a legal requirement of a legal authority and the user breaching one or more terms of the agreement with the service provider.
Levy teaches in response to one or more of: the user violating a legal requirement of a legal authority and the user breaching one or more terms of the agreement with the service provider (para 6, line 1-6 and para 15, line 1-15; request of an owner for documents upon a breach relating to a lease, where the owner is a landlord and the user is a tenant).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland, Wood and Poffenbarger to incorporate the teachings of Levy to provide request of an owner for documents upon a breach relating to a lease, where the owner is a landlord and the user is a tenant.  Doing so would allow for processing of an action for breach of contract, as recognized by Levy.
Regarding claim 7, Sandberg-Maitland, Wood and Poffenbarger teach method of claim 1.
Sandberg-Maitland teaches one or more of the user, the service provider and one or more of the voters (para 36, line 1-15 and para 40, line 1-16; the N parts are given to participants, such as M peers, HSM providing service to peers, and voting candidate)
Sandberg-Maitland, Wood and Poffenbarger do not teach a trusted third party submits evidence to be evaluated 
Levy teaches a trusted third party submits evidence to be evaluated (para 38, line 1-6 and line 19-33; each party may present evidence relevant to their defense and a mediation entity may be involved)  
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland, Wood and Poffenbarger to incorporate the teachings of Levy to provide each party may present evidence relevant to their defense and a mediation entity may be involved.  Doing so would allow for processing of an action for breach of contract, as recognized by Levy.
Regarding claim 8, Sandberg-Maitland, Wood, Poffenbarger, and Levy teaches method of claim 7.
Sandberg-Maitland teaches one or more of the voters automatically release respective outer key shares based at least in part on the evidence using predefined logic to evaluate the evidence (para 36, line 1-15 and para 45, line 1-16; number K of N parts are used to vote for proposal or action as part of consensus-enabling mechanism).
Sandberg-Maitland, Wood and Poffenbarger do not teach the evidence submitted by the trusted third party
Levy teaches the evidence submitted by the trusted third party (para 38, line 1-6 and line 19-33; each party may present evidence relevant to their defense and a mediation entity may be involved)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland, Wood and Poffenbarger to incorporate the teachings of Levy to provide each party may present evidence relevant to their defense and a mediation entity may be involved.  Doing so would allow for processing of an action for breach of contract, as recognized by Levy.
Regarding claim 12, Sandberg-Maitland, Wood and Poffenbarger teach apparatus of claim 11. 
	Sandberg-Maitland do not teach in response to the secret store server initiating the 25request to reconstruct the outer key to access the at least the portion of the encrypted data of the user 
	Wood teaches response to the secret store server initiating the 25request to reconstruct the outer key to access the at least the portion of the encrypted data of the user (para 33, line 1-20 and para 36, line 1-12; secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland to incorporate the teachings of Wood to provide secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions.  Doing so would allow for distributed secret key generation, storing secret keys in a distributed fashion (part secret storage), and encrypted part secret collection, as recognized by Wood in para 33.
Sandberg-Maitland, Wood and Poffenbarger do not teach the agreement further comprises one or more of a first buffer for storing evidence provided by the service provider and a second buffer for storing evidence provided by the user to prevent the service provider from accessing the at least a portion of the encrypted data of the user.  
Levy teaches the agreement further comprises one or more of a first buffer for storing evidence provided by the service provider and a second buffer for storing evidence provided by the user to prevent the service provider from accessing the at least a portion of the encrypted data of the user (para 66, line 1-4 and para 115, line 1-5 and para 124, line 1-10; store tenant related information where the encrypted data is secured against unauthorized access and store user’s service provider information).  
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland, Wood and Poffenbarger to incorporate the teachings of Levy to provide store tenant related information where the encrypted data is secured against unauthorized access and store user’s service provider information.  Doing so would allow for processing of an action for breach of contract, as recognized by Levy.
Regarding claim 14, Sandberg-Maitland, Wood and Poffenbarger teaches apparatus of claim 11.
Sandberg-Maitland do not the secret store server initiates the request to reconstruct the outer key 
	Wood teaches the secret store server initiates the request to reconstruct the outer key (para 33, line 1-20 and para 36, line 1-12; secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland to incorporate the teachings of Wood to provide secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions.  Doing so would allow for distributed secret key generation, storing secret keys in a distributed fashion (part secret storage), and encrypted part secret collection, as recognized by Wood in para 33.
Sandberg-Maitland, Wood and Poffenbarger do not teach in response to one or more of: the user violating a legal requirement of a legal authority and the user breaching one or more terms of the agreement with the service provider.
Levy teaches in response to one or more of: the user violating a legal requirement of a legal authority and the user breaching one or more terms of the agreement with the service provider (para 6, line 1-6 and para 15, line 1-15; request of an owner for documents upon a breach relating to a lease, where the owner is a landlord and the user is a tenant).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland, Wood and Poffenbarger to incorporate the teachings of Levy to provide request of an owner for documents upon a breach relating to a lease, where the owner is a landlord and the user is a tenant.  Doing so would allow for processing of an action for breach of contract, as recognized by Levy.
Regarding claim 15, Sandberg-Maitland, Wood and Poffenbarger teach apparatus of claim 11.
Sandberg-Maitland teaches one or more of the user, the service provider and one or more of the voters (para 36, line 1-15 and para 40, line 1-16; the N parts are given to participants, such as M peers, HSM providing service to peers, and voting candidate)
Sandberg-Maitland, Wood and Poffenbarger do not teach a trusted third party submits evidence to be evaluated 
Levy teaches a trusted third party submits evidence to be evaluated (para 38, line 1-6 and line 19-33; each party may present evidence relevant to their defense and a mediation entity may be involved)  
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland, Wood and Poffenbarger to incorporate the teachings of Levy to provide each party may present evidence relevant to their defense and a mediation entity may be involved.  Doing so would allow for processing of an action for breach of contract, as recognized by Levy.
Sandberg-Maitland teaches one or more of the voters automatically release respective outer key shares based at least in part on the evidence using predefined logic to evaluate the evidence (para 36, line 1-15 and para 45, line 1-16; number K of N parts are used to vote for proposal or action as part of consensus-enabling mechanism).
Sandberg-Maitland, Wood and Poffenbarger do not teach the evidence submitted by the trusted third party
Levy teaches the evidence submitted by the trusted third party (para 38, line 1-6 and line 19-33; each party may present evidence relevant to their defense and a mediation entity may be involved)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland, Wood and Poffenbarger to incorporate the teachings of Levy to provide each party may present evidence relevant to their defense and a mediation entity may be involved.  Doing so would allow for processing of an action for breach of contract, as recognized by Levy.
Regarding claim 17, Sandberg-Maitland, Wood and Poffenbarger teach computer product of claim 16. 
	Sandberg-Maitland do not teach in response to the secret store server initiating the 25request to reconstruct the outer key to access the at least the portion of the encrypted data of the user 
	Wood teaches in response to the secret store server initiating the 25request to reconstruct the outer key to access the at least the portion of the encrypted data of the user (para 33, line 1-20 and para 36, line 1-12; secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland to incorporate the teachings of Wood to provide secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions.  Doing so would allow for distributed secret key generation, storing secret keys in a distributed fashion (part secret storage), and encrypted part secret collection, as recognized by Wood in para 33.
Sandberg-Maitland, Wood and Poffenbarger do not teach the agreement further comprises one or more of a first buffer for storing evidence provided by the service provider and a second buffer for storing evidence provided by the user to prevent the service provider from accessing the at least a portion of the encrypted data of the user.  
Levy teaches the agreement further comprises one or more of a first buffer for storing evidence provided by the service provider and a second buffer for storing evidence provided by the user to prevent the service provider from accessing the at least a portion of the encrypted data of the user (para 66, line 1-4 and para 115, line 1-5 and para 124, line 1-10; store tenant related information where the encrypted data is secured against unauthorized access and store user’s service provider information).  
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland, Wood and Poffenbarger to incorporate the teachings of Levy to provide store tenant related information where the encrypted data is secured against unauthorized access and store user’s service provider information.  Doing so would allow for processing of an action for breach of contract, as recognized by Levy.
Regarding claim 20, Sandberg-Maitland, Wood and Poffenbarger teach computer product of claim 16.
Sandberg-Maitland teaches one or more of the user, the service provider and one or more of the voters (para 36, line 1-15 and para 40, line 1-16; the N parts are given to participants, such as M peers, HSM providing service to peers, and voting candidate)
Sandberg-Maitland, Wood and Poffenbarger do not teach a trusted third party submits evidence to be evaluated 
Levy teaches a trusted third party submits evidence to be evaluated (para 38, line 1-6 and line 19-33; each party may present evidence relevant to their defense and a mediation entity may be involved)  
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland, Wood and Poffenbarger to incorporate the teachings of Levy to provide each party may present evidence relevant to their defense and a mediation entity may be involved.  Doing so would allow for processing of an action for breach of contract, as recognized by Levy.
Sandberg-Maitland teaches one or more of the voters automatically release respective outer key shares based at least in part on the evidence using predefined logic to evaluate the evidence (para 36, line 1-15 and para 45, line 1-16; number K of N parts are used to vote for proposal or action as part of consensus-enabling mechanism).
Sandberg-Maitland, Wood and Poffenbarger do not teach the evidence submitted by the trusted third party
Levy teaches the evidence submitted by the trusted third party (para 38, line 1-6 and line 19-33; each party may present evidence relevant to their defense and a mediation entity may be involved)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland, Wood and Poffenbarger to incorporate the teachings of Levy to provide each party may present evidence relevant to their defense and a mediation entity may be involved.  Doing so would allow for processing of an action for breach of contract, as recognized by Levy.
Regarding claim 21, Sandberg-Maitland, Wood and Poffenbarger teach method of claim 1.
Sandberg-Maitland do not the secret store server initiates the request to reconstruct the outer key 
	Wood teaches the secret store server initiates the request to reconstruct the outer key (para 33, line 1-20 and para 36, line 1-12; secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland to incorporate the teachings of Wood to provide secret store 118 including a network of key server, where a key server can recompute the secret portion by combining their respective secret portions.  Doing so would allow for distributed secret key generation, storing secret keys in a distributed fashion (part secret storage), and encrypted part secret collection, as recognized by Wood in para 33.
Sandberg-Maitland, Wood and Poffenbarger do not teach wherein one or more of: 
(i) the service provider comprises one or more of a car rental provider and a lodging provider, and wherein the service provider initiates an action in response to the user breaching one or more terms of the agreement with the service provider; and 
(ii) the service provider comprises a government agency and wherein the service provider initiates the action15service in response to the user violating a legal requirement of a legal authority.
Levy teaches wherein one or more of: 
(i) the service provider comprises one or more of a car rental provider and a lodging provider, and wherein the service provider initiates an action in response to the user breaching one or more terms of the agreement with the service provider (para 6, line 1-6 and para 15, line 1-15; request of an owner for documents upon a breach relating to a lease, where the owner is a landlord and the user is a tenant); and 
(ii) the service provider comprises a government agency and wherein the service provider initiates the action in response to the user violating a legal requirement of a legal authority (para 25, line 1-10 and para 68, line 1-4; reviewing tenant action and eviction information including involvement by government entities for funds owed).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland, Wood and Poffenbarger to incorporate the teachings of Levy to provide request of an owner for documents upon a breach relating to a lease, where the owner is a landlord and the user is a tenant.  Doing so would allow for processing of an action for breach of contract, as recognized by Levy.
6.	Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over  Sandberg-Maitland in view of Wood, Poffenbarger, and Ramachandran et al. (US Pub. 2018/0316492), hereinafter Ramachandran, filed on May 1, 2018 .
Regarding claim 9, Sandberg-Maitland, Wood and Poffenbarger teach method of claim 1.
	Sandberg-Maitland, Wood and Poffenbarger do not teach the encrypted data of the user is stored one or more of (i) as part of the agreement in the distributed ledger; and (ii) in a data storage by a data custodian with one or more hash values of the encrypted data stored in the distributed ledger to reference the data stored by the data custodian.
	Ramachandran teaches the encrypted data of the user is stored one or more of (i) as part of the agreement in the distributed ledger; and (ii) in a data storage by a data custodian with one or more hash values of the encrypted data stored in the distributed ledger to reference the data stored by the data custodian (para 51, line 11-23 and para 95, line 1-11; data may be added to the blockchain, where the data is associated with authorized participants of the blockchain and a hash value is used to represent encrypted hashed data).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Sandberg-Maitland, Wood and Poffenbarger to incorporate the teachings of Ramachandran to provide data may be added to the blockchain, where the data is associated with authorized participants of the blockchain and a hash value is used to represent encrypted hashed data.  Doing so would allow for authorized participants with key shares to access encrypted data on the blockchain, as recognized by Ramachandran.
Conclusion
7.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	The following are the related patents and applications:  Ateniese et al. (US Pub. 2017/0338957) discloses a non-tamper-evident or tamper-evident operation using a key secret held by a trusted party, where the blockchains may include a series of blocks secured by a chameleon hash that may prevent non-tamper-evident rewrites by non-trusted parties that are not in possession of the key secret; Yadlin et al. (US Pub. 2020/0044863) discloses securing digital signatures using multi-party computation includes generating at least one first secret share by a first system and wherein at least one second secret share is generated by one of at least one second system; Yoshida et al. (US Pub. 2011/0060903) discloses group signature system comprises a group administrator apparatus, signer apparatuses and a verifier apparatus which can communicate with one another.
8.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NHAN HUU NGUYEN/Examiner, Art Unit 2492

/OLEG KORSAK/Primary Examiner, Art Unit 2492