Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claims 1-13 are objected for several formatting and wording issues in style and grammar by hindering the readability of the claimed limitation. By way of example, acceptable or recommended style is presented below for claim 1 for the applicant to adapt similarly into claims 1-13.
A method for encrypting data element shares, the method comprising:
 based on a data element, wherein M is an integer greater than 1;
 providing 
corresponding encryption keysto generate M encrypted data element shares using the first data processing unit, wherein each of the encryption keyss 
wherein the first data processing unit, based on the data element, data element shares
Similar adaption and  appropriate corrections are required in claims 2-23.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Regarding claims 1, 7, 9, 11 and 13, the phrase "thus" renders the claims indefinite because it is unclear whether the limitation(s) following the phrase are part of the claimed invention.  See MPEP § 2173.05(d).
Regarding claims 2 and 12, the phrase "such as" renders the claims indefinite because it is unclear whether the limitations following the phrase are part of the claimed invention.  See MPEP § 2173.05(d).
Regarding claims 2 and 12, the phrase "preferably" renders the claims indefinite because it is unclear whether the limitations following the phrase are part of the claimed invention.  See MPEP § 2173.05(d).
Regarding claims 2 and 12, the phrase "can be" renders the claims indefinite because it is unclear whether the limitations following the phrase are carried out or performed. The phrase “can be” suggests the possibility or ability, but does not positively assert the action or act in the method steps is performed. 
Regarding claims 1, 3, 4, 5, 7, 11, 11 and 13, the phrase "respectively" renders the claims indefinite because it is unclear whether there are clearly identified elements to have correspondence between respective elements to weigh on “respectively” in the limitation(s).  By way of example, claim 1 recites “encrypting each of the M data element shares (52) with an encryption key (42), respectively,” however there is only a single encryption key (an encryption key (42)) for a plurality of M data element shares (52) and therefore “respectively” is rendering the limitation ambiguous. Similarly, in claim 1, “each of the encryption keys (42) corresponds to a decryption key (45), respectively” rendered ambiguous because a single decryption key “a decryption key (45)” is recited for correspondence for a plurality encryption keys in “each of the encryption keys (42)”. 
Regarding claims 2 and 12, the phrase "and/or" renders the claims indefinite because it is unclear whether the applicant intended to combine two or more elements together as a combination or whether the applicant intended to choose or select an element or combination of elements from the set of identified elements in an alternative way. For example, the limitation recites, “the Shamir's secret sharing scheme and/or the Berkley's secret sharing scheme”. It is not clear whether the Shamir's scheme and the Berkley's are considered individually or as a combination because, the recited limitation is linked ambiguously with “and/or” and rendering the claims indefinite.
Regarding claims 8-13 the phrase "composite method" and “composite system” renders the claims indefinite because it is unclear what is composed of or what is entailed for the method claim to be a composite method and for a system claim to be a composite system. A claim should be directed to and calls for a method claim or a system claim. The phrase “composite” is rendering the claims indefinite. 
Regarding claims 2, 8, 9 and 11-13, the phrase "unencrypted data", “unencrypted state", “unencrypting each data” render the claims indefinite because it is unclear whether the applicant is intended to suggest a data not encrypted yet and to be converted to encrypted data or the applicant is intended to suggest data obtained from deception of encrypted data.  Clear technical terms (encryption or decryption) should be used appropriately when needed. 
Regarding claims 2-13, some of the limitations in the dependent claims are redundant and duplicated in a tangled way. By way of example, claim 3 recites “the step of based on a data element (50), generating M data element shares (52) is carried out by the first data processing unit (10)” and also as another example, one of the limitations in claim 7 recites  wherein the first data processing unit (10) is configured to encrypt each of the M data  element shares (52) with an encryption key (42) “wherein the system is configured to carry out the method according to claim 1”. However, in scope and substance, claim 1 already recited these limitations “encrypt each of the M data element shares (52) with an encryption key (42)”. Therefore, claims 2-23 are rendered ambiguous and indefinite.
For at lease on ore more of the above reasons, claims 1-13 are rejected under 35 U.S.C. 112(b), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1, 3, 4, 7 are rejected under 35 U.S.C. 103 as being unpatentable over Gladwin et al. (Hereinafter referred to as Gladwin, US 20190109711 A1) in view of Admitted Prior Art NXP® in view of Secure microcontroller SmartMX®3P71D321 (Hereinafter referred to as APA_NXP).

As per claim 1:
Gladwin discloses a method, comprising:
based on a data element (50) ([0075] The access information108), generating M data element shares (52), wherein M is an integer greater than 1 ([0076] a share encoding function to produce a plurality of encoded shares 1−N, where N is an integer greater than using at least a secret sharing function (e.g., a Shamir secret sharing algorithm));
providing each of M encryption keys (42) to a first data processing unit (10) ([0074] The DS managing unit 18 includes a plurality of key generators 1−N);
the first data processing unit (10) encrypting each of the M data element shares (52) with an encryption key (42), respectively, and thus generating M encrypted data element shares (55), wherein each of the encryption keys (42) corresponds to a decryption key (45), respectively ([0076-0077] The encryptors 1−N encrypt the encoded shares 1−N in accordance with an encryption algorithm utilizing keys 1−N to produce encrypted shares 1−N. Generation of the keys 1−N; The encryptors 1−N output the encrypted shares 1−N. [0098]: a plurality of key regenerators (e.g., key regen 1−N), and a plurality of decryptors 1−N);
wherein the first data processing unit (10) comprises a microcontroller configured to generate, based on the data element (50), data element shares (52) and encrypt the data element shares (52) ([0074-0077]: The encryptors 1−N encrypt the encoded shares 1−N in accordance with an encryption algorithm utilizing keys 1−N to produce encrypted shares 1−N; ([0166] As may also be used herein, the terms “processing module”, “module”, “processing circuit”, and/or “processing unit” may be a single processing device or a plurality of processing devices. Such a processing device may be a microprocessor, micro-controller).
Gladwin does not explicitly disclose the microcontroller in the first data processing unit (10) is a s a secure microcontroller.  APA_NXP, in admitted prior art however, discloses the microcontroller in the first data processing unit (10) is a s a secure microcontroller ([0159; 0214; 0252, 0316] It will be understood, that any available secure microcontroller can be used with the present invention, such as the NXP P71 secure microcontroller). Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of secret sharing disclosed by Gladwin to include the microcontroller in the first data processing unit (10) is a secure microcontroller. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to mitigate sophisticated malware presence, side channel attacks and brute-force attacks for executing security sensitive tasks, such as, storing the decryption keys and/or decrypting the encrypted data element shares as discussed in Gladwin and therefore data shares in an unencrypted state can only be present (i.e. live) in a secure environment as suggested by APA_NXP ([0159; 0214; 0220]).

As per claim 3:
Gladwin discloses wherein the step of based on a data element (50), generating M data element shares (52) is carried out by the first data processing unit (10) ([0076-0077] a share encoding function to produce a plurality of encoded shares 1−N, where N is an integer greater than using at least a secret sharing function (e.g., a Shamir secret sharing algorithm)); the DS managing unit 18).

As per claim 4:
Gladwin discloses further comprising at least one of the first data processing unit (10) providing each of the M encrypted data element shares (55) to a separate data share storage unit (30B), respectively, and storing each of the M encrypted data element shares (55) on a respective separate data share storage unit (30B), the first data processing unit (10) providing each of the M encrypted data element shares (55) to a database (60) and storing each of the M encrypted data element shares (55) on the database (60), storing each of the M encrypted data element shares (55) on the first data processing unit (10) ([0077] The encryptors 1−N output the encrypted shares 1−N to the DS processing units 1−N. The DS processing units 1−N dispersed storage error encodes each encrypted share of the encrypted shares 1−N to produce N groups of encoded share slices. The DS processing units 1−N send the N groups of encoded share slices to the DSN memories 1−N for storage therein).

As per claim 7:
Claim 7 is directed to a system having substantially similar claimed limitations corresponding to limitations of claim 1 and therefore claim 7 is rejected with the same rationale given above to reject respective limitations of claim 1. 

Claims 2, 6, 8-10 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Gladwin et al. (Hereinafter referred to as Gladwin, US 20190109711 A1) in view of Admitted Prior Art NXP® in view of Secure microcontroller SmartMX®3P71D321 (Hereinafter referred to as APA_NXP) in further view of Vakili et al. (Hereinafter referred Vakili, US. Pub. No.: US 20190342080 A1).

As per claim 2:
Gladwin discloses ([0084]: the processing module applies a share encoding function on the data to produce a plurality of encoded shares 1−N. The share encoding function includes at least a secret sharing function (e.g., Shamir's secret sharing scheme, Blakley's scheme, Chinese Remainder Theorem scheme)).  Gladwin and APA_NXP do not explicitly disclose wherein the data element (50) can be determined with N unencrypted data element shares (52), where N is an integer greater than or equal to 1, and smaller than or equal to M, and wherein the step of based on a data element (50), generating M data element shares (52), is based on a secret sharing scheme, preferably a threshold secret sharing scheme with a total number of shares equal to M and threshold equal to N, such as, the Shamir's secret sharing scheme and/or the Berkley's secret sharing scheme.
Vakili, in analogous prior art however, discloses wherein the data element (50) can be determined with N unencrypted data element shares (52), where N is an integer greater than or equal to 1, and smaller than or equal to M, and wherein the step of based on a data element (50), generating M data element shares (52), is based on a secret sharing scheme, preferably a threshold secret sharing scheme with a total number of shares equal to M and threshold equal to N, such as, the Shamir's secret sharing scheme and/or the Berkley's secret sharing scheme ([0021] A conventional secret sharing technique, splitting operation 104 splits secret message S 102 into N shares 106 (s.sub.1, s.sub.2, s.sub.3, . . . , s.sub.N), with T being the threshold number. Here, secret message S 102 may be a sequence of unencrypted bytes (e.g., clear text) representing confidential information. N may be a positive integer greater than or equal to two. T may be a positive integer greater than or equal to two, and T is less than N. The N shares 106 may be distributed amongst a number of participants in such a way that the only way to reconstruct the secret message S 102 is to have access to at least some number of shares. This number is called the threshold number (T). The secret message S 102 cannot be reconstructed by having access to the number of shares that is less than the threshold number T. [0024]: Splitting operation 104 may use a splitting function of the Shamir secret sharing scheme (S4) to split the original secret message S 102. Splitting operation 104, running on a splitting computing device, may call an s4_split (S, T, N) function which uses the Shamir secret sharing algorithm to split secret message S 102 into N shares with the threshold number being T. [0034]). 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of secret sharing disclosed by Gladwin and APA_NXP to include the above recited limitation. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to provide hybrid secret sharing to enhance performance of computing devices and efficiently detect possible share tampering without having to access a more than necessary threshold number of shares during the secret reconstruction phase as suggested by Vakili ([0027-0028]).

As per claim 6
Gladwin discloses, wherein N is equal to 2 the method further comprising storing one of the M data element shares (52) in the first data processing unit (10) ([0097] an access information retrieval system that includes a plurality of dispersed storage (DS) processing modules 1−N, and a plurality of memories 1−N. DS processing module 1 and memory 1 are implemented as a first DS unit and DS processing module 2 and memory 2 are implemented as a second DS unit. Alternatively, the system may be implemented utilizing one DS processing module and N memories 1−N), andk,
storing each of the remaining M−1 data element shares (52) in a respective password protected storage (1110) ([0098] The DS processing modules 1−N includes DS processing 1−N and passkey generators 1−N. Alternatively, the user device 12 includes functionality of the DS processing units 1−N. The user device includes an access information package 102, a share decoder 142, an authentication input processor 106, a plurality of random number generators (RNG) 1−N, a plurality of blinded password generators 1−N (e.g., b-pass gen 1−N), a plurality of value generators (e.g., v gen 1−N), a plurality of key regenerators (e.g., key regen 1−N), and a plurality of decryptors 1−N. The access information package 102 includes access information 108 and an access information digest 110).

As per claim 8:
Claim 8 is directed to a composite method, wherein the composite method comprises the method according to claim 1 and a determining method to determine the data element (50) of claim 1, therefore claim 8 is rejected with the same rationale given above to reject claim 1. For addition limitation in claim 8: 
Gladwin and APA_NXP do not explicitly disclose wherein the determining method comprises providing to a device (200) at least N of M of the data element shares (52) of in an unencrypted state, wherein N is an integer greater than or equal to 1, and smaller than or equal to M; the device (200) determining the data element (50) based on the at least N data element shares (52) in the unencrypted state. 
Vakili, in analgous prior art however, discloses wherein the determining method comprises providing to a device (200) at least N of M of the data element shares (52) of in an unencrypted state, wherein N is an integer greater than or equal to 1, and smaller than or equal to M ([0021] Illustrates a diagram of a conventional secret sharing technique, splitting operation 104 splits secret message S 102 into N shares 106 (s.sub.1, s.sub.2, s.sub.3, . . . , s.sub.N), with T being the threshold number. Here, secret message S 102 may be a sequence of unencrypted bytes (e.g., clear text) representing confidential information. N may be a positive integer greater than or equal to two. T may be a positive integer greater than or equal to two, and T is less than N. The N shares 106 may be distributed amongst a number of participants in such a way that the only way to reconstruct the secret message S 102 is to have access to at least some number of shares. This number is called the threshold number (T). The secret message S 102 cannot be reconstructed by having access to the number of shares that is less than the threshold number T. [0024]: Splitting operation 104 may use a splitting function of the Shamir secret sharing scheme (S4) to split the original secret message S 102. Splitting operation 104, running on a splitting computing device, may call an s4_split (S, T, N) function which uses the Shamir secret sharing algorithm to split secret message S 102 into N shares with the threshold number being T. [0034]). Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of secret sharing disclosed by Gladwin and APA_NXP to include wherein the determining method comprises providing to a device (200) at least N of M of the data element shares (52) of in an unencrypted state, wherein N is an integer greater than or equal to 1, and smaller than or equal to M.
This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to provide hybrid secret sharing to enhance performance of computing devices and efficiently detect possible share tampering without having to access a more than necessary threshold number of shares during the secret reconstruction phase as suggested by Vakili ([0027-0028]).

As per claim 9:
Vakili discloses wherein providing at least N of M of the data element shares (52) in an unencrypted state comprises providing each of the at least N data element shares in an encrypted state to the device (200), unencrypting each of the at least N data element shares in an encrypted state on the device (200) and thus getting the at least N data element shares in an unencrypted state ([021] : Secret message S 102 may be a sequence of unencrypted bytes (e.g., clear text) representing confidential information. N may be a positive integer greater than or equal to two. T may be a positive integer greater than or equal to two, and T is less than N. The N shares 106 may be distributed amongst a number of participants in such a way that the only way to reconstruct the secret message S 102 is to have access to at least some number of shares. This number is called the threshold number (T). The secret message S 102 cannot be reconstructed by having access to the number of shares that is less than the threshold number T).

As per claim 10:
Vakili discloses wherein providing each of the at least N data element shares in an encrypted state to the device (200) comprises providing at least N encrypted data element shares (55) to the device (200) ([0032] Splitting operation 204 may split the symmetric encryption key K 206 in such a way that the only way to reconstruct the symmetric encryption key K 206 is to have access to at least the threshold number (T) of key shares 208. Splitting operation 204 may use a splitting function of the Shamir secret sharing scheme (S4) to split the symmetric encryption key K 206. Splitting operation 204 may call an s4_split (K, T, N) function which uses Shamir secret sharing algorithm, as described above, to split the symmetric encryption key K 206 into an N number of key shares 214 with the threshold number being T), and
wherein the determining method further comprises providing at least N decryption keys (45) to the device (200) wherein each of the at least N decryption keys (45) corresponds to a respective encryption key (42) used to generate the at least N encrypted data element shares (55) that are provided to the device (200) ([0041] The received T number of messages 302, the decryption computing device may extract key shares 306 (k.sub.1, k.sub.2, k.sub.3, . . . , k.sub.T) from (M.sub.1, M.sub.2, M.sub.3, . . . , M.sub.N). Then, combining operation 308 combines key shares 306 (k.sub.1, k.sub.2, k.sub.3, . . . , k.sub.T) to generate the symmetric encryption key K 206. In one embodiment, combining operation 308 may call an s4_combine({k.sub.1, k.sub.2, k.sub.3, . . . , k.sub.T}) function that uses the Shamir secret sharing algorithm to generate the symmetric encryption key K 206).

As per claim 12:
Claim 12 is directed to comprise features of claims 1, 2 and 6 combined and therefore claim 12 is rejected with the same rationale given above to reject claims 1, 2, and 6.

As per claim 13:
Claim 13 is directed to comprise the features of claims 1 and 8 combined and therefore claim 13 is rejected with the same rationale given above to reject claims 1 and 8.

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Gladwin et al. (Hereinafter referred to as Gladwin, US 20190109711 A1) in view of Admitted Prior Art NXP® in view of Secure microcontroller SmartMX®3P71D321 (Hereinafter referred to as APA_NXP) in further view of Miller et al. (Hereinafter referred to as Miller, US. Pub. No.: US 20140089683 A1).

As per claim 5:
Gladwin and APA_NXP do not explicitly disclose storing each of the M encryption keys (42) on a separate encryption key storage unit (30A), respectively, providing M data storage units (30), wherein each of the M data storage units (30) respectively comprises, one encryption key storage unit (30A) of the separate encryption key storage units (30A) and one data share storage unit (30B) of the separate data share storage units (30B), wherein the encryption key (42) stored in the encryption key storage unit (30A) of the respective data storage unit (30) is used to generate the encrypted data element share (55) stored in the respective data share storage unit (30B) of the respective data storage unit (30).
Miller, in analogous art however, discloses storing each of the M encryption keys (42) on a separate encryption key storage unit (30A), respectively ([0033]: generating shares and secrets encrypting keys is located within a shelf or storage device), and providing M data storage units (30), wherein each of the M data storage units (30) respectively comprises ([0031] Each share 135A-N may be distributed to and stored on a corresponding storage device 150A-N), one encryption key storage unit (30A) of the separate encryption key storage units (30A) and one data share storage unit (30B) of the separate data share storage units (30B), wherein the encryption key (42) stored in the encryption key storage unit (30A) of the respective data storage unit (30) is used to generate the encrypted data element share (55) stored in the respective data share storage unit (30B) of the respective data storage unit (30) ([0031] Each share 135A-N may be distributed to and stored on a corresponding storage device 150A-N. The storage devices 150A-N may be split up and stored within four shelves or more. [0035] Each storage device 150A-N may generate and utilize a key for encrypting the data that is stored on the device. Each storage device 150A-N may include a hardware encryption mechanism that utilizes the key for encrypting the data stored on the device. Each key may be encrypted independently and separately from the data that is encrypted and stored on each storage device. The key for each storage device may be encrypted using both the master secret 120 and a second value specific to the corresponding storage device). 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of secret sharing disclosed by Gladwin and APA_NXP to include the above recited This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to use a secret sharing scheme to prevent unauthorized access to one or more of the storage devices of the storage system as suggested by Miller ([0005; 0009]).

Allowable Subject Matter
Claim 11 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims provided that each and every rejection and objections are overcome. . After consideration of the applicant’s correspondence filed on January 29, 2021, through examination of the claims with search, the pertinent prior arts of record, either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of claim 11.

Conclusion
The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior arts.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TECHANE GERGISO/Primary Examiner, Art Unit 2494