DETAILED ACTION
Notice of Pre-AIA or AIA Status
This Office Action is in response to the amendment filed on 02/25/2026 having claims 1-20 pending.
Claims 1-20 are examined and being considered on the merits.
Claims 1, 7 and 17-20 have been amended, and all other claims are previously presented.
Claims 1-20 are submitted for examination.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Response to Arguments
Applicant’s amendment filed on February 25, 2026 has claims 1, 7 and 17-20 have been amended, and all other claims are previously presented.
Applicant’s remark, filed on February 25, 2026 at pages 8-9, indicates, “Without acquiescing to the merits of the objection, Applicant herein has amended the subject claim, in accordance with the amendments agreed to during the telephone interview. Specifically, claim 7 has been amended to recite: re-encrypted using the [[a]] third-party public key... . Withdrawal of the pending objection is, therefore, respectfully requested.
Applicant’s argument has been considered and is found persuasive. Therefore, the claim objection has been withdrawn.
Applicant’s remark, filed on February 25, 2026 at pages 9-10, indicates, “According to the Office Action, this application includes one or more claim limitations that do not use the word "means," but are nonetheless being interpreted under 35 U.S.C. 112(f) because the claim limitation uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation is: "one or more processing units...;" in claim 18. Applicant respectfully disagrees and does not intend to have this limitation interpreted under 35 U.S.C. 112(f). … claim 18 recites sufficient structure and is not subject to interpretation under 35 U.S.C. 112(f), as improperly adopted in the Office Action. Nonetheless, to advance prosecution Applicant submits that claim 18 as amended addresses the 35 U.S.C. 112(f) interpretation, reciting: one or more processors
Applicant’s argument has been considered and is found persuasive. Therefore, claim interpretation under 112(f) has been withdraw.
Applicant’s remark, filed on February 25, 2026 at page 10, indicates, “Applicant respectfully submits that the Office Action incorrectly classifies the claimed invention as being directed to non-statutory subject matter, or submits that the claimed invention does fall within at least one of the four categories of patent eligible subject matter. Without acquiescing to the merits of the rejection, Applicant has amended herein claim 1, in accordance with the amendments agreed to during the telephone interview. Specifically, claim 1 has been amended to recite: one or more processors to enable a server to accumulate a plurality of encrypted shards that are received in the server at different timepoints, For at least the reasons discussed above, Applicant respectfully submits that claim 1 is also patent eligible over 35 U.S.C. § 101. Accordingly, Applicant respectfully requests reconsideration and withdrawal of the rejection of claim 1 under 35 U.S.C. § 101.”
Applicant’s argument has been considered and is found persuasive. Therefore, the previous claim rejection under 35 U.S.C. § 101 is hereby withdrawn.
Applicant’s remark, filed on February 25, 2026 at pages 11-14, indicates, “Applicant respectfully asserts that the cited combination of Sokolov and Pinkerton does not disclose "a server to accumulate a plurality of encrypted shards that are received in the server at different timepoints" and "the process to communicate with a trusted server separate from the server and to cause decryption and combination to be performed on the plurality of encrypted shards to provide access to the secret," as recited by currently amended claim 1. … Sokolov only allegedly discloses shards that are received in the server at a single timepoint, however, and is silent toward shards that are received in the server at different timepoints. … Sokolov only allegedly describes the shares being ("shards") sent, rather than the shares being received. Also, this portion of Sokolov only allegedly describes waiting until after all devices are logged-in to send the shares at the same time, rather than at different times. According to the Office Action, "k" is interpreted as being less than the total number of chards, however, the cited portion of Sokolov states that "k" is equal to "a total number of different shares into which the encryption key may be divided." Therefore, all devices must be logged in before proceeding, rather than less than "the total number" as alleged by the Office Action. … Sokolov only allegedly discloses a process to communicate with the "accumulating" server, however, and is silent toward a process to communicate with a "trusted" server, which is also recited as separate from the "accumulating" server. … Pinkerton generally discloses sharing of encrypted files without decryption. Applicant respectfully submits that Pinkerton cannot make up for the deficiencies in Sokolov with respect to independent claim 1. For example, Pinkerton does not disclose features such as "a server to accumulate a plurality of encrypted shards that are received in the server at different timepoints" and "the process to communicate with a trusted server separate from the server and to cause decryption and combination to be performed on the plurality of encrypted shards to provide access to the secret," as recited in currently amended claim 1. Therefore, Applicant respectfully submits that Pinkerton does not make up for the deficiencies. For at least the reasons discussed above, Applicant respectfully submits that Sokolov and Pinkerton, alone or in combination, do not disclose the features of independent claim 1 as amended. Accordingly, the proposed combination cannot render independent claim 1 unpatentable under 35 U.S.C. §103. Therefore, Applicant respectfully submits that claim 1 is allowable under 35 U.S.C. § 103 over the cited references and requests withdrawal of the rejection.”
Applicant’s argument has been considered and is found persuasive. Therefore, the previous prior-art rejection is withdrawn. However, Applicant’s amendment necessitates a new ground of rejection.
Accordingly, a new ground of rejection based on a new combination of prior-art references by Sokolov et al. (US 11,184,169) in view of Tobias et al. (US 11,349,656), hereinafter Tobias, and Pinkerton et al. (US 2021/0112039), hereinafter Pinkerton, has been applied to the amendment. Examiner acknowledges that the previous combination of Sokolov and Pinkerton is silent regarding the claimed feature “… encrypted shards that are received in the server at different timepoints…”. However, newly applied art by Tobias discloses a method where a dataset comprising a cryptographic key is fragmented (i.e., sharded) and are transmitted at different times to a storage device (See Col. 4, lines 34-37; Col. 6, lines 9-11 and Col. 11, lines47-51).
Examiner respectfully traverses the Applicant’s argument regarding Sokolov does not teach a second server, claimed as “trusted server separated from the server”. Examiner has provided additional citation where there is a disclosed computing device 202 and a server 206, where the computing device could be a server, and is therefore, interpreted as the trusted server separated from the claimed server that stores the encrypted shards. This is in particular supported by Sokolov’s drawing in Fig. 2, which shows a system comprising a computing device, a server and crowd workers. Sokolov, in Col. 7, lines 9-24, teaches that the computing device 202 could be implemented as a server, which would be reasonably construed as the claimed trusted server. Therefore, Sokolov’s computing device 202 is separate/remote from server 206 (i.e., accumulating server). In addition, col. 9, lines 43-47 of Sokolov teaches: “in some examples, method 300 may include receiving, at the client computing devices (i.e., remote/trusted server) and from the servers, messages indicating the servers (i.e., accumulating server) have accumulated enough of the encrypted shared of encryption keys to recover the encryption keys”. Therefore, it is submitted that Sokolov discloses a server accumulating encrypted shards and a remote server where a decryption process is executed in order to recover the secret. Please refer to the detailed rejection below.
Finally, Examiner respectfully submits that the new combination of Sokolov, Tobias and Pinkerton would render the claimed limitations of the amended independent claim obvious.
Regarding amended independent claims 11 and 18, has been considered and is addressed based on the same rationale presented for the amended independent claim 1. See item 10.
Regarding dependent claims 2-10, 12-17 and 19-20 please refer to the aforementioned response, which addresses how the new combination of prior-art references by Sokolov, Tobias and Pinkerton would render the claimed limitations obvious.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 10-12 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Sokolov et al. (US 11,184,169) in view of Tobias et al. (US 11,349,656) hereinafter Tobias and Pinkerton et al. (US 2021/0112039) hereinafter Pinkerton.
As per Claim 1, Sokolov teaches [a system for protecting secrets with multi-party approval in a computer network], comprising:
one or more processors (Sokolov, Col. 5-6, lines 65-3; “As illustrated in FIG. 1, example system 100 may also include one or more physical processors, such as physical processor 130. Physical processor 130 generally represents any type or form of hardware-implemented processing unit capable of interpreting and/or executing computer-readable instructions.”) to enable a server to accumulate a plurality of encrypted shards that are received in the server [at different timepoints], the plurality of encrypted shards associated with a secret (Sokolov, Col. 2, lines 18-24; “In an embodiment, the method may include (i) receiving, at the server, the plurality of encrypted shares of the encryption key (i.e., secret) and/or (ii) storing (i.e., accumulating), on a digital information storage device at the server, the plurality of encrypted shares of the encryption key and identifiers of crowd worker computing devices associated with each share of the plurality of encrypted shares of the encryption key.” … Col. 4, lines 12-24; “Client computing devices may perform a “secret sharing scheme” cryptography technique to divide the encryption keys into many different shares. The client computing devices may encrypt the shares with public keys of public-private key pairs of the crowd worker computing devices. Individual shares may be copied multiple times, with each copy being encrypted with a different public key from public-private key pairs of the crowd worker computing devices. The number of shares may be less than the number of crowd worker computing devices calculated to be available for subsequent key recovery. The encrypted shares may be stored on servers such as cloud-based storage devices.”), the server further to enable a process that is remote from the server upon accumulating a predetermined number of the plurality of encrypted shards (Sokolov, Col. 9, lines 43-47; “In some examples, method 300 may include receiving, at the client computing devices (i.e., remote/trusted server) and from the servers, messages indicating the servers have accumulated enough of the encrypted shared of encryption keys to recover the encryption keys”. Examiner submits, Computing device 202 has been interpreted as remote/trusted server), the process to communicate with a trusted server separate from the server and to cause decryption and combination to be performed on the plurality of encrypted shards to provide access to the secret (Sokolov, Col. 4-5, lines 56-3; “Client computing devices may (i) receive a plurality of encrypted shares of the encryption keys from the server in response to the recovery request, where the encrypted shares may be encrypted with the new public key of the new public-private key pair, (ii) decrypt the plurality of encrypted shares of the encryption key with the new private key of the new public-private key pair, (iii) recover the encryption keys from the decrypted plurality of shares of the encryption keys and/or (iv) store the recovered encryption keys on keychains at the client computing devices. In some examples, client computing devices may then retrieve encrypted digital information (e.g., stored on cloud-based storage devices and/or other digital information storage devices) and decrypt the encrypted digital information with the encryption keys.” … Col. 7, lines 9-24; “Computing device 202 generally represents any type or form of computing device capable of reading computer-executable instructions. In some examples, computing device 202 may represent a computer running security software, such as anti-malware software and/or encryption software. Additional examples of computing device 202 include, without limitation, laptops, tablets, desktops, servers, cellular phones, Personal Digital Assistants (PDAs), multimedia players, embedded systems, wearable devices (e.g., smart watches, smart glasses, etc.), smart vehicles, smart packaging (e.g., active or intelligent packaging), gaming consoles, so-called Internet-of-Things devices (e.g., smart appliances, etc.), variations or combinations of one or more of the same, and/or any other suitable computing device.” … Col. 9, lines 43-47; “In some examples, method 300 may include receiving, at the client computing devices (i.e., remote/trusted server) and from the servers, messages indicating the servers have accumulated enough of the encrypted shared of encryption keys to recover the encryption keys” … Col. 10, lines 18-36; “As illustrated in FIG. 3, at step 310 one or more of the systems described herein may decrypt the pluralities of encrypted shares of the encryption keys with first private keys of the first public-private key pairs. The systems described herein may perform step 310 in a variety of ways. For example, decrypting module 112 may, as part of computing device 202, server 206, and/or at least one of crowd worker computing devices 208A-208N in FIG. 2, decrypt the plurality of encrypted shares of the encryption key 123 with first private key 127 of first public-private key pair 122. As illustrated in FIG. 3, at step 312 one or more of the systems described herein may recover the encryption keys from the decrypted pluralities of shares of the encryption keys (i.e., once the encrypted shares are decrypted, the user has access to the secret). The systems described herein may perform step 312 in a variety of ways. For example, recovering module 114 may, as part of computing device 202, server 206, and/or at least one of crowd worker computing devices 208A-208N in FIG. 2, recover encryption key 124 from decrypted plurality of shares of the encryption key 128.” Examiner submits that the process performed by the server is interpreted as, once the server 206 accumulates the necessary encrypted shares, proceeds to request computing device 202 to start the process for decrypting the shares in order to provide access to the secret.).
Sokolov does not expressly teaches:
received encrypted shards … at different timepoints; and
a system for protecting secrets with multi-party approval in a computer network.
However, Tobias teaches:
received encrypted shards … at different timepoints (Tobias, Col. 4, lines 34-37; “generate a plurality of datasets corresponding to a plurality of data fragments constituting the data object, each dataset comprising encryption keys used to encrypt the corresponding data fragments.” … Col. 6, lines 9-11; “The secure platform 120 then stores the encrypted fragments on various storage devices or locations 140-170.” … Col. 11, lines47-51; “In some embodiments, the communication pathways may comprise a plurality of transmissions along one or more of the same physical pathways such that one or more of data fragments (i.e., encrypted shards), manifests, and/or encryption key information may be transmitted at different times.”)
Sokolov and Tobias are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for protecting a secret from attacks.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Tobias system into Sokolov system, with a motivation to provide a method comprising sending encrypted shards at different times for storage (Tobias, Col. 11, lines47-51).
The combination of Sokolov and Tobias does not expressly teach:
a system for protecting secrets with multi-party approval in a computer network
However, Pinkerton teaches:
a system for protecting secrets with multi-party approval in a computer network (Pinkerton, Fig 1 and Fig 3; Examiner submits that the drawings clearly show a system where a set of authorized delegate devices protect the secret by means of splitting the secret and encrypting it. … Parag. [0055]; “For example, FIG . 3 is a block diagram of an example process for generating a set of key shards, based on a cryptographic key, of which a threshold number of the key shards can be used to reconstitute a cryptographic key. As shown, device A is an originating device and devices B through F are delegate devices.”).
Sokolov, Tobias and Pinkerton are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for protecting a secret from attacks.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Pinkerton system into Sokolov-Tobias system, with a motivation to provide a multi-party environment where some participants are required to protect and reconstitute a secret. (Pinkerton, Parag. [0055]).
As per claim 2, the combination of Sokolov, Tobias and Pinkerton teach the system of claim 1. Pinkerton teaches wherein the decryption and the combination to be performed on the plurality of encrypted shards provide a key to be used to decrypt an encrypted version of the secret as part of the access to the secret (Pinkerton, Parag. [0029]; “The cryptographic key can be reconstituted with a threshold number of computing devices that utilize their private keys to decrypt their respective key shards. Specifically, the threshold number of decrypted key shards can be used to reconstitute the cryptographic key, which can then be used to decrypt the encrypted data.”).
As per claim 10, the combination of Sokolov, Tobias and Pinkerton teach the system of claim 1. Sokolov teaches wherein the plurality of encrypted shards comprise parts of the secret or comprise parts of a key to decrypt an encrypted version of the secret (Sokolov, Col. 2, lines 18-24; “In an embodiment, the method may include (i) receiving, at the server, the plurality of encrypted shares of the encryption key (i.e., secret) and/or (ii) storing (i.e., accumulating), on a digital information storage device at the server, the plurality of encrypted shares of the encryption key and identifiers of crowd worker computing devices associated with each share of the plurality of encrypted shares of the encryption key.”).
As per claim 11, it is a method claim that recites similar limitations as presented on independent claim 1. Therefore, claim 11 is rejected using the same rationale applied to claim 1.
As per claim 12, the rejection of claim 11 is included. In addition, claim 12 is a method claim that recites similar limitation as presented at claim 2. Therefore, claim 12 is rejected using the same rationale applied to claim 2.
As per claim 18, it is a system claim that recites similar limitations as presented on independent claim 1. Therefore, claim 18 is rejected using the same rationale applied to claim 1.
Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Sokolov et al. (US 11,184,169) in view of Tobias et al. (US 11,349,656) hereinafter Tobias and Pinkerton et al. (US 2021/0112039) hereinafter Pinkerton as applied to claim 2, and further in view of Spector (US 2013/0042112).
As per claim 3, the combination of Sokolov, Tobias and Pinkerton teach the system of claim 2.
The combination of Sokolov, Tobias and Pinkerton does not expressly teach:
wherein the key is used with an initialization vector to decrypt the encrypted version of the secret.
However, Spector teaches:
wherein the key is used with an initialization vector to decrypt the encrypted version of the secret (Spector, Parag. [0008]; “The secret key along with the initialization vector, which can include authentication information and tracking data, is used to decrypt the encrypted data.”).
Sokolov, Tobias, Pinkerton and Spector are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for protecting a secret from attacks.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Spector system into Sokolov-Tobias-Pinkerton system, with a motivation to provide an initialization vector to decrypt an encrypted secret. (Spector, Parag. [0008]).
As per claim 13, the rejection of claim 12 is included. In addition, claim 13 is a method claim that recites similar limitation as presented at claim 3. Therefore, claim 13 is rejected using the same rationale applied to claim 3.
Claims 4-6, 9, 14-16 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Sokolov et al. (US 11,184,169) in view of Tobias et al. (US 11,349,656) hereinafter Tobias and Pinkerton et al. (US 2021/0112039) hereinafter Pinkerton as applied to claim 2, and further in view of Bernat et al. (US 2017/0331626).
As per claim 4, the combination of Sokolov, Tobias and Pinkerton teach the system of claim 2. Sokolov teaches wherein the process is further to:
[use one or more randomizers to provide the secret and the key];
encrypt the secret with at least the key to provide the encrypted version of the secret; and
enable splitting and encryption of the key to provide a version of the plurality of encrypted shards (Sokolov, Col. 6-7, lines 60-9; “For example, and as will be described in greater detail below, one or more of modules 102 may cause at least a portion of computing device 202, server 206, and/or crowd worker computing devices 208A-208N to (i) send, from computing device 202 and to server 206, recovery request 121, (ii) create first public-private key pair 122, (iii) receive a plurality of encrypted shares of an encryption key 123 from server 206 in response to recovery request 121 (i.e., process), where the encrypted shares of the encryption key 123 may be encrypted with first public key 125 of first public-private key pair 122, and/or (iv) perform security action 126 including (A) decrypting the plurality of encrypted shares of the encryption key 123 with first private key 127 of first public-private key pair 122 and/or (B) recovering encryption key 124 from the decrypted plurality of shares of the encryption key 128.”),
In addition, Pinkerton teaches:
encrypt the secret with at least the key to provide the encrypted version of the secret (Pinkerton, Parag. [0062]; “As shown, the archive file 400 may include an entire cryptographic key that has been encrypted with a backup public key or another asymmetric encryption technique.”)
wherein the splitting is performed according to the predetermined number of the plurality of encrypted shards (Pinkerton, Parag. [0029]; “The cryptographic key can be reconstituted with a threshold number of computing devices that utilize their private keys to decrypt their respective key shards. Specifically, the threshold number of decrypted key shards can be used to reconstitute the cryptographic key, which can then be used to decrypt the encrypted data.”).
The combination of Sokolov, Tobias and Pinkerton does not expressly teach:
use one or more randomizers to provide the secret and the key
However, Bernat teaches:
use one or more randomizers to provide the secret (Bernat, Parag. [0017]; “FIG. 2 is a system diagram with multiple storage devices 102, generating a secret “A” 210 and shares of the secret. A secret generator 108, which could belong to one of the storage devices 102 or be a shared resource, generates secret “A” 210, for example as a random number from a seed 224 for an initial operation, or in an ongoing operation from a long-ago seed 224 in some embodiments.”)
Sokolov, Tobias, Pinkerton and Bernat are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for protecting a secret from attacks.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Bernat system into Sokolov-Tobias-Pinkerton system, with a motivation to generate and provide a secret based on a secure random algorithm. (Bernat, Parag. [0017] and Fig. 2)
As per claim 5, The combination of Sokolov, Tobias, Pinkerton and Bernat teach the system of claim 4. Pinkerton teaches wherein individual ones of the version of the plurality of encrypted shards are encrypted using individual ones of a plurality of public keys associated with individual ones of a plurality of different approvers (Pinkerton, Parag. [0059]; “In step 208, each of the N key shard is encrypted with one of N public keys associated with a respective delegate device to create N encrypted key shards.”)
As per claim 6, The combination of Sokolov, Tobias, Pinkerton and Bernat teach the system of claim 5. Pinkerton teaches wherein the individual ones of a plurality of public keys are associated with respective ones of a plurality of private keys that belong to respective ones of the different approvers (Pinkerton, Parag. [0059]; “In step 208, each of the N key shard is encrypted with one of N public keys associated with a respective delegate device to create N encrypted key shards.”).
As per claim 9, The combination of Sokolov, Tobias and Pinkerton teach the system of claim 1.
The combination of Sokolov, Tobias and Pinkerton does not expressly teach:
wherein the process is further to:
[use one or more randomizers to provide a new key to be used with the secret or to provide a new secret];
encrypt the secret or the new secret with at least the new key to provide a new encrypted version of the secret; and
perform a splitting and encryption on the new key or the new secret to provide a version of a plurality of new encrypted shards (Sokolov, Col. 6-7, lines 60-9; “For example, and as will be described in greater detail below, one or more of modules 102 may cause at least a portion of computing device 202, server 206, and/or crowd worker computing devices 208A-208N to (i) send, from computing device 202 and to server 206, recovery request 121, (ii) create first public-private key pair 122, (iii) receive a plurality of encrypted shares of an encryption key 123 from server 206 in response to recovery request 121 (i.e., process), where the encrypted shares of the encryption key 123 may be encrypted with first public key 125 of first public-private key pair 122, and/or (iv) perform security action 126 including (A) decrypting the plurality of encrypted shares of the encryption key 123 with first private key 127 of first public-private key pair 122 and/or (B) recovering encryption key 124 from the decrypted plurality of shares of the encryption key 128.” Examiner submits that the merely specifying that generating a new key to provide a new version of encrypted secret does not represent a substantive structural or functional difference, but rather a matter of design choice. To one of ordinary skill in the art is very common to modify or regenerate a new key to keep the secret secure.),
In addition, Pinkerton teaches:
encrypt the secret or the new secret with at least the new key to provide a new encrypted version of the secret (Pinkerton, Parag. [0062]; “As shown, the archive file 400 may include an entire cryptographic key that has been encrypted with a backup public key or another asymmetric encryption technique.” Examiner submits that the merely specifying that generating a new key to provide a new version of encrypted secret does not represent a substantive structural or functional difference, but rather a matter of design choice. To one of ordinary skill in the art is very common to modify or regenerate a new key to keep the secret secure.)
wherein the splitting is performed to enable a new predetermined number of the plurality of encrypted shards (Pinkerton, Parag. [0029]; “The cryptographic key can be reconstituted with a threshold number of computing devices that utilize their private keys to decrypt their respective key shards. Specifically, the threshold number of decrypted key shards can be used to reconstitute the cryptographic key, which can then be used to decrypt the encrypted data.”).
The combination of Sokolov, Tobias and Pinkerton does not expressly teach:
use one or more randomizers to provide the secret and the key
However, Bernat teaches:
use one or more randomizers to provide a new key to be used with the secret or to provide a new secret (Bernat, Parag. [0017]; “FIG. 2 is a system diagram with multiple storage devices 102, generating a secret “A” 210 and shares of the secret. A secret generator 108, which could belong to one of the storage devices 102 or be a shared resource, generates secret “A” 210, for example as a random number from a seed 224 for an initial operation, or in an ongoing operation from a long-ago seed 224 in some embodiments. Each new secret could be independent of previous secrets, or could be based on one or more of them, e.g., as a seed 224, in various embodiments.”)
Sokolov, Tobias. Pinkerton and Bernat are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for protecting a secret from attacks.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Bernat system into Sokolov-Tobias-Pinkerton system, with a motivation to generate and provide a secret based on a secure random algorithm. (Bernat, Parag. [0017] and Fig. 2)
As per claim 14, the rejection of claim 12 is included. In addition, claim 14 is a method claim that recites similar limitation as presented at claim 4. Therefore, claim 14 is rejected using the same rationale applied to claim 4.
As per claim 15, the rejection of claim 14 is included. In addition, claim 14 is a method claim that recites similar limitation as presented at claim 5. Therefore, claim 15 is rejected using the same rationale applied to claim 5.
As per claim 16, the rejection of claim 15 is included. In addition, claim 16 is a method claim that recites similar limitation as presented at claim 6. Therefore, claim 16 is rejected using the same rationale applied to claim 6.
As per claim 19, the rejection of claim 18 is included. In addition, claim 19 is a system claim that recites similar limitation as presented at claim 4. Therefore, claim 19 is rejected using the same rationale applied to claim 4.
Claims 7, 17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Sokolov et al. (US 11,184,169) in view of Tobias et al. (US 11,349,656) hereinafter Tobias and Pinkerton et al. (US 2021/0112039) hereinafter Pinkerton as applied to claim 1, and further in view of Stockton et al. (US 9,430,655) hereinafter Stockton, Chen et al. (US 5,784,463) hereinafter Chen and Yeshayahu et al. (US 12,327,243) hereinafter Yeshayahu.
As per claim 7, the combination of Sokolov, Tobias and Pinkerton teach the system of claim 1.
The combination of Sokolov, Tobias and Pinkerton does not expressly teach:
wherein the server is further to:
receive a request to perform an application process or for the access to the secret;
provide an approval request token comprising a third-party public key and a version of the one of the plurality of encrypted shards, the version comprising an approver key-encrypted shard that is to be decrypted by an approver private key and that is to be re-encrypted using a third-party public key to provide the one of the plurality of encrypted shards; and
receive, from a host machine, a response token comprising the one of the plurality of encrypted shards.
However, Stockton teaches:
receive a request to perform an application process or for the access to the secret (Stockton, Col. 5, lines 24-26; “During operation, application server 14 sends tokens 24 and random nonce 22 (see FIG. 1) to corresponding token servers 16 in response to a request to recover secret 18'.”);
provide [an approval request token comprising a third-party public key] and a version of the one of the plurality of encrypted shards (Stockton, Col. 6, lines 50-59; “Encryption engine 52 then performs an encryption operation on each transmission to token servers 16 that includes a shared secret 18. For example, in some arrangements, processor 44 forms a string by concatenating a shared secret 18, random nonce 22, and a destination address of application server 14. Encryption engine 52 then applies, to the string, a public key corresponding to the private key of the token server 16 to which that secret share 18 is to be transmitted. Processor 44 then sends the encrypted String to a token server 16 via network interface 42.”), the version comprising an approver key-encrypted shard that is to be decrypted by an approver private key (Stockton, Col. 7, lines 16-21; “During operation, processor 64 receives a secret share 18 via network interface 82. In some arrangements, processor 44 receives an encrypted string that, when decrypted by processor 64 using a private key, reveals secret share 18, random nonce 22, and the destination address of application server 14.”) and [that is to be re-encrypted using a third-party public key to provide the one of the plurality of encrypted shards]; and
receive, from a host machine, a response token comprising the one of the plurality of encrypted shards (Stockton, Col. 6, lines 50-59; “Encryption engine 52 then performs an encryption operation on each transmission to token servers 16 that includes a shared secret 18. For example, in some arrangements, processor 44 forms a string by concatenating a shared secret 18, random nonce 22, and a destination address of application server 14. Encryption engine 52 then applies, to the string, a public key corresponding to the private key of the token server 16 to which that secret share 18 is to be transmitted. Processor 44 then sends the encrypted string to a token server 16 via network interface 42.”).
Sokolov, Tobias, Pinkerton and Stockton are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for protecting a secret from attacks.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Stockton system into Sokolov-Tobias-Pinkerton system, with a motivation to generate a response token comprising a version of an encrypted shard. (Stockton, Col. 6)
The combination of Sokolov, Tobias, Pinkerton and Stockton does not expressly teach:
an approval request token comprising a third-party public key
However, Chen teaches:
an approval request token comprising a third-party public key (Chen, Col. 4, lines 31-42; “Each authorized authentication server is assigned a private key and a corresponding public key by the token issuer or by a certification authority/key management agency 35. In addition, each token includes an embedded public key corresponding to a private key held only by the token issuer or certification authority, and not by the authentication server, and which allows the authentication token to verify the authenticity of the authentication server's public key. The preferred procedure for implementing the invention thus begins with the distribution of a token having embedded therein a public key Pi of the token issuer or certification authority”)
Sokolov, Tobias, Pinkerton, Stockton and Chen are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for protecting a secret from attacks.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Chen system into Sokolov-Tobias-Pinkerton-Stockton system, with a motivation to generate a request token comprising a public key corresponding to a participant device and used to encrypted secret shard. (Chen, Col. 4, lines 31-42)
The combination of Sokolov, Tobias, Pinkerton, Stockton and Chen does not expressly teach:
encrypted shard that is to be decrypted … that is to be re-encrypted using a third-party public key to provide the one of the plurality of encrypted shards;
However, Yeshayahu teaches:
encrypted shard that is to be decrypted … that is to be re-encrypted using a third-party public key to provide the one of the plurality of encrypted shards (Yeshayahu, Col. 1, lines 42-54; “For example, the secret data-item is split into a plurality of shares; each share is encrypted by using a different encryption key that corresponds to a Public Key of a different device; and the encrypted shares are stored across a plurality of storage nodes. Importantly, a dynamic recycling/reshuffling/re-encryption scheme operates, from time to time and/or when one or more conditions hold true, to re-encrypt a particular encrypted share with a different encryption key (that corresponds to a Public Key of a different device), and/or to store such replacement/re-encrypted share in a different storage node. The dynamic re-encrypting and re-shuffling operations increase the resilience of the system towards attacks or security breaches.”)
Sokolov, Tobias, Pinkerton, Stockton, Chen and Yeshayahu are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for protecting a secret from attacks.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Yeshayahu system into Sokolov-Tobias-Pinkerton-Stockton-Chen system, with a motivation to re-encrypt a decrypted shard in order to provide a new encrypted shard. (Yeshayahu, Col. 1, lines 42-54)
As per claim 17, the rejection of claim 11 is included. In addition, claim 17 is a method claim that recites similar limitation as presented at claim 7. Therefore, claim 17 is rejected using the same rationale applied to claim 7.
As per claim 20, the rejection of claim 18 is included. In addition, claim 20 is a system claim that recites similar limitation as presented at claim 7. Therefore, claim 20 is rejected using the same rationale applied to claim 7.
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Sokolov et al. (US 11,184,169) in view of Tobias et al. (US 11,349,656) hereinafter Tobias and Pinkerton et al. (US 2021/0112039) hereinafter Pinkerton as applied to claim 1, and further in view of Le Saint (US 2021/0111875).
As per claim 8, the combination of Sokolov, Tobias and Pinkerton teach the system of claim 1.
The combination of Sokolov, Tobias and Pinkerton does not expressly teach:
wherein the process is a virtual instance to be destroyed upon providing at least the plurality of encrypted shards to the server.
However, Le Saint teaches:
wherein the process is a virtual instance to be destroyed upon providing at least the plurality of encrypted shards to the server (Le Saint, Parag. [0090]; “Share retrieval module 714C-iii may comprise code for obtaining one or more DEK shares. For example, share retrieval module 714C-iii may comprise instructions for waiting/checking for a response from M-1 computing devices. Key destruction module 714C-iv may comprise code for destroying one or more encryption keys and/or shares thereof. For example, key destruction module 714C-iv may comprise instructions for removing transient representations of a local private key, dsi, and of a shared DEK from memory upon the termination of a communication session (e.g. upon shutdown of a computing device in the network).”).
Sokolov, Tobias, Pinkerton and Le Saint are from similar field of technology. Prior to the instant application’s effective filling date, there was a need for a method for protecting a secret from attacks.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Le Saint system into Sokolov-Tobias-Pinkerton system, with a motivation to re-encrypt a decrypted shard in order to provide a new encrypted shard (Le Saint, Parag. [0090]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Johnson et al. (US 2022/0123929) relates to methods, systems, and devices supporting virtual cryptographic key ceremonies are described. A server may receive a plurality of public keys and a plurality of digital signatures comprising data encrypted using a plurality of private keys, where each private key of the plurality of private keys corresponds to a respective public key of the plurality of public keys. The server may generate a quorum token based on the plurality of signatures and the plurality of public keys, where generating the quorum token is based on the plurality of signatures representing at least a threshold number of pools. The server may receive a plurality of encrypted shares associated with respective pools of a plurality of pools, generate a master wrapping key based on generating the quorum token and receiving the plurality of encrypted shares, unwrap a root key using the master wrapping key, and generate a certificate based on the root key.
Suurkivi et al. (US 12,014,361) relates to processing cryptocurrency transactions. A computing platform may receive a transaction request. The computing platform may request SEKs from operator devices, and may receive requests to download encrypted SEKs accordingly. The computing platform may send the encrypted SEKs, and may receive corresponding decrypted SEKs from the operator devices in response. The computing platform may decrypt encrypted shares using the SEKs, and may use the decrypted shares to reconstruct a cryptographic signing key. The computing platform may validate the cryptographic signing key, and based on successful validation of the cryptographic signing key, may transfer authorize the requested transaction.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached at 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/A.D.C./Examiner, Art Unit 2498
/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498