APPLYING A SERVER PARTIAL SECRET KEY CONDITIONAL ON BLOCKED STATUS

DETAILED ACTION This Final Office Action is in response to amendment filed on 01/27/2026. Claims 1-3, 6-8 and 11 have been amended. Claims 1-11 remain pending in the application. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment Applicant’s claims amendments to has overcome the USC 112 rejections previously set forth in the Non-Final Office Action mailed on 11/14/2025. Response to Arguments Applicant's arguments filed 01/27/2026 have been fully considered but they are not persuasive. Applicant stated in Page 7 “First, the combination of cited references does not teach or suggest "determining that the server partial secret key is able to be validly applied by determining that the server partial secret key is not blocked from being applied by a stored indication that the server partial secret key corresponding to the user device is blocked," as recited in Applicant's Claim 1…nowhere does Day explicitly recite that any indication of session expiration/termination is stored. Moreover, Applicant cannot find anywhere Day discloses storage of any flag or other indication that a key portion is blocked. Instead, it seems the Office alleged that Day inherently stores an "indication" in order to perform step 720… Contrary to the Office's assertion, storing an indication of session expiration/termination does not "necessarily flow[]" from the fact that a session expires or terminates, nor is storing an indication of session expiration/termination in Day necessary to perform step 720. Instead, as just one example, the mere inability to access a session can itself be indicative that the session is expired/terminated; no stored indication is required.” Examiner respectfully disagrees. Examiner asserts that an “indication” allows for broader interpretations. Furthermore, from a prospective of the system executing the steps illustrated in Figure 7, the system in step 720 determines whether the session key portion is valid, e.g. the session associated with the session key has not been expired. In order for the system to determine whether the session associated with the session key has or has not been expired, the system has to rely on some indication/value/information to determine that the session associated with the session key has or has not been expired. In order for the conditional step to be executed, there is a need to some indication/value/information to fulfil the statement posed by this step, i.e. is the session key valid?. Furthermore, irrespective of whether the expiration in [0051] pertains to the session expiration or the session key expiration, the expiration affects the validity of the key and determine its validity. Furthermore, [0059] explicitly discloses a scenario that a decryption key, which comprises the session key, is valid before an expiration time and invalid afterwards. Applicant further stated in Page 7-8 “Second, the combination of cited references also does not teach or suggest "interacting with the user device to perform the requested cryptographic operation, such that the user device applies the user partial secret key and the validation server applies the server partial secret key." As can be appreciated, Claim 1, therefore, calls for an interaction in which "the user device applies the user partial secret key" and "the validation server applies the server partial secret key" (emphasis added). That is, both the user device and the validation server apply their respective secret key. In stark contrast, when client data in Day is to be encrypted or decrypted, Day explicitly describes that the server application 106 generates a combined encryption key 302 or combined decryption key 402 from the static key portion 114, the session key portion 304, and the client key portion 306 (which it receives from the client application 110), and that the server application 106 encrypts or decrypts the client data using the combined encryption key 302 or combined decryption key 402, respectively. Applicant cannot find anywhere in Day that discloses an interaction in which both the server application 106 and the client application 110 apply their respective key portion, as called for in Applicant's Claim 1.” Examiner respectfully disagrees. Day explicitly discloses the above argued interaction where the client application 110 sends the client key portion 306, as indicated in the above argument and disclosed by Day in e.g. [0025] “The server system can obtain the client key portion from the remote client in response to determining that the transaction involves the encrypted client data. For example, the server system can request the client key portion from the remote client. The remote client can transmit the client key portion via the data network. The server system can generate a combined decryption key from a combination of the static key portion, the session key portion associated with the session, and the client key portion received from the remote client. The server system can use the decryption key to decrypt the client data for the transaction.”, and further in [0038] “In subsequent transactions that involve client data 206 during the session 220, the server application 106 can obtain the client key portion 306 from the client application 110. For example, FIG. 5 is a modeling diagram depicting the server application 106 obtaining the client key portion 306 from the client application 110 to obtain decrypted client data 206 for an additional transaction involving the additional server application 202.”, where the server interacts with the client to obtain the client key portion and use the client key portion in conjunction with the session key portion to create a combined key used for cryptographic operations. Applicant further stated in Pages 8-9 “Third, the combination of cited references also does not teach or suggest "receiving a message to block the server partial secret key corresponding to a particular user device." In rejecting this limitation of Claim 1, the Office relied on the teachings of paragraphs [0020] and [0022] of Day that "[t]he session key portion can be invalidated in response to expiration or other termination of the session with the remote client" and that "[t]he authentication can be terminated by the entity logging out of a server application, the authentication expiring after a period of inactivity or other predetermined time period, etc." and argued that "logging out is interpreted as a message received to terminate a session and accordingly the session key portion being invalid/blocked… Day does not disclose any message that is directed to blocking a key portion. Logging out merely ends a session; it does not instruct the system to block a cryptographic key, nor does it create anything analogous to a persistent block status associated with a particular device. Day appears merely to describe that the session key portion ceases to be usable because the session ends, not because a blocking command is received. There is simply no disclosure in Day of a message that targets the key portion for blocking, as required by Applicant's Claim 1.” Examiner respectfully disagrees. Examiner submits that the message recited in the claim, as drafted and given the broadest reasonable interpretations, can be construed as any form of message or signal that results into invalidating the session and the session key. As discussed above, Day explicitly discloses the system determining when not to use the session key as illustrated in Figure 7 and disclosed in e.g. [0051 and 0059]. Day further discloses that this can take place when the system receives a message or signal indicating that the entity is logging out of the server application as disclosed in e.g. [0022]. Examiner recommends further clarification to recite what the message entails such that the message teaches away from the teaching of Day. Applicant further stated in Page 9 “Fourth, the combination of cited references also does not teach or suggest "storing an indication that the server partial secret key corresponding to the particular user device is blocked." In rejecting this limitation of Claim 1, the Office again relied on the same teachings of paragraphs [0046] and [0051] of Day already addressed above. Accordingly, this limitation is also not taught for at least the same reasons as discussed above. Day simply does not disclose the storing of any indication that its session key portion 304 is blocked.” Examiner respectfully disagrees. Examiner directs the applicant to response in item (a) above. Applicant further argued in Page 9 “Fifth, the combination of cited references also does not teach or suggest "obtaining an updated server partial secret key, corresponding to an updated user partial secret key that collectively form part of the threshold cryptography scheme, wherein the updated partial secret keys still correspond to the public key" ( emphasis added). In rejecting this limitation of Claim 1, the Office relied on FIG. 600 of Day for illustrating that a new/updated session key portion and client key portion are generated. While FIG. 600 and corresponding paragraph [0043] of Day appear to describe generating a new session key portion and client key portion when a new session begins, nowhere does Day describe or suggest obtaining an updated session key portion and an updated client key portion that together remain part of a threshold cryptography scheme corresponding to a public key. Rather, Day's keys appear to be temporary symmetric components, regenerated per session, and not tied to any persistent public key. Neither Fletcher nor Harris cure the disclosure deficiencies of Day.” Examiner submits that Fletcher [0068, 0072, 0075, 0122] is relied upon to disclose that the updated partial secret keys still correspond to the public key. Please see detailed rejection below. Examiner further submits that the combination of Day in view of Fletcher discloses the above argued limitations. Examiner recommends further clarifications to the claimed invention such that the claimed invention teaches away from the currently cited prior arts. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-2, 4-7, and 9-11 are rejected under 35 U.S.C. 103 as being unpatentable over Day (US 20150113276 A1) in view of Fletcher (US 20210091934 A1). Regarding claim 1 (Currently Amended), Day teaches a method for applying a server partial secret key conditional on blocked status, wherein the server partial secret key threshold] cryptography scheme public] key (Day [0013] “FIG. 7 is a flow chart illustrating an example method for decrypting client data that is encrypted using a distributed encryption key” applying session key portion, i.e. partial secret key, which is conditional on its validity status, i.e. conditional on blocked status, and a client key portion, i.e. user partial secret key, where both portions combined form the decryption/encryption key as illustrated in Figures 6-7, performed at the server system), the method comprising: receiving the server partial secret key (Day [0033] and Figure 2 illustrates receiving client data 206 by application server 106, accordingly receiving a request 208 by server application 202, where this is interpreted as a request received by the server system, which results into the (intended use) of applying session key portion, i.e. server partial secret key, to perform encrypting/decrypting of client data for a client system 104, [0038] “In subsequent transactions that involve client data 206 during the session 220, the server application 106 can obtain the client key portion 306 from the client application 110. For example, FIG. 5 is a modeling diagram depicting the server application 106 obtaining the client key portion 306 from the client application 110 to obtain decrypted client data 206 for an additional transaction involving the additional server application 202.”, cryptographic operation further illustrated in Figures 6-7); determining is able to be validly be applied by determining that the server partial secret key (Day Figure 7 720, [0046] “…The session key portion 304 can be used during the session 120 to generate a combined decryption key 402. Expiration or termination of the session 120 can cause the session key portion 304 to be invalidated. Invalidating the session key portion 304 can prevent the session key portion 304 from being used to generate a combined decryption key 402.”, [0051] “The method 700 further involves determining whether the session key portion 304 is valid, as depicted in block 720. The session management application 108 can determine whether the session key portion 304 is valid. For example, the session key portion 304 may be invalid if the session 120 has expired or is otherwise terminated by the server application 106. If the session key portion 304 is invalid, the method 700 terminates and method 600 is performed.”, where validity is determining whether the session key portion 304 is not blocked from being applied, where an indication can be by form of expiration or termination, where the indication has to be stored in order for the step 720 to be performed); interacting threshold]of at least two partial secret keys threshold] cryptography scheme threshold]cryptography scheme (Day [0053] discloses interaction between client computing system 104 and server system 102, where the interaction involves the client computing system apply the client key portion 306 by sending the client key portion 306 to the server system to be combined with the applied session key at the server system 102, as illustrated in step 750 to perform cryptographic operation in step 760 of Figure 7); receiving (Day [0020] “The session key portion can be invalidated in response to expiration or other termination of the session with the remote client.”, [0022] “A session can be delineated by a first point in time at which an entity is authenticated and a second point in time at which the authentication is terminated. The authentication can be terminated by the entity logging out of a server application, the authentication expiring after a period of inactivity or other predetermined time period, etc.”, where logging out is interpreted as a message received to terminate a session and accordingly the session key portion being invalid/blocked); storing (Day [0046, 0051] where validity is determining whether the session key portion 304 is not blocked from being applied, where an indication can be by form of expiration or termination, where the indication has to be stored in order for the step 720 to be performed); and obtaining threshold] cryptography scheme wherein the updated [[in]] partial secret keys still correspond to the public key] (Day illustrates generating new/updated session key portion and client key portion in Figure 600 when the session key portion is not valid, where these portions collectively form the encryption/decryption key) Day discloses requiring key portions static, session and client key portions required to produce encryption/decryption keys. Although it would have been obvious for one of ordinary skill in the art to consider the use of public keys and utilizing threshold cryptographic schemes, Day does not explicitly disclose that the key is able to be a public key, and utilizing a threshold cryptographic scheme. Emphasis in italic. Fletcher discloses threshold cryptography scheme associated with a public key and wherein the updated partial secret keys still correspond to the public key (Fletcher [0068] “…at least a threshold number of private key shares must be used to generate a valid signature for any outgoing transfer of digital assets controlled by the congress 110.”. [0072] “…withdrawal of funds is only performed if a number of private key shares exceeding a threshold required to generate a valid digital signature are used by members of the group (i.e., the congress) to approve the withdrawal.”, [0074] “This threshold signature scheme is an extension of a digital signature scheme which is an elliptic curve cryptography based algorithm in which t+1 key shares from a party of n key share holders are required to reconstruct a private key.”, [0075] “Since t+1 key shares are sufficient to reconstruct the secret”, [0122] “In the method 700 of FIG. 7, the congress public key does not change each time the distribution of member deposits changes. When a request to allocate a new key share is detected (at operation 702, which may occur through deposit of digital assets to the public group address), the node 102 collaborates with other members of the congress to issue (at operation 704) new private key shares for the same public key to the new members of the group.”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Day to incorporate the teaching of Fletcher to utilize the above feature, using one of well-known cryptographic schemes, which would make it obvious to try and motivated by protocol being robust against the compromise of a threshold of entities as recognized in [0061]. Regarding claim 6, claim 6 recites similar limitations to claim 1, therefore rejected with the same rationale and motivation applied to claim 1. Regarding claim 11, claim 11 recites similar limitations to claim 1, therefore rejected with the same rationale and motivation applied to claim 1. Regarding claim 2 (Currently Amended), Day in view of Fletcher teaches the method according to claim 1, wherein is able to be validly be applied comprises determining that a current time is within a pre-defined validity schedule (Day [0022] “A session can be delineated by a first point in time at which an entity is authenticated and a second point in time at which the authentication is terminated. The authentication can be terminated by the entity logging out of a server application, the authentication expiring after a period of inactivity or other predetermined time period, etc.”, [0051] “The method 700 further involves determining whether the session key portion 304 is valid, as depicted in block 720. The session management application 108 can determine whether the session key portion 304 is valid. For example, the session key portion 304 may be invalid if the session 120 has expired or is otherwise terminated by the server application 106. If the session key portion 304 is invalid, the method 700 terminates and method 600 is performed.”). Regarding claim 7, claim 7 recites similar limitations to claim 2, therefore rejected with the same rationale and motivation applied to claim 2. Regarding claim 4 (Currently Amended), Day in view of Fletcher teaches the method according to the message to block the server partial secret key (Day [0020] “The session key portion can be invalidated in response to expiration or other termination of the session with the remote client.”, [0022] “A session can be delineated by a first point in time at which an entity is authenticated and a second point in time at which the authentication is terminated. The authentication can be terminated by the entity logging out of a server application, the authentication expiring after a period of inactivity or other predetermined time period, etc.”, where logging out is interpreted as a message received to terminate a session and accordingly the session key portion being invalid/blocked, further see [0051], where the logging out results into generating new key portions for subsequent transactions as illustrated in Figures 6-7). Regarding claim 9, claim 9 recites similar limitations to claim 4, therefore rejected with the same rationale and motivation applied to claim 4. Regarding claim 5 (Currently Amended), Day in view of Fletcher teaches the method according to (Day [0022] “…The authentication can be terminated by the entity logging out of a server application, the authentication expiring after a period of inactivity or other predetermined time period, etc.”). Regarding claim 10, claim 10 recites similar limitations to claim 5, therefore rejected with the same rationale and motivation applied to claim 5. Claims 3 and 8 and are rejected under 35 U.S.C. 103 as being unpatentable over Day (US 20150113276 A1) in view of Fletcher (US 20210091934 A1) and Harris (US 10547444 B2). Regarding claim 3 (Currently Amended), Day in view of Fletcher teaches the method according to While Day in view of Fletcher disclose the aforementioned limitations and although reciting an application allows for brother interpretations, however, Day in view of Fletcher do not explicitly disclose the below limitation. Harris discloses wherein is able to be validly be applied comprises determining that an application of the cryptographic operation complies with a pre-defined set of valid applications (Harris Figure 3 306-310 and Col. 3 line 10-28 “Security analysis is performed in this operational scenario upon the request at step 306. Such analysis at step 306 can include a combination of risk analysis of requests, IP blocking and access rule restrictions to securely store and transmit parts of encryption/decryption keys. For example, this can include at step 306 using artificial intelligence for intrusion detection. Prim's algorithm can also be used within step 306 for security operations. A description of the algorithm is provided in U.S. Pat. No. 8,924,270 entitled “Risk Assessment Rule Set Application For Fraud Prevention”, which document is incorporated herein for all purposes. It should be understood that many other types of security operations can be performed upon the request for the presence of malicious or unauthorized activity. If the security analysis does not indicate any inappropriate activity with respect to the request, the partial key is provided at step 308 to the requester.” where validity is associated with rule restriction associated with an application of encryption/decryption keys, where the rule restriction is associated with satisfied/valid e.g. payment application/transaction, i.e. pre-defined set of valid applications as illustrated in Figure 6 and disclosed in e.g. claim 1). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Day in view of Fletcher to incorporate the teaching of Harris to utilize the above feature, with the motivation of efficiently securing monetary transactions, as recognized by (Harris Abstract, Figure 6, Claim 1 and throughout). Regarding claim 8, claim 8 recites similar limitations to claim 3, therefore rejected with the same rationale and motivation applied to claim 3. Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BASSAM A NOAMAN/Primary Examiner, Art Unit 2497