DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 9/10/2020 has been entered.
 EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Ricardo Claps (Reg No. 65796) on 1/7/2021.
AMENDMENTS TO THE SPECIFICATION
Please amend the specification as filed by including the following paragraph after paragraph [0046] in the section labeled “Brief Description of the Drawings” (cf. US 2018/0191692 A1, the Application), as follows:

[0047] FIG. 6 shows a scenario for the use of an encryption filter for a REST-based data service, provided by one or more servers in a cloud.

AMENDMENTS TO THE CLAIMS
Claim 1. (Currently Amended) A method for encrypted communication between a client and a server, wherein the encrypted communication comprises a first and second query message, each of which contains multiple query elements, and a first and second response message, each of which contains multiple response elements, comprising:
receiving [[of a]] the first query message from the client;
breaking down the first query message into query elements;
determining, for at least one query element in the first query message, whether the at least one query element should be encrypted based on a predetermined configuration;
determining , for each of the query elements that is to be encrypted based on the predetermined configuration, a key data, the key data configured for encryption and for decryption of each of the query elements ;
updating and storing the key data in a key manifest, wherein the key data , and wherein the key manifest comprises information of encryption level performed on each of the query elements based on the key data for encryption;
forming, based on the key data, an encrypted query element;
composing [[a]] the second query message from the query elements of the first query message[[,]] by replacing at least one of the query elements with the encrypted query element 
sending the second query message to the server;
receiving [[a]] the first response message from the server;
breaking down the first response message into the multiple response elements;
determining, whether to decrypt each response element of the first response message, based on the predetermined configuration;
 determining the key data for decryption [[for]] of said each response element that must be decrypted from the key manifest

composing [[a]] the second response message from the multiple response elements of the first response message, wherein said each response element that must be decrypted in the composed second response message is replaced by a corresponding decrypted response element; and
sending the second response message to the client.
Claim 4. (Currently Amended) The method according to claim 1, wherein the determining the key data for encryption and decryption for the query element further depends on the respective query element of [[a]] the first query message
Claim 7. (Currently Amended) The method according to claim 6, wherein [[a]] the key manifest is generated when a new resource is created in response to [[a]] the query message.
Claim 8. (Currently Amended) A device for encrypted communication between a client and a server, wherein the device is disposed between the client and the server, wherein the encrypted communication comprises a first query message and a second query message, each of which contains multiple query elements, [[and]] a first response message and a second response  message, each of which contains multiple response elements, comprising:
computer programming code; and
a computer configured to execute the computer programming code to:
receive [[a]] the first query message from the client;
break down the first query message into query elements;
determine, for at least one query element of the first query message, whether the at least one query element should be encrypted based on a predetermined configuration;
determine , for each of the query elements that is to be encrypted based on the predetermined configuration, [[and]] a key data, the key data configured for encryption and for decryption of [[the]] [[a]] each of query elements ; 
update and store the key data , and wherein the key manifest comprises information of encryption level performed on each of the query elements based on the key data for encryption;
form, based on the key data, an encrypted query element;
compose [[a]] the second query message from the query elements of the first query message, and replace at least one of the query elements in the composed second query message with the encrypted query element 
send the second query message to the server;
receive [[a]] the first response message from the server;
break down the first response message into the multiple response elements;
determine, for each response element of the first response message, whether [[a]] said each response element needs to be decrypted based on the predetermined configuration;
determine the key data for decryption for said each response element that must be decrypted from the key manifest;
compose [[a]] the second response message from the multiple response elements of the first response message[[,]]; 
replace said each response element that must be decrypted in the composed second response message by a corresponding decrypted response element; and
sending the second response message to the client.
Claim 11. (Currently Amended) A non-transitory, computer readable medium storing instructions which, when executed by a computer, cause the computer to perform a method, comprising 
receiving a first query message from a client;

determining, for at least one query element in the first query message, whether the at least one query element should be encrypted based on a predetermined configuration;
determining , for each of the query elements that is to be encrypted based on the predetermined configuration, a key data, the key data configured for encryption and for decryption of [[the]] each of the [[a]] query elements ; 
updating and storing the key data in a key manifest, wherein the key data , and wherein the key manifest comprises information for encryption level performed on each of the query elements based on the key data for encryption;
forming, based on the key data, an encrypted query element;
composing a second query message from the query elements of the first query message[[,]] by replacing at least one of the query elements with the encrypted query element 
sending the second query message to a server;
receiving a first response message from the server;
breaking down the first response message into multiple response elements;
determining, [[for]] whether to decrypt each response element of the first response message, based on the predetermined configuration;
determining the key data for decryption [[for]] of said each response element that must be decrypted from the key manifest
composing a second response message from the multiple response elements of the first response message, wherein said each response element that must be decrypted in the composed second response message is replaced by a corresponding decrypted response element; and
sending the second response message to the client.
Claim 12. (Currently Amended) The device for encrypting communication between a client and a server, according to claim 8, wherein the predetermined configuration only encrypts [[a]] the query element of the first query message that does not affect a functionality of the query element on the server.
Claim 13. (Currently Amended) The device for encrypting communication between a client and a server, according to claim 8, wherein the key data comprises information regarding a type of encryption, an encryption algorithm, and a key name or key name pattern.
Claim 14. (Currently Amended) The device for encrypting communication between a client and a server, according to claim 8, wherein the computer executes the computer programming code to determine a key data for encryption and for decryption is based on the respective query element of a query message
Claim 15. (Currently Amended) The device for encrypting communication between a client and a server, according to claim 8, wherein the communication between the client and the server follows a Representational State Transfer scheme, and each query message and response message are assigned to a resource.
Claim 16. (Currently Amended) The device for encrypting communication between a client and a server, according to claim 15, wherein the key data and corresponding decryption data are different for different resources, and a corresponding key manifest is administrated for each resource.
Claim 17. (Currently Amended) The device for encrypting communication between a client and a server, according to claim 16, wherein [[a]] the key manifest is generated when a new resource is created in response to [[a]] the query message.

Allowable Subject matter
Claims 1-8 and 10-17 are allowed. 
Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
Although the prior arts of record ((Popa, “CRYPTDB: Protecting Confidentiality with Encrypted Query Processing”), Conrad (US 20100145946), and Amenedo (US 20120124369)), A method for encrypted communication between a client and a server, wherein the encrypted communication comprises a first and second query message, each of which contains multiple query elements, and a first and second response message, each of which contains multiple response elements, comprising: receiving the first query message from the client; breaking down the first query message into query elements; determining, for at least one query element in the first query message, whether the at least one query element should be encrypted based on a predetermined configuration; sending the second query message to the server; receiving the first response message from the server; breaking down the first response message into the multiple response elements; determining, whether to decrypt each response element of the first response message, based on the predetermined configuration; composing the second response message from the multiple response elements of the first response message, wherein said each response element that must be decrypted in the composed second response message is replaced by a corresponding decrypted response element; and sending the second response message to the client.
None of the prior arts of record alone or in combination teaches composing the second query message from the query elements of the first query message by replacing at least one of in view of other limitations of the independent claims. 
Updated search has yielded the following list of references that are considered pertinent to the claimed invention:
Persaud (US 20130042106): securely storing data files in, or retrieving data files from, cloud storage. A data file transmitted to cloud storage from a client in an enterprise computing environment is intercepted by at least one network device. Using security information received from a management server, the data file is converted into an encrypted object configured to remain encrypted while at rest in the cloud storage.
Hind (US 6941459):
Vandergeest (US 6975727): An apparatus and method dynamically creates security keys for a subscriber, having at least one preexisting security credential set, and allows the configuration for N key pairs or N keys (where the cryptographic system is a symmetric key system). Such a system provides flexibility in assigning cryptographic algorithms and cryptographic keys to facilitate a change in algorithm without requiring reinitialization of a processing unit or subscriber.
Gvili (US 9749297): Verifiable, secure communications between a sender and a receiver on at least one shared communication channel is provided. A manicoded key encoder produces an argument of knowledge for a secret key to the at least one shared communication channel, and a manicoded message encoder provides an implication argument indicating that knowledge of the secret key enables access to message content of the manicoded message. The argument of knowledge is included in a key manifest for the secret key within a manicoded key, and the implication argument is included in a message manifest of a manicoded message.
However, none of the listed references, wither alone or in combination, teaches: 
None of the prior arts of record alone or in combination teaches composing the second query message from the query elements of the first query message by replacing at least one of the query elements with the encrypted query element determining the key data for decryption of said each response element that must be decrypted from the key manifest; determining, for each of the query elements that is to be encrypted based on the predetermined configuration, a key data, the key data configured for encryption and for decryption of each of the query elements; updating and storing the key data in a key manifest, wherein the key data comprises multiple encryption keys for a given query element, each encryption key having a limited validity before 

Any comments considered necessary by applicant must be submitted no later than payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.''
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANGELA R HOLMES whose telephone number is (571)270-3357.  The examiner can normally be reached on Monday-Friday 8:00AM-4:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR 


/ANGELA R HOLMES/Examiner, Art Unit 2498     

/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498