DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.    The text of those sections of Title 35 U.S. Code not included in this section can be found in the prior office action.
3.    The prior office actions are incorporated herein by reference. In particular, the observations with respect to claim language, and response to previously presented arguments.
4.    Claims 1-20 are pending.

Examiner’s Notes
The current case is being examined under First Action Interview (FAI) procedures. Applicant filed amendments on November 30, 2020 as opposed to filing proposed amendments and an interview request. Examiner called Applicant’s representative to perform the interview and confirm the amendments of November 30, 2020 are intended to be entered (see also interview summary). Examiner is treating the amendments on November 30, 2020 as proposed amendments and is entering in the amendments as an Examiner’s amendment in the office action (see below).
Claim 9 is not considered to be software per se and/or a signal claim because the claimed “one or more computer readable storage media” are defined in the instant specification at paragraph [0066] as not being a signal media. Therefore, there is not 

Applicant’s Arguments
The Applicant’s arguments and the Examiner’s amendments are sufficient to overcome the Drawing objections set forth in the previous Office action.
The Applicant’s arguments and the Examiner’s amendments are sufficient to overcome the claim objections set forth in the previous Office action.
The Applicant’s arguments and the Examiner’s amendments are sufficient to overcome the 35 U.S.C. 103 rejections set forth in the previous Office action.

EXAMINER’S AMENDMENT
9.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Kristine Yates (Reg. No. 75,573) on 04 February 2021.
The application has been amended as follows:

Amendments to the Specification:

Please amend paragraph [0022] as follows: 
115. Examples of data service 101 include, but are not limited to, email services, cloud storage services, social network services, productivity services (e.g. document, spreadsheet, and presentation services), gaming services, communication services, or any other type of data service, variation, or combination thereof. Data service 101 may be implemented in the context of a data center and on one or more physical or virtual computing systems, of which computing system 901 in Figure 9 is generally representative. 

Please amend paragraph [0041] as follows: 
[0041] Both policy key 131A and policy key 131B may be persisted to storage where they reside at rest in their encrypted states. Policy key 131 in its unencrypted state is not persisted to storage [[113]] 115 but rather resides in memory only. Storage [[113]] 115 may be the same or different physical storage than that used to store data 103. 

Please amend paragraph [0044] as follows: 
Once policy key 131 has been decrypted, it may be used to encrypt (or decrypt) data key 140. Data key 140 is persisted to storage [[113]] 115 in its encrypted state and may be read from storage [[113]] 115 in its encrypted state. Data key 140 is encrypted and decrypted in memory using policy key 131 and is not persisted to storage [[113]] 115 in its unencrypted state. Likewise, policy key 131 resides only in memory and is not persisted to storage [[113]] 115. 

Please amend paragraph [0047] as follows: 
Data key 140 in its unencrypted state may be used to protect data 103. That is, data 103 may be encrypted using data key 140 and persisted to storage [[113]] 115 in its encrypted state. Data 103 may also be read from storage [[113]] 115 in its encrypted state and decrypted using data key 140. Data 103 in its unencrypted state may then be provided to one or more applications that requested the data from data service 101. 

Please amend paragraphs [0051-52] as follows: 
[0051] End users represented by end user 111 establish connections and sessions with data service 101 to obtain the application(s) and/or service(s) provided by data service 101 such as email, productivity, gaming, and communication applications and services. User data is generated in the context of the sessions and is persisted to storage [[113]] 115 and the user data is protected using a data key. The data key may be created by data service 101 (or users interfacing with data service 101) and it is protected with the policy key. 

[0052] In order to obtain policy key in an unencrypted form, data service 101 sends a request to key service 105. The request includes the encrypted instance of the policy key that was encrypted using the root key. The request may also include 115. 

Please amend paragraphs [0054-55] as follows: 
[0054] Figure 7 illustrates an operational scenario 700 in which data is protected and stored at rest in storage [[113]] 115. In operation, an unavailability event occurs with respect to computing device 110 or - more specifically - they root key(s) associated with the tenant. For instance, login credentials for key service 105 may have been lost, discarded, or otherwise rendered inoperative. 

[0055] In the meantime, end user 111 sends data to data service 101 to be persisted to storage [[113]] 115. For example, end user 111 may upload a photo or a document, send or receive an email, or otherwise generate data that needs to be stored and encrypted at rest. 

Please amend paragraphs [0058-59] as follows: 
[0058] Data service 101 receives the policy key from key service 105 and responsively retrieves the encrypted data key from storage [[113]] 115. Data service 115 in its encrypted state. 

[0059] Finally, Figure 8 illustrates an operational scenario 800 related to retrieving encrypted data from storage [[113]] 115. In operation, an unavailability event occurs with respect to computing device 110 and/or the tenant access to key service 105. However, end users may continue to request data from data service 101. Data service 101 responds to a given request by sending the encrypted instance of the policy key to key service 105 and optionally with authenticating credentials. Key service 105 attempts to authenticate the request but, because of the unavailable event, the authentication attempt fails. Key service 105 notifies data service 101 of the failure accordingly. 

Please amend paragraph [0061] as follows: 
[0061] Data service 101 receives the policy key from key service 105 and responsively retrieves the encrypted data key from storage [[113]] 115. Data service 101 decrypts the data key with the policy key and uses it (the data key) to decrypt the data read from storage [[113]] 115. The data may then be sent to end user 111 in reply to its initial data request. 

Listing of Claims:


receiving a request for data, wherein the data is stored at-rest in an encrypted state; 
requesting a key service to decrypt an encrypted instance of a policy key with which to decrypt a data key used to decrypt the data; 
when a root key used to decrypt the encrypted instance of the policy key is unavailable, requesting the key service to decrypt a different encrypted instance of the policy key with an alternative root key used to generate the different encrypted instance of the policy key; 
receiving the policy key in an unencrypted state from the key service; 
decrypting the data key using the policy key; 
decrypting the data using the data key; and 
replying to the request with the data in an unencrypted state.

Claim 2 (Currently Amended)	The method of claim 1 further comprising providing the root key to a tenant associated with the data and storing the alternative root key separately from the root key.

Claim 6 (Currently Amended)	The method of claim [[6]] 5 further comprising encrypting the data key with the policy key.

Claim 9 (Currently Amended)	A computing apparatus comprising: 

a processing system operatively coupled to the one or more computer readable storage media; and 
program instructions stored on the one or more computer readable storage media that, when executed by the processing system, direct the computing apparatus to at least: 
in response to a request for data, wherein the data is stored at-rest in an encrypted state, request a key service to decrypt an encrypted instance of a policy key with which to decrypt a data key used to decrypt the data; 
when a root key used to decrypt the encrypted instance of the policy key is unavailable, request the key service to decrypt a different encrypted instance of the policy key with an alternative root key used to generate the different encrypted instance of the policy key; 
receive the policy key in an unencrypted state from the key service; 
decrypt the data key using the policy key; 
decrypt the data using the data key; and 
reply to the request with the data in an unencrypted state.

Claim 14 (Currently Amended)	The computing apparatus of claim [[14]] 13 wherein the program instructions further direct the computing apparatus to encrypt the data with the data key and store the data at-rest in the encrypted state.


generating a root key with which to encrypt a policy key, wherein the policy key is used to encrypt a data key, and wherein the data key is used to encrypt data; 
generating an alternative root key with which to encrypt a copy of the policy key; 
encrypting the policy key with the root key, resulting in an encrypted instance of the policy key; 
encrypting the copy of the policy key with the alternative root key, resulting in a different encrypted instance of the policy key; and 
in response to a request [[for]] to decrypt the policy key, determining, based on at least an attempt to authenticate a source of the request, an availability of the root key 



Claim 16 (Currently Amended)	The method of claim 15 further comprising, in response to determining that the root key is available, decrypting the encrypted instance of the policy key with the root key.

Claim 17 (Currently Amended)	The method of claim [[16]] 15 further comprising, in response to determining that the root key is not available, decrypting the different encrypted instance of the policy key with the alternative root key 

Claim 18 (Currently Amended)	The method of claim [[16]] 15 further comprising determining that the root key is unavailable in response to failing to authenticate the source of the request for the policy key.

Allowable Subject Matter
10.    Independent claims 1, 9 and 15 are allowed. Dependent claims 2-8, 10-14 and 16-20 are allowed based on their dependency.

11.    The following is an examiner’s statement of reasons for allowance:

Claim 1, inter alia, “requesting a key service to decrypt an encrypted instance of a policy key with which to decrypt a data key used to decrypt the data; when a root key used to decrypt the encrypted instance of the policy key is unavailable, requesting the 

13.    Claim 15, inter alia, “encrypting the policy key with the root key, resulting in an encrypted instance of the policy key; encrypting the copy of the policy key with the alternative root key, resulting in a different encrypted instance of the policy key; and 
in response to a request to decrypt the policy key, determining, based on at least an attempt to authenticate a source of the request, an availability of the root key.”

14.    The closest prior arts made of record are:
i)	Kumar et al. (U.S. Pub. No. 2016/0154963 cited in the previous Office action and hereinafter referred to as Kumar) which discloses encrypting a content key with a key encrypting key and encrypting the key encrypting key with a disaster recovery key (see Abstract and Fig. 1 of Kumar).
ii)	Randell (U.S. Pub. No. 2006/0005049 cited in the previous Office action) which discloses selecting an alternate key if a key becomes corrupted (see paragraph [0005] of Randell).

15.    While the prior art does show multiple key encrypting keys and recovery of data, the prior art is not considered to disclose the combination of limitations presented in the claims, in particular the alternate root key and the determination of root key availability in the manners claimed. Therefore, none of the prior art anticipates or makes obvious the invention of the present application before the effective filing date of the claimed 

Claim 9, although different, further recites similar limitations to claim 1. Therefore, claim 9 is considered to be allowable for similar reasons to claim 1.

17.    None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application before the effective filing date of the claimed invention.

18.    Any comments considered necessary by applicant must be submitted no later than payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance."


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Pfannenschmidt et al. (U.S. Patent No. 10,491,576) – cited for teaching encrypting a key encrypting key – Abstract
Bablani et al. (U.S. Pub. No. 2010/0266132) - cited for teaching denying key access and preventing decryption if user verification fails – paragraph [0067]

Any inquiry concerning this communication or earlier communications from the examiner should be directed to THADDEUS J PLECHA whose telephone number is (571)270-7506.  The examiner can normally be reached on M-F 8-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  






/THADDEUS J PLECHA/Examiner, Art Unit 2438