DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This is a reply to the application filed on 01/03/2019, in which, claim(s) 1-20 are pending. Claims 1, 9 and 15 are independent.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/03/2019 and 07/01/2019, has been reviewed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the examiner is considering the information disclosure statement.

Terminal Disclaimer
The terminal disclaimer filed on 02/10/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of US Patent No. 10,339,325.  The terminal disclaimer have been recorded.

Drawings
The drawings filed on 01/03/2019 are accepted by The Examiner.

EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided 
Authorization for this examiner's amendment was given in a telephone interview with Attorney Michael F. Hoffman (Reg. No. 40,019) on 02/02/2021 and followed up on 02/09/2021 and 02/10/2021. 

The application has been amended as follows:

Please replace claim 1 with:
1. (Currently amended) A database security platform for providing secure access to private data in an encrypted storage area, comprising: 
	a hardware processor and a memory configured to implement:
a database application configured to receive queries from application users requiring access to encrypted private data, in which the encrypted private data is not directly accessible by the database application; 
a middle security layer having a plurality of middleware routines that are callable from the database application to facilitate predefined access to the encrypted private data and return a result to the database application, and wherein the encrypted private data is not directly accessible by the middle security layer and the middle security layer is not directly accessible by application users; 
a root security layer configured to receive a decryption request from the middle security layer, perform decryption on specified encrypted private data, and return decrypted data to the middle security layer, wherein the decryption requires both a root key stored in root security layer and a middleware key provided by the middle security layer with the decryption request; 
a hashing system that generates a hash of routines implemented by the middle security layer and root security layer and compares the hash to a previously generated hash to ensure integrity of the middle security layer and root security layer; and
an auditing detection system that detects malicious auditing by monitoring for parameters being passed between the middle security layer and root security layer.

Please replace claim 5 with:
5. (Currently amended) The database security platform of claim 1, wherein the result returned to the database application from the middle security layer includes one of: decrypted private data, a yes/no match, masked data or tokenized data.

Please replace claim 7 with:
7. (Currently amended) The database security platform of claim 1, wherein the hashing system includes a hash routine and wherein the hashing system hashes the hash routine to further ensure integrity.

Please replace claim 8 with:
8. (Currently amended) The database security platform of claim 1, wherein the middle security layer encrypts the middleware key when the middleware key is passed to the root security layer.

Please replace claim 9 with:
9. (Currently amended) A computer program product stored on a non-transitory computer readable storage medium, which when executed by a computing system, provides a database security platform for providing secure access to private data in an encrypted storage area, comprising:
program code for implementing a database application configured to receive queries from application users requiring access to encrypted private data, in which the encrypted private data is not directly accessible by the database application; 
program code for implementing a middle security layer having a plurality of middleware routines that are callable from the database application to facilitate predefined access to the encrypted private data and return a result to the database application, and wherein the encrypted private data is not directly accessible by the middle security layer and the middle security layer is not directly accessible by application users; 
	program code for implementing a root security layer configured to receive a decryption request from the middle security layer, perform decryption on specified encrypted private data, and return decrypted data to the middleware layer, wherein the decryption requires both a root key stored in root security layer and a middleware key provided by the middle security layer with the decryption request; 
	program code that generates a hash of routines implemented by the middle security layer and root security layer and compares the hash to a previously generated hash to ensure integrity of the middle security layer and root security layer; and
	program code that detects malicious auditing by monitoring for parameters being passed between the middle security layer and root security layer 

Please replace claim 13 with:
13. (Currently amended) The computer program product of claim 9, wherein the result returned to the database application from the middle security layer includes one of: decrypted private data, a yes/no match, masked data or tokenized data.

Please replace claim 16 with:
16. (Currently amended) The computer program product of claim 9, wherein the middle security layer encrypts the middleware key when the middleware key is passed to the root security layer.

The following claims have been renumbered to the correct sequence:

Please replace claim 17 with:
[[15]17. (Currently amended) A computerized method for implementing a database security platform, comprising:
maintaining private data in an encrypted storage area; 
providing a application configured to receive queries from end users requiring access to encrypted private data, a middle security layer configured to handle predefined requests from the database application and a root security layer configured to decrypt and return private data to the middle security layer, wherein the middle security layer and root security level are not directly accessible by end users; 
receiving a query at the application that requires a request for private data, wherein the private data is not directly accessible by the database application and middle security layer;
generating a hash of a set of routines used to implement the middle security layer and the root security layer; 
comparing the hash to a previously generated hash to verify the middle security layer and the root security layer;
verify that no active auditing is detected by monitoring for parameters passed among the database application middle security layer and a root security layer;
passing the request from the database application for private data to the middle security layer;
processing the request with a middleware routine at the middle security layer and submitting a decrypt request along with a middleware key to the root security layer;
retrieving and decrypting requested private data within the root security layer using a stored root key and the submitted middleware key;
passing decrypted private data to the middleware routine; and
returning a decrypted result containing the decrypted private data to the database application.

Please cancel claim 18 (originally duplicate claim 16);

Please replace claim 19 with:
[[17]]19. (Currently amended) The computerized method of claim 17 middle security layer and root security layer with a previously generated hash.

Please replace claim 20 with:
[[18]]20. (Currently amended) The computerized method of claim 17 middle security layer encrypts the middleware key when the decrypt request is submitted to the root security layer.

Please replace claim 21 with:
[[19]]21. (Currently amended) The computerized method of claim 17 

Please replace claim 22 with:
[[20]]22. (Currently amended) The computerized method of claim 21 


Allowable Subject Matter
Claims 1-17 and 19-22 are allowed.
The following is an examiner's statement of reasons for allowance:
Independent Claim(s) and their respective dependent claims are allowable over prior arts since the prior arts taken individually or in combination fails to particular discloses, fairly suggest or render obvious the following italic limitations:

In claims 1 and 9:
“a root security layer configured to receive a decryption request from the middle security layer, perform decryption on specified encrypted private data, and return decrypted data to the middle security layer, wherein the decryption requires both a root key stored in root security layer and a middleware key provided by the middle security layer with the decryption request; 
a hashing system that generates a hash of routines implemented by the middle security layer and root security layer and compares the hash to a previously generated hash to ensure integrity of the middle security layer and root security layer; and
an auditing detection system that detects malicious auditing by monitoring for parameters being passed between the middle security layer and root security layer.” in combination with other limitations recited as specified in the independent claim(s). 

In claim 17:
“generating a hash of a set of routines used to implement the middle security layer and the root security layer; 
comparing the hash to a previously generated hash to verify the middle security layer and the root security layer;
verify that no active auditing is detected by monitoring for parameters passed among the database application, a middle security layer and a root security layer;
passing the request from the database application for private data to the middle security layer;
processing the request with a middleware routine at the middle security layer and submitting a decrypt request along with a middleware key to the root security layer;
retrieving and decrypting requested private data within the root security layer using a stored root key and the submitted middleware key;
passing decrypted private data to the middleware routine; and
returning a decrypted result containing the decrypted private data to the database application.” in combination with other limitations recited as specified in the independent claim(s). 

The closest prior art made of record are:
Ikeda et al. (US 2018/0232266 A1) teaches a kernel program capable of enhancing the confidentiality of data memorized in a storage device without using a file system on an OS kernel level.
Kuegler et al. (US 2010/0017879 A1) teaches detecting an attack of an intruding program interfering with the execution of said protected software on a computer system.
Nizami et al. (US 2015/0347772 A1) teaches receiving a hierarchical data structure that includes a plurality of structure lines referencing persistent data objects and receiving metadata corresponding to persistent data objects referenced by the hierarchical data structure. 
Gula et al. (US 2016/0285827 A1) teaches a system and method for facilitating data leakage and/or propagation tracking.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186.  The examiner can normally be reached on Monday-Friday: 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CHENG-FENG HUANG/Examiner, Art Unit 2497