DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is in response to the Applicant’s communication dated 11/05/2020.
Claims 1-25 have been submitted for examination.

INFORMATION DISCLOSURE STATEMENT
No additional information disclosure statement (IDS) has been submitted with the instant application.

PRIORITY
The instant application, filed 09/25/2018, does not claim priority.

EXAMINER’S AMENDMENT
An Examiner’s Amendment to the record appears below. Should the changes and/or additions be unacceptable to the Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was provided by the Applicant’s Representative, Alisha Feustel.
The Examiner’s Amendment is as follows:


receive a notification that a client device is requesting to access client-side encrypted data associated with an online application stored in a cloud service provider, wherein the client-side encrypted data is encrypted by a client-authorized device using a first client encryption key;
download, by the client-authorized device, the client-side encrypted data;
decrypt, by the client-authorized device, the client-side encrypted data using the first client encryption key;
store the client-side decrypted data in the cloud service provider in a location accessible by the online application;
enable access, by the client device, to the client-side decrypted data stored in the cloud service provider;
receive a notification that the client device finished accessing the client-side decrypted data;
download, by the client-authorized device in response to receiving the notification, the client-side decrypted data stored in the cloud service provider;
encrypt, by the client-authorized device, the downloaded client-side decrypted data using a second client encryption key; and
upload [[and synchronize]] the client-side encrypted data that was encrypted using the second encryption key to the cloud service provider, wherein the client-side encrypted data that was encrypted using the second encryption key replaces the client-side encrypted data that was encrypted using the first encryption key stored in the cloud.

8. (Amended) At least one non-transitory machine-readable medium comprising one or more instructions that when executed by a processor, cause the processor to:
receive a notification that a client device is requesting to modify original data associated with an online application, wherein the original data is encrypted by a client-authorized device using a first client encryption key and is stored in client-side encrypted format in a cloud;
decrypt, by the client-authorized device, the original data using the first client encryption key;
store, by the client-authorized device, the decrypted data in a location accessible by the online application;
enable editing capability of the decrypted data;
receive, by the client-authorized device, a notification that the client device finished editing the 
determine, by the client-authorized device, whether the original data in decrypted format was modified;
encrypt, by the client-authorized device based on a determination that the original data was modified, the modified data using a second client encryption key; and
upload, by the client-authorized device, the modified data in client-side encrypted format to the cloud, wherein the modified data replaces the original data stored in the cloud.

10. (Cancelled)  

15. (Amended) A method comprising:
receiving a notification that a client device is requesting to modify original data associated with an online application, wherein the original data is encrypted by a client-authorized device using a first client encryption key and is stored in encrypted format in a cloud;
downloading, by the client-authorized device, the original data;
decrypting, by the client-authorized device, the original data using the first client encryption key;
storing, by the client-authorized device, the decrypted data in a location accessible by the online application;
enabling editing capability of the decrypted data;
receiving, by the client-authorized device, a notification that the client device is finished modifying the data in decrypted format;
determining, by the client-authorized device, whether the original data in decrypted format was modified;
encrypting, by the client-authorized device based on a determination that the original data was modified, the modified data using a second client encryption key; and
uploading, by the client-authorized device, the modified data in encrypted format to the cloud, wherein the modified data replaces the original data stored in the cloud.

17. (Cancelled) 

20. (Amended) A system for migrating a secure domain, the system comprising:

at least one processor implemented in hardware configured to:
receive a notification that a client device is requesting to modify original data associated with an in-browser web application, wherein the original data is encrypted by a client-authorized device using a first client encryption key and is stored in encrypted format in a cloud;
download, by the client-authorized device, the encrypted data;
decrypt, by the client-authorized device, the original data using the first client encryption key;
store, by the client-authorized device, the decrypted data in a location accessible by the in-browser web application;
enable editing capability of the decrypted data;
receive a notification that the client device finished modifying the decrypted data;
determine whether the original data in decrypted format was modified;
encrypt, by the client-authorized device based on a determination that the original data was modified, the modified data using a second client encryption key; and
upload the modified data in encrypted format to the cloud, wherein the modified data replaces the original data stored in the cloud.

21. (Amended) The system of Claim 20, wherein the [[secure manager]] at least one processor is further configured to: 
delete the data in decrypted format from the location accessible by the in-browser web application. 

22. (Cancelled)  

23. (Amended) The system of Claim 20, wherein the [[secure manager]] at least one processor is further configured to: 
classify the modified data prior to encryption. 

25. (Amended) The system of Claim 20, wherein the [[secure manager]] at least one processor is further configured to: 
determine whether the cloud is trusted.

ALLOWED CLAIMS
Claims 1-9, 11-16, 18-21 and 23-25 of the instant application are allowed.

REASONS FOR ALLOWANCE
Independent Claims 1, 8, 15 and 20 are allowable based on the remarks and amendments to the Claims. As per Claim 1, the following is an examiner’s statement of reasons for allowance:
The primary reason for the allowance of Claim 1 is the combination of limitations recited, including “receive a notification that the client device finished accessing the client-side decrypted data; download, by the client-authorized device in response to receiving the notification, the client-side decrypted data stored in the cloud service provider; encrypt, by the client-authorized device, the downloaded client-side decrypted data using a second client encryption key; and upload the client-side encrypted data that was encrypted using the second encryption key to the cloud service provider, wherein the client-side encrypted data that was encrypted using the second encryption key replaces the client-side encrypted data that was encrypted using the first encryption key stored in the cloud”.

The concept of enabling access to the data in decrypted format, as recited in Claim 1, is disclosed in cited prior art reference U.S. PGPub No. 2014/0208409 (Maidl). However, the cited reference fails to teach or suggest decrypt the data using a first client encryption key.
During the course of examination, the examiner found these additional references:
U.S. PGPub No. 2015/0074409 (Reid) teaches decrypt the data using a first client encryption key. However, the cited reference fails to at least teach or suggest encrypt, by the client-authorized device, the downloaded client-side decrypted data using a second client encryption key; and upload the client-side encrypted data that was encrypted using the second encryption key to the cloud service provider, wherein the client-side encrypted data that was encrypted using the second encryption key replaces the client-side encrypted 
U.S. Patent No. 7,685,646 (Hug) teaches to delete the data in decrypted format from the location accessible by the on line application. However, the cited reference also fails to at least teach or suggest encrypt, by the client-authorized device, the downloaded client-side decrypted data using a second client encryption key; and upload the client-side encrypted data that was encrypted using the second encryption key to the cloud service provider, wherein the client-side encrypted data that was encrypted using the second encryption key replaces the client-side encrypted data that was encrypted using the first encryption key stored in the cloud, as recited in Claim 1.
U.S. PGPub No. 2012/0324365 (Momchilov) teaches the in-browser web application is launched by a web application hosted on a different platform from the cloud service provider. However, the cited reference also fails to at least teach or suggest encrypt, by the client-authorized device, the downloaded client-side decrypted data using a second client encryption key; and upload the client-side encrypted data that was encrypted using the second encryption key to the cloud service provider, wherein the client-side encrypted data that was encrypted using the second encryption key replaces the client-side encrypted data that was encrypted using the first encryption key stored in the cloud, as recited in Claim 1.
U.S. Patent No. 9009848 (Orsini) teaches the data in decrypted format is stored in a temporary location in the cloud service provider. However, the cited reference also fails to at least teach or suggest encrypt, by the client-authorized device, the downloaded client-side decrypted data using a second client encryption key; and upload the client-side encrypted data that was encrypted using the second encryption key to the cloud service provider, wherein the client-side encrypted data that was encrypted using the second encryption key replaces the client-side encrypted data that was encrypted using the first encryption key stored in the cloud, as recited in Claim 1.

While the prior art combination does disclose enabling access to the data in decrypted format, no reasonable combination of arts teaches all of the cited limitations, in combination with the rest of the limitations recited in the independent claim, in a way that would have been obvious to one of ordinary skill in the art at the time the invention was effectively filed.
Additional search does not yield any other specific references that, either singularly or in combination with previous cited references, would result in reasonable and proper rejections to all of the feature limitations of the pending independent Claim 1 under 35 U.S.C 102, or 35 U.S.C.103 with proper motivation.
The Applicant’s amendments, in combination with the Examiner’s Amendment above, have overcome the pending objections and prior art rejections. 
Therefore, independent Claim 1 is considered to be allowable. Claims 2-7 depend on the aforementioned independent claim, and therefore also allowed.
Independent Claim 8 recites limitations comparable to those discussed above with respect to independent Claim 1 and therefore is also considered allowable. Claims 9 and 11-14 depend on the aforementioned independent claim, and therefore also allowed.
Independent Claim 15 recites limitations comparable to those discussed above with respect to independent Claim 1 and therefore is also considered allowable. Claims 16 and 18-19 depend on the aforementioned independent claim, and therefore also allowed.
Independent Claim 20 recites limitations comparable to those discussed above with respect to independent Claim 1 and therefore is also considered allowable. Claims 21 and 23-25 depend on the aforementioned independent claim, and therefore also allowed.
Therefore, all of the previous objections and rejections have been removed, and the current Claims 1-9, 11-16, 18-21 and 23-25 are in condition for allowance.
Comments on Statement of Reasons for Allowance”.

CONCLUSION
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited, for a listing of analogous art.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD W CRUZ-FRANQUI whose telephone number is (313)446-6571.  The examiner can normally be reached on M-F 5:30-2:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571)272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.







/MAHFUZUR RAHMAN/Primary Examiner, Art Unit 2498