DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim 7 is canceled.
Claims 1, 4, 5, 8, 9, 19, and 20 are amended.
Claims 1-6 and 8-20 are pending.
Response to Arguments
Applicant’s arguments filed on 12/03/2020 have been fully considered.
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, Castleman discloses that in order to establish connection, one needs to be determined that user is authorized [0066]. Which would lead to improved security. If a malicious person is trying to get access, it will be hard since he/she will not have access..
Applicant’s arguments with respect to independent claim(s) along with their respective dependent claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Allowable Subject Matter
Claim 5-6, 8 and 13 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  validating the private key .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1, 15, 19, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over John et al. (US 20190149527 hereinafter as John) in view of Castleman (US 20100313249), and Yeap et al. (US 20090198997 hereinafter Yeap).
Re. claim 1, John discloses a method for user device validation at an application server of a database system, comprising: transmitting, from the application server and to the user device, a private key of a public-private key pair and a public key identifier indicating a public key of the public- private (John receiving, by an access device, a first key identifier, and a first ephemeral public key corresponding to a first ephemeral private key, the first ephemeral public and private keys being previously generated by a key management server [0008]); receiving a session establishment message that is based at least in part on the private key and that comprises the public key identifier (John teaches encrypting the access data with the first ephemeral public key to form encrypted access data; storing, in a memory device associated with the access device, the encrypted access data; determining that a successful connection to the remotely located processing computer can be made; transmitting the encrypted access data and the first key identifier to the remotely located processing computer in an authorization request message, wherein the remotely located processing computer communicates with the key management server to decrypt the access data; receiving an authorization response message from the remotely located processing computer [0053]); determining the public key of the public-private key pair based at least in part on the received public key identifier (John teaches an "ephemeral public key" may include a cryptographic key that forms a public key of an ephemeral public/private key pair [0023]).
Although John discloses key pair, John does not explicitly disclose but Castleman discloses validating, at the application server, that the session establishment message is received from the user device based at least in part on the private key and the determined public key (Castleman teaches the host device can decrypt the unique identifier with a public key corresponding to the private key with which the unique identifier was encrypted to determine that the user of the communication device is authentic. Additionally, the host device can access a list of unique identifiers that are authorized to access the communications session. If the unique identifier included in the credential is included in the list, the host device can determine that the user of the communication device is authorized to access the communications session [0066]).
(Castleman [0066]).
Although John-Castleman discloses transmitting an indication of an association between the public key and the public key and the public key identifier. John-Castleman do not explicitly disclose but Yeap discloses transmitting, from the application server and to a database of the database system, an indication of an association between the public key and the public key identifier, the database forwarding the association between the public key and the public key identifier to at least one additional application server of the database system (Yeap teaches once the user has entered her request for an address, the server checks the desired email address against a Database of existing email addresses. Server enters the email address into the Database of the Mail Server, and sends a request to a Key Generator which generates a private-key/public-key pair (The server transmitting information to the database of the mail server) [0136]. The email address and the public-key are then entered and stored on Key Server. The public-key is signed with the private-key of the key server to make sure that the public-key can checked by the mail client plug-in software 22 of the user for the key authenticity [0137]. Please see figure 1. The information transmitted from the database of the mail server sends the information to the database of the key server); establishing a database connection with the database of the database system in response to the validating (Yeap the registration server and key server are linked to one or more communication servers, e.g. email servers, for providing communication services in one or more network domains [0086]. The private-public-key pair attached to (or linked/associated with) a unique identifier associated with an internet name or communication address therefore provides for secure communications including message confidentiality, message integrity and authentication of sender and recipient. Other aspects of the invention relate to providing public key management, and associated key registration, and key distribution for secure communications services to ensure public-keys can be accessed widely and efficiently from public networks, preferably through distributed server networks [0043]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Yeap into the invention of John-Castleman for the purpose of securing connection and secure access to users (Yeap [0005] [0039]).
Re. claim 15, John-Castleman-Yeap teach the method of claim 1, further comprising: generating, at the application server, the public-private key pair associated with the user device (John teaches the key generator module 114A-4 may comprise code for generating encryption keys such as public/private key pairs [0062]).
Re. claim 19, John teaches an apparatus for user device validation at an application server of a database system, comprising: a processor (John teaches The processor may include a CPU comprising at least one high-speed data processor adequate to execute program components for executing user and/or system-generated requests [0037]), memory in electronic communication with the processor (John teaches a suitable memory may comprise a non-transitory computer readable medium that stores instructions that can be executed by a processor to implement a desired method [0038]; and instructions stored in the memory and executable by the processor to cause the apparatus to: transmit, from the application server and to the user device, a private key of a public-private key pair and a public key identifier indicating a public key of the public-private key pair (John receiving, by an access device, a first key identifier, and a first ephemeral public key corresponding to a first ephemeral private key, the first ephemeral public and private keys being previously generated by a key management server [0008]); receive a session establishment message that is based at least in part on the private key and that comprises the public key identifier (John teaches encrypting the access data with the first ephemeral public key to form encrypted access data; storing, in a memory device associated with the access device, the encrypted access data; determining that a successful connection to the remotely located processing computer can be made; transmitting the encrypted access data and the first key identifier to the remotely located processing computer in an authorization request message, wherein the remotely located processing computer communicates with the key management server to decrypt the access data; receiving an authorization response message from the remotely located processing computer [0053]); determine the public key of the public-private key pair based at least in part on the received public key identifier (John teaches an "ephemeral public key" may include a cryptographic key that forms a public key of an ephemeral public/private key pair [0023]).
Although John discloses key pair, John does not explicitly disclose but Castleman discloses validate, at the application server, that the session establishment message is received from the user device based at least in part on the private key and the determined public key (Castleman teaches the host device can decrypt the unique identifier with a public key corresponding to the private key with which the unique identifier was encrypted to determine that the user of the communication device is authentic. Additionally, the host device can access a list of unique identifiers that are authorized to access the communications session. If the unique identifier included in the credential is included in the list, the host device can determine that the user of the communication device is authorized to access the communications session [0066]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Castleman into the invention of John for the purpose of authorize the user to have access to communication session (Castleman [0066]).
Although John-Castleman discloses transmitting an indication of an association between the public key and the public key and the public key identifier. John-Castleman do not explicitly disclose but Yeap discloses transmit, from the application server and to a database of the database system, an indication of an association between the public key and the public key identifier, the database forwarding the association between the public key and the public key identifier to at least one additional application server of the database system (Yeap teaches once the user has entered her request for an address, the server checks the desired email address against a Database of existing email addresses. Server enters the email address into the Database of the Mail Server, and sends a request to a Key Generator which generates a private-key/public-key pair (The server transmitting information to the database of the mail server) [0136]. The email address and the public-key are then entered and stored on Key Server. The public-key is signed with the private-key of the key server to make sure that the public-key can checked by the mail client plug-in software 22 of the user for the key authenticity [0137]. Please see figure 1. The information transmitted from the database of the mail server sends the information to the database of the key server); establishing a database connection with the database of the database system in response to the validating (Yeap the registration server and key server are linked to one or more communication servers, e.g. email servers, for providing communication services in one or more network domains [0086]. The private-public-key pair attached to (or linked/associated with) a unique identifier associated with an internet name or communication address therefore provides for secure communications including message confidentiality, message integrity and authentication of sender and recipient. Other aspects of the invention relate to providing public key management, and associated key registration, and key distribution for secure communications services to ensure public-keys can be accessed widely and efficiently from public networks, preferably through distributed server networks [0043]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Yeap into the invention of John-Castleman for the purpose of securing connection and secure access to users (Yeap [0005] [0039]).
(John receiving, by an access device, a first key identifier, and a first ephemeral public key corresponding to a first ephemeral private key, the first ephemeral public and private keys being previously generated by a key management server [0008]); receive a session establishment message that is based at least in part on the private key and that comprises the public key identifier (John teaches encrypting the access data with the first ephemeral public key to form encrypted access data; storing, in a memory device associated with the access device, the encrypted access data; determining that a successful connection to the remotely located processing computer can be made; transmitting the encrypted access data and the first key identifier to the remotely located processing computer in an authorization request message, wherein the remotely located processing computer communicates with the key management server to decrypt the access data; receiving an authorization response message from the remotely located processing computer [0053]); determine the public key of the public-private key pair based at least in part on the received public key identifier (John teaches an "ephemeral public key" may include a cryptographic key that forms a public key of an ephemeral public/private key pair [0023]).
Although John discloses key pair, John does not explicitly disclose but Castleman discloses validate, at the application server, that the session establishment message is received from the user device based at least in part on the private key and the determined public key (Castleman teaches the host device can decrypt the unique identifier with a public key corresponding to the private key with which the unique identifier was encrypted to determine that the user of the communication device is authentic. Additionally, the host device can access a list of unique identifiers that are authorized to access the communications session. If the unique identifier included in the credential is included in the list, the host device can determine that the user of the communication device is authorized to access the communications session [0066]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Castleman into the invention of John for the purpose of authorize the user to have access to communication session (Castleman [0066]).
Although John-Castleman discloses transmitting an indication of an association between the public key and the public key and the public key identifier. John-Castleman do not explicitly disclose but Yeap discloses transmit, from the application server and to a database of the database system, an indication of an association between the public key and the public key identifier, the database forwarding the association between the public key and the public key identifier to at least one additional application server of the database system (Yeap teaches once the user has entered her request for an address, the server checks the desired email address against a Database of existing email addresses. Server enters the email address into the Database of the Mail Server, and sends a request to a Key Generator which generates a private-key/public-key pair (The server transmitting information to the database of the mail server) [0136]. The email address and the public-key are then entered and stored on Key Server. The public-key is signed with the private-key of the key server to make sure that the public-key can checked by the mail client plug-in software 22 of the user for the key authenticity [0137]. Please see figure 1. The information transmitted from the database of the mail server sends the information to the database of the key server); establishing a database connection with the database of the database system in response to the validating (Yeap the registration server and key server are linked to one or more communication servers, e.g. email servers, for providing communication services in one or more network domains [0086]. The private-public-key pair attached to (or linked/associated with) a unique identifier associated with an internet name or communication address therefore provides for secure communications including message confidentiality, message integrity and authentication of sender and recipient. Other aspects of the invention relate to providing public key management, and associated key registration, and key distribution for secure communications services to ensure public-keys can be accessed widely and efficiently from public networks, preferably through distributed server networks [0043]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Yeap into the invention of John-Castleman for the purpose of securing connection and secure access to users (Yeap [0005] [0039]).
Claim 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over John et al. (US 20190149527 hereinafter as John) in view of Castleman (US 20100313249), Yeap et al. (US 20090198997 hereinafter Yeap), and in further view of Kleinpeter et al. (US 20100169963 hereinafter as Kleinpeter).
Re. claim 2, John-Castleman-Yeap teaches the method of claim 1, wherein the public key identifier comprises a certificate, and wherein determining the public key of the public-private key pair based at least in part on the received public key identifier further comprises: determining that the certificate was issued by an entity associated with the database system (John teaches for a public/private key pair, the signing party may act by means of the private key and the verifying party may act by means of the public key. This process may certify the authenticity of the sender and the integrity of the signed document because of the so-called principle of nonrepudiation which does not allow disowning what has been signed. A certificate or other data that includes a digital signature by a signing party is said to be "signed" by the signing party [0026]).
Although John-Castleman-Yeap discloses key pair, John-Castleman-Yeap does not explicitly disclose but Kleinpeter discloses identifying an encapsulated public key of the certificate, wherein the encapsulated public key comprises the public key of the public-private key pair (Kleinpeter teaches in response to identifying an authentic certificate 114, the server 103 may use the public key in the certificate 112 to encrypt a random number that is communicated to the server 105 [0026]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Kleinpeter into the invention of John-Castleman-Yeap for the purpose of verifying the certificate to having a trust which allows to have communication (Kleinpeter [0026]).
Claim 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over John et al. (US 20190149527 hereinafter as John) in view of Castleman (US 20100313249), Yeap et al. (US 20090198997 hereinafter Yeap), Kleinpeter et al. (US 20100169963 hereinafter as Kleinpeter), and in further view of Smith et al. (US 20190349426 hereinafter as Smith).
Re. claim 3, John-Castleman-Yeap-Kleinpeter teaches the method of claim 2, further comprising: furthermore Kleinpeter discloses storing, in memory of the application server, the certificate (Kleinpeter teaches the storage module 322 on the database server 113 stores the certificate 412 in the security asset repository 115 [0051]).
John-Castleman-Yeap-Kleinpeter does not explicitly disclose but Smith discloses receiving an access revocation message for the user device; transmitting, to the database of the database system, a deletion command for the user device based at least in part on the stored certificate; and removing, from the memory of the application server, the certificate (Smith teaches further, key revocation of any keys, symmetric and asymmetric, may be performed by sending a revocation message to both the Client and the Server. In the case where a key is revoked, the credential (certificate or ticket) may be deleted by sending a key deletion message that instructs the Clients and Servers possessing the certificate or the ticket to delete them [1088]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Smith into the invention of (Smith [1088]).
Claim 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over John et al. (US 20190149527 hereinafter as John) in view of Castleman (US 20100313249), Yeap et al. (US 20090198997 hereinafter Yeap), and in further view of Sovio et al. (US 20110206200 hereinafter Sovio).
Re. claim 4, John-Castleman-Yeap teaches the method of claim 1, John-Castleman-Yeap does not explicitly disclose but Sovio discloses wherein the public key identifier comprises a key identification (ID) value, the method further comprising: storing, in memory of the application server, an association between the public key of the public-private key pair and the key ID value, wherein determining the public key of the public-private key pair based at least in part on the received public key identifier further comprises: identifying the public key of the public-private key pair based at least in part on the received key ID value (Sovio teaches to operate, a trusted third party, called the private key generator (PKG) first publishes a master public key, and retains a corresponding master private key. Given the master public key, any party can compute a public key corresponding to the identity ID by combining the master public key with the identity value. To obtain a corresponding private key, an authorized party contacts the PKG, which uses the master private key to generate the private key for the identity ID [0024]. The system 100 uses IBE master public key (MK), domain parameters (DP), and the recipient criteria (C) to encrypt the secret data (D) through an IBE description function: E_D=ibe_encrypt(MK,DP,C), and publishes the encrypted data (E D), for example, at an information store [0030]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Sovio into the invention of John-Castleman-Yeap for the purpose of encrypting messages and reducing communication traffic (Sovio [0024] [Abstract])
Claim 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over John et al. (US 20190149527 hereinafter as John) in view of Castleman (US 20100313249), Yeap et al. (US 20090198997 hereinafter Yeap), Sovio et al. (US 20110206200 hereinafter Sovio), and in further view of Smith et al. (US 20190349426 hereinafter as Smith).
Re. claim 9, John-Castleman-Yeap-Sovio teach the method of claim 7, John-Castleman-Yeap-Sovio does not explicitly disclose but Smith discloses further comprising: receiving an access revocation message for the user device; transmitting, to the database of the database system, a deletion command for the association between the public key and the key ID value stored in the database based at least in part on the access revocation message; and invalidating a cache of the application server based at least in part on the access revocation message, wherein the cache of the application server stores the association between the public key and the key ID value (Smith teaches In the case where a key is revoked, the credential ( certificate or ticket) may be deleted by sending a key deletion message that instructs the Clients and Servers possessing the certificate or the ticket to delete them. Deletion may differ from revocation in that revocation may only instruct the Clients or Servers to refuse verification of revoked keys while deletion may instruct the keys to be physically expunged from the system. Both revocation and deletion messages may take effect immediately, whereas the certificate or ticket expiration may allow the key to be used up to the date of expiry--and subsequent to a key compromise event [1088]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Smith into the invention of John-Castleman-Yeap-Sovio for the purpose of taking effect immediately instead of certificate that used up to date. Detecting that the key has been comprised and perform an action (Smith [1088] [1082])
Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over John et al. (US 20190149527 hereinafter as John) in view of Castleman (US 20100313249), Yeap et al. (US 20090198997 hereinafter Yeap), and in further view of Petrack (US 20170012955).
Re. claim 10, John-Castleman-Yeap teach the method of claim 1, John-Castleman-Yeap does not explicitly disclose but Petrack discloses wherein the session establishment message comprises a client certificate message in a mutual transport layer security (mTLS) procedure, the method further comprising: establishing a trusted mTLS connection between the application server and the user device based at least in part on the validating (Petrack teaches The requesting client may be implemented as software operated by the carrier partner and generate client requests which may be authorised via a 2 sided mutual transport layer security ( MTLS) protocol to provide encrypted communications and end point authentication between the requesting client 130 and the client confirmation server 120 [0032]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Petrack into the invention of John-Castleman-Yeap for the purpose of providing encrypted communication and endpoint authentication (Petrack [0032]).
Claim 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over John et al. (US 20190149527 hereinafter as John) in view of Castleman (US 20100313249), Yeap et al. (US 20090198997 hereinafter Yeap), and in further view of John et al. (US 20180167367 hereinafter as John2).
Re. claim 11, John-Castleman-Yeap teach the method of claim 1, John-Castleman-Yeap does not explicitly disclose but Petrack discloses wherein the session establishment message comprises an application programming interface (API) call, and wherein validating that the session establishment message is received from the user device comprises: identifying that the session establishment message is signed by the private key corresponding to the determined public key (John2 teaches verification server 225 may encrypt or sign such actions again using the private key corresponding to public key 440. For example, verification server may need to notify access device 215 that message 450 was safely received and properly decrypted, and/or that message 450 was not properly decrypted. In that example, verification server 225 may generate a receipt 460 and send it to access device 215 along with a signature 465 of the receipt 460 generated using the private key. Access device 215 may use the public key 440 to verify the signature 465 to ensure that the receipt 460 has not been tampered with [0058]. The token may be generated on the fly using API calls [0089]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by John2 into the invention of John-Castleman-Yeap for the purpose of ensuring that data passed between the web server are browser remain private (John2 [0003]).
Claim 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over John et al. (US 20190149527 hereinafter as John) in view of Castleman (US 20100313249), Yeap et al. (US 20090198997 hereinafter Yeap), John et al. (US 20180167367 hereinafter as John2), and in further view of Yefimov et al. (US 20120324556 hereinafter as Yefimov).
Re. claim 12, John-Castleman-Yeap-John2 teach the method of claim 11, John-Castleman-Yeap-John2 does not explicitly disclose but Yefimov discloses further comprising: storing, in memory of the application server, a session token based at least in part on validating that the session establishment message is received from the user device (Yefimov teaches the CGI may decode, decrypt, and unpack the passed-in device session token and retrieve from database 110 the stored session data that includes an authorization object, e.g., a user authorization token [0033]); and processing additional API calls for the user device based at least in part on the session token (Yefimov teaches that session token is conventionally used as a mechanism by which the native app authenticates itself in all the subsequent API calls. That session token conventionally is refreshed with each and every API call made [0016]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Yefimov into the invention of John-Castleman-Yeap-John2 for the purpose of provides a session authentication with a server for a device. Authenticates itself in the API calls (Yefimov [0007] [0016]).
Claim 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over John et al. (US 20190149527 hereinafter as John) in view of Castleman (US 20100313249), Yeap et al. (US 20090198997 hereinafter Yeap), John et al. (US 20180167367 hereinafter as John2), and in further view of Vaughan et al. (US 20060080257 hereinafter as Vaughan).
Re. claim 14, John-Castleman-Yeap-John2 teach the method of claim 11, John-Castleman-Yeap-John2 does not explicitly disclose but Vaughan discloses wherein a header of the API call comprises the public key identifier and is signed by the private key (Vaughan teaches the SDF client API 901 may encrypt the entire SOAP request with the public key of the rights authority 902 and may also sign the entire SOAP request with the client private key and add the signature to the SOAP header [0135]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Vaughan into the invention of John-Castleman-Yeap-John2 for the purpose of increase the security of the system by preventing hijacking of the SDF and/or the initiation of unauthorized processing or retrieval of unauthorized information by participants in the SDF or users attempting to impersonate or masquerade as another role or user (Vaughan [0133]).
Claim 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over John et al. (US 20190149527 hereinafter as John) in view of Castleman (US 20100313249), Yeap et al. (US 20090198997 hereinafter Yeap), and in further view of Goh et al. (US 20030099353 hereinafter as Goh).
(Goh teaches wherein the computing system and a printer for said secure printing are within a common firewall; wherein said computing system is programmed to provide a remote trusted print proxy (RTPP), and the RTPP includes a digital identification device configured to provide an RTPP public key of a cryptographic public key /private key pair and is configured to supply a one-time token on request, wherein on request by the printer the RTPP provides the RTPP public key, the RTPP network address and the RTPP one-time token, and wherein on contact by a user's home computing system the RTPP is configured to accept the one-time token as authentication and to establish a secure channel with the user's home computing system [0030]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Goh into the invention of John-Castleman-Yeap for the purpose of authentication and to establish a secure channel (Goh [0030]).
Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over John et al. (US 20190149527 hereinafter as John) in view of Castleman (US 20100313249), Yeap et al. (US 20090198997 hereinafter Yeap), and in further view of Dee et al. (US 20140258256 hereinafter as Dee).
Re. claim 17, John-Castleman-Yeap teach the method of claim 1 John-Castleman-Yeap does not explicitly disclose but Dee discloses further comprising: receiving, from the user device, an application programming interface (API) call requesting access to the database of the database system; and processing the API call for the user device based at least in part on the established database connection (Dee teaches a method may include intercepting a DB2 request using a documented API for accessing local DB2 databases from a client program executing on a source mainframe system [abstract].
(Dee [0003]).
Claim 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over John et al. (US 20190149527 hereinafter as John) in view of Castleman (US 20100313249), Yeap et al. (US 20090198997 hereinafter Yeap), and in further view of Boenisch et al. (US 20160105429 hereinafter as Boenisch).
Re. claim 18, John-Castleman-Yeap teach the method of claim 1, John-Castleman-Yeap discloses key pair but John-Castleman-Yeap does not explicitly disclose but Boenisch discloses wherein: the private key of the public-private key pair is stored in volatile memory of the application server (Boenish teaches The HSM 10 can decrypt the wrapping key 42 with the own private key 30 and stores then the decrypted wrapping key 24 in the volatile memory [0026]); and the public key of the public-private key pair is stored in persistent memory and cached on the application server (Boenisch teaches in the persistent memory 22 of the hardware security module 10 (shown in FIG. 6); (ii) storing the public key 26 of the hardware security module 10 on the server 12 [0018]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Boenisch into the invention of John-Castleman-Yeap for the purpose of carry out the functions of the invention and provided for reading and writing  (Boenisch [0033]).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912.  The examiner can normally be reached on Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/K.A./Examiner, Art Unit 2436                                                                                                                                                                                                        

/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436