DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/05/20.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-19 are rejected under 35 U.S.C. 103 as being unpatentable over Natanzon (US 8370648 B1).

With regards to claim 1, Natanzon discloses, A method for rotating keys used to tokenize data values stored in a data store of a data layer, the method comprising: 
within the data layer providing data services to external client applications( Col 2 line 10-15; The requestor 40 may be an application, a user or a system that requests access to encrypted data, to encrypt data, delete encrypted data,): 
creating two tokenized versions of each original data value arriving from an external client application to be written to the data store, upon their arrival, one tokenized version being created from an original data value with a current key and another tokenized version being created from the original data value with a previous key, the current and previous keys being different ( FIG 2a, 2B and associated text; col 2 line 33-55; The first portion 54a-54d is configured to store encrypted
data and the second portion is configured to store an ID of a key (key ID) used to encrypt the data in the first portion. For example, encryption key 1 is identified as key ID 1. It is
important to emphasize that the actual key to encrypt the data in the data block is stored elsewhere.  Referring to FIG. 2B, in one example, the data in data block 0 (52a) is updated with encrypted data W' in the first portion 54a. In one example, the old key, key 1, is expired and no longer useable. In other examples, the old key, key 1, is not expired (e.g., the key 1 may be valid to read encrypted data), but it is not the newest key. The encrypted data W' is encrypted with a new key, for example, key 4.); 
storing the tokenized versions of the original data values in the data store, rather than the original data values (FIG 2A and FIG 2B and associated text; ); rotating keys after an interval of time [K] (col 1 line 15-20; In one aspect, a method to manage encrypted data includes configuring a first portion of a storage medium to store encrypted data. The encrypted data is encrypted using a timebased encryption key. Col 2 line 63-67; Referring to FIG. 3, one example of a process to store encrypted data is a process 
wherein said key rotation comprises: discarding the previous key, retaining the current key, and obtaining a new key, the new key being different from the previous and current keys (Col 3 line 32-48; Because of the time-based nature of updating the keys, some keys may be valid but not the newest key and some keys are so old that there are invalid. For example, there are at least three types of encryption keys used to read encrypted data. One type is a latest ( e.g., newest, current) type key available. With the latest type key, the encrypted data is decrypted using the latest key and provided, for example, to the user when the user requests a read. Another type key is a valid but older type key ( e.g., the key is valid for reading encrypted data but is older than allowed by a policy and is no longer used for encrypting new data). In this case, data is encrypted with the new key instead and stored but the unencrypted data is still provided, for example, to the user. A still further type key is an invalid type key. The invalid type key is a key that has been erased from the server 22 or has expired. In this case, using an invalid key will result in the read request failing, since storage cannot decrypt the data. ); 
until the next key rotation, creating the two tokenized versions of arriving original data least by: creating one tokenized version from the original data value using the new key (FIG 4 234 and associated text; FIG 2B and associated text;) and another tokenized version being created from the original data value using the current key (FIG 2A and associated text; FIG 4 227 and associated text; Col 3 line  50-57 If the key is not invalid, then process 300 will read and decrypt the data (227). Process 300 determines if the key needs updating based on a refresh policy (228). For example, even 

With regards to claim 2,10 Natanzon further discloses, imposing a maximum lifetime [W] for arriving original data values to be stored in the data store, where [K] is equal to or greater than [W] ( Col 2 line 15-25; For example, after the predetermined amount of time a new key is used to encrypt data. In one particular example, a new encryption key is used each week to encrypt data. In one example, the time-based encryption keys are updated based on a policy.).

With regards to claim 3, 12 Natanzon further discloses, wherein tokenizing comprises encrypting (FIG 3 and associated text; ).

With regards to claim 4, 13 Natanzon further discloses, in response to a request from a client application, recovering a desired set of original data values associated with a particular field from the data store , at least by: based at least in part on how long ago keys were last rotated, selecting a key from amongst the previous and current keys; using the selected key to recover the original data values in the data set that were tokenized with the selected key (Col 3 line 15-20; Referring to FIG. 4, one example of 

With regards to claim 5, 14 Natanzo further discloses, wherein the selection of the key is based at least in part on whether the time since the keys were last rotated is larger than [W] (Col 2 line 20-25; In one particular example, a new encryption key is used each week to encrypt data. In one example, the time-based encryption keys are updated based on a policy. FIG 3 124 and associated text;  ).

With regards to claim 6, 15 Natanzo further discloses, using the recovered set of data to satisfy at least one of a count, query, or search operation against the particular field (col 3 line 15-20; col 4line 25-30; In another example, a track storage system may be used so that for each track or a number of tracks that includes data encrypted by an encryption key another track stores the key ID identifying the encryption key used to encrypt the data. Note: Key ID is searched to identify the key to encrypt and decrypt the data ).

With regards to claim 7, 16 Natanzo further discloses, storing the tokenized version created from an original data value with the current key in a first column associated with a particular data field (FIG 2A and associated text; ); and storing the tokenized version created from the original data value with the previous key in a second column associated with the particular data field (FIG 2B and associated text;).   

With regards to claim 8, 17 Natanzo further discloses, storing the tokenized version created from an original data value with the new key in a third column associated with the particular data field (Col 3 line 30-45; FIG 2A/2B and associated text;  Note: three type of key used, obviously system stored the key in memory too).

With regards to claim 9, Natanzon discloses, A method for rotating keys used to tokenize data stored in a data store of a data layer, the method comprising: 
within the data layer providing data services to external client applications (Col 2 line 10-15; The requestor 40 may be an application, a user or a system that requests access to encrypted data, to encrypt data, delete encrypted data): 
during a time period of length (Col 2 line 17-20; As used herein, the encryption keys 22 are time-based encryption keys and are useable to encrypt and/or decrypt for a predetermined time period. For example, after the predetermined amount of time a new key is used to encrypt data.) [K]: 
receiving a first plurality of original data values to be written to the data store (Col 2 line 63-64; Referring to FIG. 3, one example of a process to store encrypted data is a process 100.); 
tokenizing each original data value of the first plurality of original data values with each of a first and a second key, thereby creating for each original data value a version tokenized with the first key, and a version tokenized with the second key (FIG 2A and 2B and associated text; col 2 line 48-55; Referring to FIG. 2B, in one example, the data in data block 0 (52a) is updated with encrypted data W' in the first the old key, key 1, is not expired (e.g., the key 1 may be valid to read encrypted data), but it is not the newest key. The encrypted data W' is encrypted with a new key, for example, key 4. Note: data block 0(52a) encrypted with key 1 as encrypted data W; same data block 0(52a) encrypted with key 4 encrypted data W’); 
instead of writing each original data value to the data store, writing both the version of the original data value tokenized with the first key and the version of the original data value tokenized with the second key (FIG 2A and 2B and associated text;); 
upon expiry of the time period, rotating keys in the data store, said rotation comprising discarding the first key, continuing use of the second key, and obtaining a third key (Col 3 line 32-48; Because of the time-based nature of updating the keys, some keys may be valid but not the newest key and some keys are so old that there are invalid. For example, there are at least three types of encryption keys used to read encrypted data. One type is a latest ( e.g., newest, current) type key available. With the latest type key, the encrypted data is decrypted using the latest key and provided, for example, to the user when the user requests a read. Another type key is a valid but older type key ( e.g., the key is valid for reading encrypted data but is older than allowed by a policy and is no longer used for encrypting new data). In this case, data is encrypted with the new key instead and stored but the unencrypted data is still provided, for example, to the user. A still further type key is an invalid type key. The invalid type key is a key that has been erased from the server 22 or has expired. In this case, using an invalid key will Note: third key is newest key, older valid key as second key, expired key is first key); 
after said rotation of keys : receiving a second plurality of original data values to be written to the data store;  tokenizing each original data value of the second plurality of original data values with each of the second and the third keys, thereby creating for each original data value a version tokenized with the second key, and a version tokenized with the third key; instead of writing each original data value to the data store, writing both the version of the original data value tokenized with the second key and the version of the original data value tokenized with the third key; wherein the first, second, and third keys are all different from one another (Col 2 line 17-20; Col 2 line 63-64; FIG 2A and 2B and associated text; Col 3 line 32-48;  Note: examiner interpreted it’s a repetition of during time period but with modified keys.  After rotation second key (current key : older not expired) and third key (newest key) will be used to encrypt data block of FIG 2A and 2B). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify base embodiment with other embodiments in order to protect the data (Col 1 line 5-15)

With regards to claim 11, Natanzon further discloses, wherein said imposing of the maximum lifetime [W] comprises any of: (i) discarding versions of the original data values in the data store older than [W] (), and (ii) selecting [K] to be longer than [W].

Claims 18, 19 are system claims corresponding method claims 1, 9 also rejected accordingly.
 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987.  The examiner can normally be reached on 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 





/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498