DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted by applicant dated 11/13/2019, 03/23/2020, 06/02/2020, 08/20/2020, 11/04/2020 and 01/13/2021 have been considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21, 23-24, 33 and 35-40 are rejected under 35 U.S.C. 103 as being unpatentable over Youn et al. US2008/0019527 hereinafter referred to as Youn, in view of Lee et al. US2012/0140923 hereinafter referred to as Lee, and Perlman US2005/0066175.
As per claim 21, Youn teaches a computer-implemented method, comprising: a lifetime of a cryptographic key, the cryptographic key encrypted in a first key token (Youn paragraph [0036], [0089], [0091], [0100], a customer key encrypted in a token.  Expiration value 508 specifies how long token 300 is valid. Once token 300 has expired, token 300 can no longer be used to obtain customer key 302.  The expiration of token 300 facilitates in expiring customer key 302. Multiple master keys are generated to correspond to expiration dates.  Once an expiration date is reached, the master key will be deleted making it impossible to recover the customer key from any token.); 

decrypting the cryptographic key using the first domain key (Youn paragraph [0103], [0105]-[0107], decrypt customer key with master key); 
selecting, from a plurality of domain keys, a second domain key with a second expiration (Youn paragraph [0091], [0099]-[0100], select master key to encrypt token/customer key);
generating a second token comprising encrypted cryptographic key and an identifier of the encrypted cryptographic key; and providing the second token in response to request (Youn paragraph [0071], [0091], [0100], generating and providing token comprising encrypted customer key).  
Youn does not explicitly disclose obtaining a request to change a lifetime of a cryptographic key;
as a result of the request being obtained, selecting a first domain key; 
encrypting, by using second domain key, the cryptographic key to produce an encrypted cryptographic key;
generating a second token comprising the encrypted cryptographic key; and providing the second token in response to the request.
Lee teaches obtaining a request to reencrypt data (Lee paragraph [0073]-[0077], a request to perform key rotation.  When it is desired to update all or a significant portion of an organization's data to a new key version, rotation process 600 may be commenced…Having obtained the decrypted value 
as a result of the request being obtained, selecting a first domain key (Lee paragraph [0073]-[0075], Having obtained the decrypted value DOrgKeyN of the key associated with the data being rotated, the underlying data itself may now be decrypted using DOrgKeyN as the data decryption key); 
encrypting, by using second domain key, the data to produce an encrypted data (Lee paragraph [0075], the underlying data itself may now be decrypted using DOrgKeyN as the data decryption key (task 620).  The "raw" data is then re-encrypted with the current active key AOrgKeyN);
generating a second data comprising the encrypted data; and providing the second data in response to the request (Lee paragraph [0075], the underlying data itself may now be decrypted using DOrgKeyN as the data decryption key (task 620).  The "raw" data is then re-encrypted with the current active key AOrgKeyN (task 622), and returned.).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Youn of encrypting customer keys with master keys where the master keys have corresponding expirations dates with the teachings of Lee to include key rotation of data in order to enhance the security of the encrypted customer keys.  Therefore, the combination of Youn in view of Lee teaches obtaining a request to change a lifetime of a cryptographic key.
Youn in view of Lee does not explicitly disclose selecting a key with an expiration that matches a specified lifetime included in request.
Perlman teaches selecting a key with an expiration that matches a specified lifetime included in request (Perlman paragraph [0038], Node A 12 selects the particular ephemeral key based on the key expiration date or other provided data such as the cryptographic strength of the key.  As discussed above, Node A 12 may also request a custom ephemeral key from the ephemerizer if none of the published keys meet its criteria.  Paragraph [0028], As shown in FIG. 1a, an ephemeral key pair list 10 includes a number of ephemeral key pairs 12… An expiration time 18, a Key ID 20, and other data 22, such as the cryptographic strength of the key).


As per claim 23, Youn in view of Lee and Perlman teaches the computer-implemented method of claim 21, wherein: generating the second token further includes generating a digital signature of the second token; and providing the second token further includes providing the digital signature of the second token (Youn paragraph [0011], [0071], [0091], [0100], generating and providing token comprising signature; Lee paragraph [0073]-[0075], key rotation of data).  

As per claim 24, Youn in view of Lee and Perlman teaches the computer-implemented method of claim 21, wherein the plurality of domain keys are stored within a cryptography service and are programmatically unexportable from the cryptography service (Youn paragraph [0047], [0054], [0091], administrator 102 creates a secret key store on key manager 180 and generates a master key which is stored in key manager 180.  These master keys are used only by the key manager and are not disseminated to clients. Multiple master keys are generated to correspond to expiration dates.).   

As per claim 33, Youn teaches a non-transitory computer-readable storage medium comprising executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least: obtain a first request for a first token, wherein the first token comprises a cryptographic key and information associated with a first key, wherein the first key is identified from a set of keys based on the information (Youn paragraph [0091], [0100], [0105]-[0106], Multiple master keys are generated to correspond to expiration dates.  Once an expiration date is reached, the master key will be deleted making it impossible to recover the customer key from any token that was encrypted with that master key.  Receiving a request for a customer key and a token.  Token comprises customer key encrypted with master key. the key manager determines which master key the 
decrypt, by using the first key, the cryptographic key (Youn paragraph [0103], [0105]-[0107], decrypt customer key with master key); 
obtain a second request for a second token (Youn paragraph [0091], [0100], [0105]-[0106], Multiple master keys are generated to correspond to expiration dates.  Once an expiration date is reached, the master key will be deleted making it impossible to recover the customer key from any token that was encrypted with that master key.  Receiving a request for a customer key and a token.  Token comprises customer key encrypted with master key.); 
select, a second key from the set of keys, the second key comprising an expiration (Youn paragraph [0091], [0099]-[0100], select master key to encrypt token/customer key); 
generate a second token comprising encrypted cryptographic key and an identifier of the encrypted cryptographic key; and provide the second token in response to the second request (Youn paragraph [0071], [0091], [0100], generating and providing token comprising encrypted customer key).  
Youn does not explicitly disclose encrypt, by using the second key, the cryptographic key to produce an encrypted cryptographic key; 
generate a second token comprising the encrypted cryptographic key; and provide the second token in response to the second request.  
Lee teaches encrypt, by using second key, data to produce an encrypted data (Lee paragraph [0075], the underlying data itself may now be decrypted using DOrgKeyN as the data decryption key (task 620).  The "raw" data is then re-encrypted with the current active key AOrgKeyN); 
generate a second data comprising the encrypted data; and provide the second data in response to request (Lee paragraph [0075], the underlying data itself may now be decrypted using DOrgKeyN as the data decryption key (task 620).  The "raw" data is then re-encrypted with the current active key AOrgKeyN (task 622), and returned).  
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Youn of encrypting customer keys with master keys 
Youn in view of Lee does not explicitly disclose select a key, the key comprising an expiration corresponding to a specified lifetime.
Perlman teaches select a key, the key comprising an expiration corresponding to a specified lifetime (Perlman paragraph [0038], Node A 12 selects the particular ephemeral key based on the key expiration date or other provided data such as the cryptographic strength of the key.  As discussed above, Node A 12 may also request a custom ephemeral key from the ephemerizer if none of the published keys meet its criteria.  Paragraph [0028], As shown in FIG. 1a, an ephemeral key pair list 10 includes a number of ephemeral key pairs 12… An expiration time 18, a Key ID 20, and other data 22, such as the cryptographic strength of the key).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Youn in view of Lee of generating and encrypting a customer key with the teachings of Perlman of specifying a lifetime and selecting a key with an expiration that matches the specified lifetime in order to allow the client to choose the validity/expiration of the key.

As per claim 35, Youn in view of Lee and Perlman teaches the non-transitory computer-readable storage medium of claim 33, wherein the first request is denied, based at least in part on a determination that the first request was obtained after expiration of the cryptographic key (Youn paragraph [0088]-[0089], [0091]-[0092], [0100], [0103], [0107], rejects request; Lee paragraph [0073]-[0077]).  

  As per claim 36, Youn in view of Lee and Perlman teaches the non-transitory computer-readable storage medium of claim 33, wherein the executable instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to determine, based at least in part on the identifier of the encrypted cryptographic key, a policy defining permission for using the encrypted cryptographic key (Youn paragraph [0021], [0071], [0084], [0088]-[0089], [0092], [0100], [0103], [0107], Policy include permission for the customer key; Lee paragraph [0073]-[0077]).  

As per claim 37, Youn in view of Lee and Perlman teaches the non-transitory computer-readable storage medium of claim 36, the instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to: determine whether fulfillment of the second request complies with the policy; decrypt the encrypted cryptographic key to produce a decrypted cryptographic key; and cause the computer system to use the decrypted cryptographic key to perform a cryptographic operation in accordance with the policy (Youn paragraph [0021], [0084], [0088]-[0089], [0092], [0100], [0107], receive a request for a customer key and token and process the request according to policy.  Policy include permission for the customer key.  Perform cryptographic operation using the decrypted customer key; Lee paragraph [0073]-[0077], request for key rotation of data and process request according to policy.  Perform cryptographic operation using the decrypted data).  

 As per claim 38, Youn in view of Lee and Perlman teaches the non-transitory computer-readable storage medium of claim 33, wherein the executable instructions further comprise instructions that, as a result of execution by the one or more processors, cause the computer system to provide a set of hardware devices access to the second token, by storing the second token in a hardware device of the set of hardware devices (Youn paragraph [0049], [0100], [0102], stored token; Lee paragraph [0073]-[0077]).  

 As per claim 39, Youn in view of Lee and Perlman teaches the non-transitory computer-readable storage medium of claim 38, wherein the set of hardware devices comprises a plurality of security modules (Youn paragraph [0051], plurality of security modules).  

 As per claim 40, Youn in view of Lee and Perlman teaches the non-transitory computer-readable storage medium of claim 39, wherein the plurality of security modules provide the second token to a web server of a front end of a cryptography service, and cause the web server to provide the second token in response to the second request (Youn paragraph [0049], [0051], [0100], [0102]-[0108], providing the token; Lee paragraph [0073]-[0077]).

Claims 22 and 34 are rejected under 35 U.S.C. 103 as being unpatentable over Youn in view of Lee and Perlman, and further in view of Wichmann et al. US2012/0272052 hereinafter referred to as Wichmann.
 As per claim 22, Youn in view of Lee and Perlman teaches the computer-implemented method of claim 21.
Youn in view of Lee and Perlman does not explicitly disclose further comprising performing one or more operations that cause a cryptography service to lose access to cryptographic key.  
Wichmann teaches further comprising performing one or more operations that cause a cryptography service to lose access to cryptographic key (Wichmann paragraph [0024]-[0025], one or more cryptographic keys are generated.  the generated keys are automatically transmitted to a server, preferably over a network, the internet or another data link between the server and the computer.  After the data has been sent to the server, the original feature values and the generated keys are deleted from the computer, so they are no longer available for further use.).  
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Youn in view of Lee and Perlman of generating and encrypting a customer key with the teachings of Wichmann of deleting a key after it’s generated and transmitted in order to prevent unauthorized access and use of the customer key.

 As per claim 34, Youn in view of Lee and Perlman teaches the non-transitory computer-readable storage medium of claim 33.
Youn in view of Lee and Perlman does not explicitly disclose wherein executable instructions further comprise instructions that, as a result of execution by one or more processors, cause computer system to lose access to cryptographic key.  
Wichmann teaches wherein executable instructions further comprise instructions that, as a result of execution by one or more processors, cause computer system to lose access to cryptographic key (Wichmann paragraph [0024]-[0025], one or more cryptographic keys are generated.  the generated keys are automatically transmitted to a server, preferably over a network, the internet or another data link between the server and the computer.  After the data has been sent to the server, the original feature 
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Youn in view of Lee and Perlman of generating and encrypting a customer key with the teachings of Wichmann of deleting a key after it’s generated and transmitted in order to prevent unauthorized access and use of the customer key.

Claims 25-30 and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Youn et al. US2008/0019527 hereinafter referred to as Youn, in view of Lee et al. US2012/0140923 hereinafter referred to as Lee.
 As per claim 25, Youn teaches a system, comprising: a processor; and memory comprising executable instructions that, as a result of execution by the processor, cause the system to at least: a lifetime of a cryptographic key, the cryptographic key being encoded within a first token (Youn paragraph [0036], [0089], [0091], [0100], a customer key encrypted in a token.  Expiration value 508 specifies how long token 300 is valid. Once token 300 has expired, token 300 can no longer be used to obtain customer key 302.  The expiration of token 300 facilitates in expiring customer key 302. Multiple master keys are generated to correspond to expiration dates.  Once an expiration date is reached, the master key will be deleted making it impossible to recover the customer key from any token.); 
select a first domain key from a set of domain keys, based at least in part on an identifier of the first domain key (Youn paragraph [0089], [0091], [0105]-[0107], Expiration value 508 specifies how long token 300 is valid. Once token 300 has expired, token 300 can no longer be used to obtain customer key 302.  The expiration of token 300 facilitates in expiring customer key 302. multiple master keys are generated to correspond to expiration dates.  Once an expiration date is reached, the master key will be deleted making it impossible to recover the customer key from any token. the key manager determines which master key the token is encrypted with by looking at an unencrypted portion of the token… the key manager can determine which master key the token is encrypted with by: examining key portions of the token… Once the token is decrypted… The customer key is then used to encrypt/decrypt data); 

select, from the set of domain keys, a second domain key with an expiration corresponding to new lifetime (Youn paragraph [0091], [0099]-[0100], select master key to encrypt token/customer key); 
encode encrypted cryptographic key within a second token; and provide the second token in response to request (Youn paragraph [0071], [0091], [0100], generating and providing token comprising encrypted customer key).  
Youn does not explicitly disclose obtain a request to change a lifetime of a cryptographic key to a new lifetime; 
encrypt, by using the second domain key, the cryptographic key to produce an encrypted cryptographic key; 
encode the encrypted cryptographic key within a second token; and provide the second token in response to the request.  
Lee teaches obtain a request to reencrypt data (Lee paragraph [0073]-[0077], a request to perform key rotation.  When it is desired to update all or a significant portion of an organization's data to a new key version, rotation process 600 may be commenced…Having obtained the decrypted value DOrgKeyN of the key associated with the data being rotated, the underlying data itself may now be decrypted using DOrgKeyN as the data decryption key (task 620).  The "raw" data is then re-encrypted with the current active key AOrgKeyN… the now obsolete OrgKeyN is exported from the server); 
encrypt, by using second domain key, data to produce an encrypted data (Lee paragraph [0075], the underlying data itself may now be decrypted using DOrgKeyN as the data decryption key (task 620).  The "raw" data is then re-encrypted with the current active key AOrgKeyN); 
the encrypted data within a second data; and provide the second data in response to the request (Lee paragraph [0075], the underlying data itself may now be decrypted using DOrgKeyN as the data decryption key (task 620).  The "raw" data is then re-encrypted with the current active key AOrgKeyN (task 622), and returned).  


 As per claim 26, Youn in view of Lee teaches the system of claim 25, wherein the first domain key is selected as a result of a determination that the first domain key is available in the first token, the determination based at least in part on the request being obtained before expiration of the cryptographic key in the first token (Youn paragraph [0089], [0091], [0105]-[0107], Expiration value 508 specifies how long token 300 is valid. Once token 300 has expired, token 300 can no longer be used to obtain customer key 302.  The expiration of token 300 facilitates in expiring customer key 302.  Multiple master keys are generated to correspond to expiration dates.  Once an expiration date is reached, the master key will be deleted making it impossible to recover the customer key from any token. the key manager determines which master key the token is encrypted with by looking at an unencrypted portion of the token… the key manager can determine which master key the token is encrypted with by: examining key portions of the token… Once the token is decrypted… The customer key is then used to encrypt/decrypt data; Lee paragraph [0073]-[0075], key rotation of data)(It is obvious to one of ordinary skill in the art that in order to decrypt the token/customer key the master key must not be expired.  It is also obvious to one of ordinary skill in the art that in order to use the customer key the token must not be expired).  

 As per claim 27, Youn in view of Lee teaches the system of claim 25, wherein the identifier of the first domain key references a data structure of a cryptography service that maintains the set of domain keys (Youn paragraph [0047], [0091], [0105]-[0106], administrator 102 creates a secret key store on key manager 180 and generates a master key which is stored in key manager 180.  Multiple master keys are generated to correspond to expiration dates.  Once an expiration date is reached, the master key will be deleted making it impossible to recover the customer key from any token. the key manager 

 As per claim 28, Youn in view of Lee teaches the system of claim 27, wherein the set of domain keys are inaccessible outside of the cryptography service (Youn paragraph [0047], [0054], [0091], administrator 102 creates a secret key store on key manager 180 and generates a master key which is stored in key manager 180.  These master keys are used only by the key manager and are not disseminated to clients. Multiple master keys are generated to correspond to expiration dates.).  

 As per claim 29, Youn in view of Lee teaches the system of claim 27, wherein the cryptographic service comprises a web server that obtains the request and processes the request in accordance with a policy associated with the cryptographic key, wherein the policy specifies a set of permissions for the cryptographic key, and controls fulfillment of requests to use the cryptographic key (Youn paragraph [0021], [0084], [0088]-[0089], [0092], [0100], receive a request for a customer key and token and process the request according to policy.  Policy include permission for the customer key; Lee paragraph [0073]-[0077], request for key rotation of data and process request according to policy).

 As per claim 30, Youn in view of Lee teaches the system of claim 25, wherein, as a result of determining fulfilment of the request is not authorized, the system denies the request (Youn paragraph [0088]-[0089], [0091]-[0092], [0100], [0103], [0107], rejects request; Lee paragraph [0073]-[0077]).  

 As per claim 32, Youn in view of Lee teaches the system of claim 26, wherein the determination whether the first domain key is available in the first token is by performed a service of a cryptographic service (Youn paragraph [0089], [0091], [0105]-[0107], Expiration value 508 specifies how long token 300 is valid. Once token 300 has expired, token 300 can no longer be used to obtain customer key 302.  The expiration of token 300 facilitates in expiring customer key 302.  Multiple master keys are generated to correspond to expiration dates.  Once an expiration date is reached, the master key will be deleted .  

Claim 31 is rejected under 35 U.S.C. 103 as being unpatentable over Youn in view of Lee, and further in view of Youn 2007/0230706 hereinafter referred to as Youn ‘706.
 As per claim 31, Youn in view of Lee teaches the system of claim 27.
Youn in view of Lee does not explicitly disclose wherein cryptographic service comprises a set of hardware security modules.  
Youn ‘706 teaches wherein cryptographic service comprises a set of hardware security modules (Youn ‘706 paragraph [0053], HSM)(It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have a plurality of HSMs, since it has been held that mere duplication of parts involves only routine skill in the art).  
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Youn in view of Lee of encrypting customer keys with master keys where the master keys have corresponding expirations dates with the teachings of Youn ‘706 to include storing master key in a HSM in order to enhance the security of the master keys.  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959.  The examiner can normally be reached on M-F 8am - 5pm EST.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HENRY TSANG/             Primary Examiner, Art Unit 2495