Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
	This action is in response to the communication filed on 9/3/2019.
  Claims 1-20 are examined. 
 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 9/3/2019, 3/23/2020 and 2/12/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.






Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable by U.S. Publication 2019/0318102 to Araya et al. (hereinafter known as “Araya”) and U.S. Publication 2019/0342079 to Rudzitis et al. (hereinafter known as “Rudzitis”). 

As per claim 1 Araya teaches, a method of rewiring a key management system (KMS) service instance (SI) with associated keys, the method comprising: 
in response to a request (Araya Fig 2C – element 203, para 76 teaches where security manager 150 receives request to encrypt / decrypt dataset), deleting a first SI that is mapped to one or more keys (Araya Fig 2C and 2D, para 76-78 and 85-87 teaches purge request to delete service related to keys. Further Figs 3A – D teaches kill switch which deletes the function and all other associating data including keys); 
Araya does not teach however Rudzitis teaches, 
creating a second SI (Rudzitis Fig 5 – element 508, 510, para 36-38 where identifying the memory cluster in HSM to store the key is interpreted as second SI); and 
mapping the second SI to the one or more keys (Rudzitis Fig 5 – element 506 para 36 teaches where function of saving the cryptographic key interpreted as SI associated with MEK (master encryption key), covers claimed limitation).


At the time of invention it would have been obvious to one of ordinary skill in the art, having the teachings of Araya-Rudzitis before him or her, to teach encryption of data with kill switch or force delete with Rudzitis’s teaching of remapping of service with key(s). The suggestion/motivation for doing so would have been to control access to cryptographic keys to ensure integrity of data (Rudzitis para 1).
Examiner further notes that – concept of ‘force kill’ and reconnection of apps after switch on / off (interpreted as deletion of session keys) is well known in art. 
As per claim 2 combination of Araya-Rudzitis teaches, the method of claim 1, wherein the first SI is mapped to a database schema and is associated with a uniform resource locator (URL) that allows a user to manage the keys (Araya para 50 teaches URI and URL in DSID (data set identifier) to manage keys).
As per claim 3 combination of Araya-Rudzitis teaches, the method of claim 2, wherein deleting the first SI causes access to the keys by the user to be deleted (Araya para 97 Fig 3D element 302 A, B, C which disabling of key which is similar to deletion of key).
As per claim 4 combination of Araya-Rudzitis teaches, the method of claim 1, wherein the keys comprise master encryption keys (MEKs) and are stored in a hardware security module (HSM) (Araya Fig 2A para 55 teaches master key stored in HSM).
As per claim 5 combination of Araya-Rudzitis teaches, the method of claim 2, wherein the mapping the second SI to the one or more keys comprises mapping the mapping the second SI to the database schema (Rudzitis para 42 teaches access to database for key management server). 
At the time of invention it would have been obvious to one of ordinary skill in the art, having the teachings of Araya-Rudzitis before him or her, to teach encryption of data with kill switch or force delete with Rudzitis’s teaching of remapping of service with key(s). The suggestion/motivation for doing so would have been to control access to cryptographic keys to ensure integrity of data (Rudzitis para 1).
As per claim 6 combination of Araya-Rudzitis teaches, the method of claim 1, wherein in response to the deleting the first SI, the keys are deleted after an expiration of a predefined time period (Araya Fig 2B para 62 teaches expiration of DEK (encryption key) in predetermined time period).
As per claim 7 combination of Araya-Rudzitis teaches, the method of claim 1, wherein the mapping is implemented by a mid-tier of the KMS (Rudzitis para 58 teaches mid-tier service), wherein the mid-tier is implemented by one or more micro services (Rudzitis para 60 teaches service associated with webinterface / app based / API based or mid-tier based which is interpreted as micro service. Motivation is same as explained in claim 1 and 5).
As per claim 8 Araya teaches, a key management system (KMS) comprising: 
the mid-tier adapted to, in response to a first request, delete a first service instance (SI) that is mapped to one or more keys (Araya Fig 2C and 2D, para 76-78 and 85-87 teaches purge request to delete service related to keys. Further Figs 3A – D teaches kill switch which deletes the function and all other associating data including keys). 
Araya does not teach however Rudzitis teaches, 
a mid-tier comprising one or more microservices (Rudzitis para 58-60 teaches mid-tier service); and 
a data tier coupled to mid-tier and comprising one or more hardware security modules (HSMs) and one or more databases (Rudzitis Fig 5 para 38-39 teaches Key server (data tier) and HSM modules element 500, 518 and 520); 
in response to a second request, create a second SI, and map the second SI to the one or more keys (Rudzitis Fig 5 – element 508, 510, para 36-38 where identifying the memory cluster in HSM to store the key is interpreted as second SI and where identifying the memory cluster in HSM to store the key is interpreted as second SI and Rudzitis para 60 teaches service associated with web-interface / app based / API based or mid-tier based which is interpreted as micro service).

At the time of invention it would have been obvious to one of ordinary skill in the art, having the teachings of Araya-Rudzitis before him or her, to teach encryption of data with kill switch or force delete with Rudzitis’s teaching of remapping of service with key(s). The suggestion/motivation for doing so would have been to control access to cryptographic keys to ensure integrity of data (Rudzitis para 1).
Claim 9,
Claim 9 is rejected in accordance with claim 2.
Claim 10,
Claim 10 is rejected in accordance with claim 3.
Claim 11,
Claim 11 is rejected in accordance with claim 4.
Claim 12,
Claim 12 is rejected in accordance with claim 5.
Claim 13,
Claim 13 is rejected in accordance with claim 6.
Claim 14,
Claim 14 is rejected in accordance with claim 1.
Claim 15,
Claim 15 is rejected in accordance with claim 2.
Claim 16,
Claim 16 is rejected in accordance with claim 3.
Claim 17,
Claim 17 is rejected in accordance with claim 4.
Claim 18,
Claim 18 is rejected in accordance with claim 5.
Claim 19,
Claim 19 is rejected in accordance with claim 6.
Claim 20,
Claim 20 is rejected in accordance with claim 7.

Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Machani et al US Patent 9,667,416 discloses protecting master encryption keys by splitting into multiple key shares using polynomial secret sharing schemes with remote key management server and system administrator and as described in Fig 2 and 9. 
Cignetti et al US Patent 10,693,638 discloses secret cryptographic key stored in protected state where encrypted key(s) are recreated the plaintext version of the secret key as described in Fig 3. 
Shiramshetti et al US Patent 10,922,132 discloses techniques for securely migrating servers from customer networks with backup proxy including 
Gilpin et al US Publication 2018/0316676 discloses access to protected network resource via access keys as described in Fig 1.  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRAL S LAKHIA whose telephone number is (571)270-3363.  The examiner can normally be reached on 8 am - 6 pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRAL S LAKHIA/Examiner, Art Unit 2431