Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Response to Amendment
This is a reply to the application filed on 02/17/2021, in which, claim(s) 1-20 is/are pending. 

Claim Objection: 
Applicant’s arguments with respect to objection of claim(s) 2-11 and 13-19 have been considered. The objection have been withdrawn in view of the amendment to claim.

Claim Rejections - 35 U.S.C. § 112:
Applicants’ arguments with respect to 112 2nd paragraph with rejection of claim(s) 1-11 have been fully considered and are not persuasive; however, is overcome during the interview on 5/10/2021 with the Examiner Amendment.

Claim Rejections - 35 U.S.C. § 101:
Applicants’ arguments with respect to claim(s) 1-11 have been fully considered and are not persuasive; however, is overcome during the interview on 5/10/2021 with the Examiner Amendment.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Attorney Gregory Smith at 312.474.6620 on 05/10/2021.
The application has been amended as follows:
Claim 1. (Currently Amended)  A data protection system comprising:
an administrator computing device that is managed by an administrator and connected to a customer network;
a backend server having a processor and a memory for providing a secure data storage facility to the customer network; and
at least one key controller hosted on the customer network;  wherein
the administrator computing device, the key controller, and the backend server use a hierarchy of cryptographic keys to cryptographically protect data of the customer network, the hierarchy of keys being distributed between the administrator computing device, the key controller and the backend server and comprising a plurality of encryption layers that are applied to encrypt the data of the customer network, the hierarchy of keys comprising a first master key that is derived from a password selected by based on the password selected by the administrator and the second master key is generated by the at least one key controller, and wherein the first and second master keys provide two paths through the hierarchy of keys in order to facilitate the customer network to have redundancy of access to the first and second master keys.

Claims 2-3. (Cancelled)

Claim 12. (Currently Amended)  A computer-implemented method for protecting data, the method comprising:
enabling a backend server to provide a secure data storage facility to a customer network that is managed by an administrator utilizing an administrator computing device connected to the customer network;
providing at least one key controller to be hosted on the customer network; 
protecting data of the customer network with a hierarchy of cryptographic keys that are distributed between the administrator computing device, the key controller and the backend server and comprising a plurality of encryption layers that are applied to encrypt the data of the customer network, the hierarchy of keys comprising a first master key that is derived from a password selected by 
generating the first master key by the administrator computing device based on the password selected by the administrator and generating the second master key by the key controller; and
providing two paths through the hierarchy of keys by way of the first and second master keys in order to facilitate the customer network to have redundancy of access to the first and second master keys.

Claims 13-14.	(Canceled) 

Claim 20. (Currently Amended)  A computer program product for protecting data, the computer program product comprising a non-transitory computer-readable medium having stored computer-readable program code for performing the steps of:
enabling a backend server to provide a secure data storage facility to a customer network that is managed by an administrator utilizing an administrator computing device 
providing at least one key controller to be hosted on the customer network; 
protecting data of the customer network with a hierarchy of cryptographic keys that are distributed between the administrator computing device, the key controller and the and comprising a plurality of encryption layers that are applied to encrypt the data of the customer network, the hierarchy of keys comprising a first master key that is derived from a password selected by 
generating the first master key by the administrator computing device based on the password selected by the administrator and generating the second master key by the key controller; and
providing two paths through the key hierarchy by way of the first and second master keys in order to facilitate the customer network to have redundancy of access to the first and second master keys.

Allowable Subject Matter
Claims 1, 4-12 and 15-20 are allowed.

The following is an examiner’s statement of reasons for allowance: 
Independent Claim(s) and their respective dependent claims are allowable over prior arts since the prior arts taken individually or in combination fails to particular discloses, fairly suggest or render obvious the following italic limitations:

 “protecting data of the customer network with a hierarchy of cryptographic keys that are distributed between the administrator computing device, the key controller and the backend server and comprising a plurality of encryption layers that are applied to encrypt the data of the customer network, the hierarchy of keys comprising a first master key that is derived from a password selected by the administrator and a second master key that is associated with the key controller and one or more derived keys that are derived from the first and second master keys, wherein at least one of the first and second master keys are kept resident only on the customer network and at least one of the derived keys are kept resident on the backend server, thereby inhibiting the backend server from obtaining access to plaintext data and master keys of the customer network;
generating the first master key by the administrator computing device based on the password selected by the administrator and generating the second master key by the key controller…” in combination with other limitations recited as specified in the independent claim(s). Rather, the primary reference discloses a system for automated cryptographic key management comprises a key control system, a key management agent system, and a key system application program interface.  A method for automated cryptographic key management is also disclosed.  The method comprises the automatic generation of cryptographic keys by the key control system and distribution of such keys by the key control system to the key management agent system. Similarly, the secondary reference discloses transparently provide data security using a cryptographic file system layer that selectively intercepts and modifies (e.g., by encrypting) data to be stored in a designated director.  The cryptographic file system layer can be used in combination with one or more cryptographic approaches to provide a server-based secure data solution that makes data more secure and accessible, while eliminating the need for multiple perimeter hardware and software technologies.  Accordingly, the claims are allowed.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAO Q HO whose telephone number is (571)270-5998.  The examiner can normally be reached on 7:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/DAO Q HO/Primary Examiner, Art Unit 2432