DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on January 29, 2021 has been entered.
 
Response to Arguments
Applicant's arguments (“REMARKS”) filed January 29, 2021 have been fully considered but are now moot in view of a new ground of rejection.
Claims 1-20 are currently pending. Claims 1-3, 6, and 8-17 were amended.

Re: III. RESPONSE TO REJECTION OF CLAIMS 10-14 UNDER 35 U.S.C. 101
The rejection of claims 10-14 as being directed to non-statutory subject matter has been withdrawn in view of the amendments.

Re: IV.-VI. RESPONSE TO REJECTIONS UNDER 35 U.S.C. 103
The applicant’s arguments to the 103 rejections on pp. 11-12 of the REMARKS are now moot in view of a new ground of rejection. However, after further consideration and search, 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claims 2, 4, 7 are objected to because of the following informalities:
Claims 2, 4, 7 should be corrected to “the first data encryption key” to be consistent with the rest of the usage of the term in the other claims.
Appropriate correction is required.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-7 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Shankar et al. (hereinafter, “Shankar”), US 8,914,632 in view of Narayan et al. (hereinafter, “Narayan”), US 9,413,730 in further view of Blakely et al. (hereinafter, “Blakely”), US 9,379,890 and in further view of Raman et al. (hereinafter, “Raman”), US 2009/0034733.
As per claim 1: Shankar discloses: A method for managing imported data (methods and systems for managing access to stored data resources on a hosted storage service, such as cloud-based storage services [Shankar, col. 1, lines 15-20 & 33-50; Abstract]), comprising: encrypting the data (a keystore 109, an interface backend device 108, or another device generates encryption keys, which are used to encrypt or decrypt the data resources; the keys are stored in the keystore and retrieved by the interface backend device [Shankar, col. 6, lines 1-22]), (storing encrypted data resources [Shankar, col. 4, lines 50-59]); caching data encryption keys within cache storage of the platform, (a key pouch created by the ACL service is created as a cache for encryption keys to reduce the number of requests to the keystore [Shankar, col. 6, line 46 – col. 7, line 3]), wherein accessing data pertaining to the organization within the platform comprises: retrieving an identifier of the first data encryption key (receiving a data identifier, wherein the metadata maps the identifier to one or more resources [Shankar, col. 5, lines 10-23]), (the backend interface device determines if a requesting client is authorized to use an encryption key based on an access control list (ACL) 118,  [Shankar, col. 6, lines 9-23 & 46-60; Fig. 2]); and  
Shankar does not describe the data resources as “pertaining to an organization” and that “access to the first data encryption key through the key management service is controlled by the organization”. Shankar merely discloses the data resources pertaining to a single user (…a user uploads a data resource…), wherein said user determines one or more roles for accessing the data resources [Shankar, col. 7, lines 16-32]. However, Narayan is directed to analogous art of an encryption key management system and method for an enterprise using cloud-based data storage services [Narayan, col. 2, lines 33-39]. The enterprise (e.g. “organization”) brokers encryption keys to a network intermediary to encrypt sensitive data stored in cloud service providers. Therefore, the enterprise maintains and manages its own data encryption key through the key management service” is in complete control of the “organization”, or the enterprise). See [Narayan, col. 2, lines 33-47]. 
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to implement Shankar’s system into an enterprise environment, as disclosed in Narayan. As discussed in the background section of [Narayan, col. 1, lines 15-30], cloud computing services have been increasingly being adopted by businesses and security of cloud-based data storages are needed to securely store sensitive data. In order to achieve such objectives, Narayan presents features where an enterprise controls the keys to encrypt data in the cloud. Therefore, it would have been advantageous to enable the data resources’ user (or enterprise) to have control of the keys used to encrypt/decrypt the data resources in Shankar.
Shankar and Narayan do not disclose: “using the retrieved identifier to determine whether the first data encryption key is available within the cache storage of the platform, and requesting access to the first data encryption key from the key management service in response to determining that the first data encryption key is not available within the cache storage”. However, Blakely is directed to analogous art of cryptographic key management in a multi-tenant cloud computing and storage environment [Blakely, col. 1, lines 6-10]. A key identifier is requested and determined if the key is already stored in a cache at a key management server, or KMS, (“using the retrieved identifier...available within the cache”) [Blakely, col. 2, lines 7-26]. If the key is not stored in the cache of the KMS, the key is requested from a hardware security module [Blakely, col. 3, lines 5-12].

Shankar, Narayan, and Blakely do not disclose “in response to a request to purge data pertaining to the organization from the platform: purging the first data encryption key from the cache storage of the platform, and removing decrypted data pertaining to the organization from the platform” However, Raman is directed to analogous art of securing stored data using data encryption [Raman, ¶1]. A storage system client responds to a request for stored encrypted data, wherein the encrypted data is decrypted and transferred. Subsequently, the decrypted data and decryption key is deleted from the storage system client (“purging… and removing…”) [Raman, ¶34].
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to include a feature to delete any decrypted files and the decryption key, as suggested in Raman, when a cryptographic key is revoked in the modified system of Shankar in view of Narayan. This would have ensured that not only would the key be made invalid, but the key is completely removed and any files obtained through decryption of said key would no longer be accessible.

As per claim 2: Shankar in view of Narayan, Blakely and Raman disclose all limitations of claim 1. Furthermore, Shankar in view of Narayan, Blakely and Raman disclose: further comprising: storing secure key data pertaining to the first data encryption key within the persistent storage of the platform, wherein requesting access to the data encryption key comprises: retrieving the stored secure key data, and transmitting at least a portion of the secure key data to the key management service (storing keys in the keystore and retrieved by the interface backend device [Shankar, col. 6, lines 1-8]). 

As per claim 3: Shankar in view of Narayan, Blakely and Raman disclose all limitations of claim 2. Furthermore, Shankar in view of Narayan, Blakely and Raman disclose: further comprising obtaining at least a portion of the secure key data from the key management service (storing keys in the keystore and retrieved by the interface backend device [Shankar, col. 6, lines 1-8]). 

As per claim 4: Shankar in view of Narayan, Blakely and Raman disclose all limitations of claim 2. Furthermore, Shankar in view of Narayan, Blakely and Raman disclose: wherein the secure key data comprises the data encryption key wrapped in one of a master key and a key encryption key associated with the master key (the encryption keys are wrapped [Shankar, col. 6, lines 9-23]). 

As per claim 5: Shankar in view of Narayan, Blakely and Raman disclose all limitations of claim 4. Furthermore, Shankar in view of Narayan, Blakely and Raman disclose: wherein the master key is maintained within a hardware security module of the key management service (a hardware security module (HSM) within the enterprise stores a key encryption key (KEK) 

As per claim 6: Shankar in view of Narayan, Blakely and Raman disclose all limitations of claim 4. Furthermore, Shankar in view of Narayan, Blakely and Raman disclose: wherein access to the master key at the key management service is controlled by the organization (the enterprise manages the KEK [Narayan, col. 4, line 54 – col. 5, line 6]), and wherein the key management service is configured to provide the requested access to the first data encryption key in response to determining that the organization has authorized the platform to access the master key (the ACLs identify which users, or user groups, are authorized to access the data resources using the wrapped key [Shankar, col. 6, lines 24-33]). 

As per claim 7: Shankar in view of Narayan, Blakely and Raman disclose all limitations of claim 4. Furthermore, Shankar in view of Narayan, Blakely and Raman disclose: wherein the key management service is configured to refuse access to the data encryption key in response to determining that the organization has revoked access to the master key (revoking the KEK to invalidate data encryption keys used to encrypt or decrypt data on behalf of the enterprise [Narayan, col. 5, lines 31-45]). 

As per claim 15: Claim 15 is different in overall scope from claim 1 but recites substantially similar subject matter as claim 1. Claim 15 is directed to a non-transitory computer-readable storage comprising instructions corresponding to method of claim 1. Thus, the response provided above for claim 1 is equally applicable to claim 15.

As per claim 16: Shankar in view of Narayan, Blakely and Raman disclose all limitations of claim 15. Furthermore, Shankar in view of Narayan, Blakely and Raman disclose: the operations further comprising: receiving an imported dataset pertaining to the first entity for persistent storage within the distributed platform (receiving a request to create or share a resource in the hosted storage service [Shankar, col. 6, lines 46-56]); determining whether the first data encryption key is expired; in response to determining that the first data encryption key is not expired, using the first data encryption key to encrypt the imported dataset; and in response to determining that the first data encryption key is expired, requesting a second data encryption key from the key management service, and using the second data encryption key to encrypt the imported dataset (in [Narayan, col. 5, lines 7-22], a KEK (“master key”) is used to encrypt key material that is provided to the network intermediary to derive a data encryption key (e.g. “first/second data encryption key”) to encrypt the enterprise’s data in the cloud; the key material are limited and expires after a period a time, in which new key material are provided in order to generate the keys [Narayan, col. 6, lines 14-24]). 

Allowable Subject Matter
Claims 10-14 are allowable.
s 8, 9, and 17-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:
Claims 8-14 include limitations of assigning “identifiers to decrypted datasets within the system, and utilize the identifiers to select decrypted datasets to purge from the system in response to a purge request.” It was common in the art to remove/delete sensitive data from a computer system to mitigate risks. The more time that unencrypted sensitive data remains available on a system, the more vulnerable that data becomes in being exposed or stolen. There have been various prior arts that teach features of removing sensitive data (e.g. cryptographic keys, decrypted data, etc.) to avoid the aforementioned scenario. For example:
US 2019/0229908: Discloses a tenant requesting a tenant-specific encryption key to be deleted on a cloud platform storing data records encrypted by said key.
US 2019/0097791: Discloses removing an encryption key from a distributed cache of a database system based on a destruction request message.
US 2019/0296900: Discloses deleting an encryption key and all decrypted version of sensitive data. The deletions are explicit (based on an instruction) or implicit (based on a software completing execution).
US 2015/0370725: Discloses deleting an encryption key, which effectively “deletes” (but without removing the object itself) data objects encrypted by said key, as the data objects can no longer be decrypted.
US 2015/0304315: Discloses deleting a user key and any decrypted database data from platform memory after user session ends.
US 2016/0028699: Discloses generating an encryption key from a unique identifier and user password, decrypting data, sending said decrypted data to a client device, and deleting both the encryption key and decrypted data.
Thus, as evident from the cited prior arts, the act of purging decrypted data is not novel or inventive. Such actions were well-known features in storage and database technologies. However, the prior arts fail to disclose associating, tagging, assigning, or the like, “identifiers to decrypted datasets” and using said identifiers as a means of selective deletion in response to a purge request. Thus, the aforementioned claims contain allowable subject matter.
Furthermore, claims 17-20 are directed to features not taught in the cited prior arts. The most relevant prior arts are that cited in the above 103 rejection. In Narayan, only the key materials, which are used to derive the key encrypting keys, have expiration times. The keys themselves do not have expiration times. Key materials are replaced to derive new keys. Shankar is directed to a key pouch for storing keys and does not explicitly disclose or suggest storing materials to derive keys.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT B LEUNG whose telephone number is (571)270-1453.  The examiner can normally be reached on Mon - Thurs: 10am-7pm ET.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        5-14-2021