DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This written action is responding to the Amendment dated on April 02, 2021.
In the amendment dated on April 02, 2021, claims 1, 5, 9 and 16-18 have been amended.
Claims 1-2, 4-15 and 17-20 are allowed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to Applicant, an amendment may filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Mr. Paul M. Vogel of registration number 74,774, on April 21, 2021.  During the telephone conference, Mr. Vogel has agreed and authorized the examiner to further amend Claims 1-2. 4-15 and 17-20 on the amendment dated on April 02, 2021.

Claims
Replacing Claims 1-2, 4-15 and 17-20 of the amendment dated on April 02, 2021 with the following:

Claim 1.	
A computer-implemented method for changing cryptographic keys in high-frequency transaction environments, the method comprising:
employing, by a server device, hardware security modules (HSMs) coupled to the server device to decrypt messages being communicated from a client device, wherein the messages being communicated are encrypted with a first working cryptogram generated based on a first master key of the HSMs;
generating, by the server device, a notification that includes a second working cryptogram for transmission to the client device, wherein the second working cryptogram is generated based on a second master key replacing the first master key on a subset of the HSMs; and
causing, by the server device, the messages being communicated from the client device to be encrypted with the included second working cryptogram based on the transmitted notification, the subset of the HSMs being employed to decrypt the communicated messages encrypted with the included second working cryptogram while a remaining subset of the HSMs is employed to decrypt the communicated messages encrypted with the first working cryptogram, wherein the subset of the HSMs comprises at least one HSM and the remaining subset of the HSMs comprises at least one different HSM, the subset of the HSMs and the remaining subset of the HSMs being concurrently employed, and wherein the remaining subset of the HSMs is employed to decrypt at least one message communicated before the messages were caused to be encrypted with the second working cryptogram. 
Claim 2.	
The computer-implemented method of claim 1, wherein the employing, generating, and causing is performed while the messages encrypted with the first working cryptogram are being communicated.

Claim 3.	(Canceled) 

Claim 4.	
The computer-implemented method of claim 1, wherein each one of the messages is received by the server device for further communication to an application service provided by the server device.

Claim 5.	
The computer-implemented method of claim 1,
wherein the messages are being communicated to a URI that is mapped to a first address of the server device for receiving the communicated messages encrypted with the first working cryptogram, and 
wherein the mapped URI is modified based on the transmitted notification, the modified URI being mapped to a second address of the server device for receiving the communicated messages encrypted with the second working cryptogram.
Claim 6.	
The computer-implemented method of claim 5,
wherein the subset of the HSMs is selected for employment based on a communicated message being received via the first address, and the remaining subset of the HSMs is selected for employment based on the communicated message being received via the second address.
Claim 7.	
The computer-implemented method of claim 5, wherein the mapped URI is modified by the client device based on a detected acknowledgement of the communicated notification.
Claim 8.	
The computer-implemented method of claim 1, wherein the first working cryptogram is provisioned on the client device, and the second working cryptogram is provisioned on the client device based at least in part on the transmitted notification, the computer-implemented method further comprising:
de-provisioning, by the server device, the provisioned first working cryptogram based on a determined inactivity associated with the remaining subset of the HSMs.
Claim 9.	
A non-transitory computer storage medium storing computer-useable instructions that, when used by one or more computing devices, cause the one or more computing devices to perform operations comprising:
employing a working key encrypted with a first master key stored on hardware security modules (HSMs) to decrypt messages being communicated from a client device, wherein the messages being communicated are each encrypted with a first working cryptogram generated based on the working key being encrypted with the first master key;
generating a notification that includes a second working cryptogram, wherein the second working cryptogram was generated based on the working key being encrypted with a second master key, the second master key replacing the first master key on a first subset of the HSMs;
causing the messages being communicated to each to be encrypted with the included second working cryptogram based on a transmission of the generated notification to the client device; and
concurrently employing the working key encrypted with the second master key on the first subset of the HSMs and the working key encrypted with the first master key stored on a remaining subset of the HSMs to decrypt the communicated messages, wherein the first subset of the HSMs comprises at least one HSM and the remaining subset of the HSMs comprises at least one different HSM.
Claim 10.	
The non-transitory computer storage medium of claim 9, wherein the working key encrypted with the first master key is employed to decrypt a communicated message 
Claim 11.	
The non-transitory computer storage medium of claim 9, wherein a communicated message is encrypted with the first working cryptogram based on the first working cryptogram being provisioned on the client device, and wherein the second working cryptogram is provisioned on the client device based at least in part on the transmission of the generated notification.
Claim 12.	
The non-transitory computer storage medium of claim 11, wherein the second working cryptogram is provisioned on the client device based further in part on an acknowledgement of the transmitted notification by the client device.
Claim 13.	
The non-transitory computer storage medium of claim 11, the operations further comprising:
de-provisioning the first working cryptogram based at least in part on a determined inactivity associated with the first master key.
Claim 14.	
The non-transitory computer storage medium of claim 13, wherein the first working cryptogram is de-provisioned based further in part on the first master key being replaced with the second master key.
Claim 15.	


Claim 16.	(Canceled) 
Claim 17.	
A computerized system comprising: 
one or more processors; and
one or more computer storage media storing computer-usable instructions that, when used by the one or more processors, cause the one or more processors to:
employ hardware security modules (HSMs) to decrypt messages being communicated from a client device, wherein the messages being communicated are encrypted with a first working cryptogram generated based on a first master key of the HSMs;
generate a notification that includes a second working cryptogram, the second working cryptogram being generated based on a second 
based at least in part on the transmission of the generated notification, employing the first subset of the HSMs to decrypt a communicated message encrypted with the second working cryptogram while a remaining subset of the HSMs is employed to decrypt another communicated message encrypted with the first working cryptogram, the another communicated message encrypted with the first working cryptogram being communicated before the client device was caused to encrypt the messages with the second working cryptogram, wherein the first subset of the HSMs comprises at least one HSM and the remaining subset of the HSMs comprises at least one different HSM, the first subset of the HSMs and the remaining subset of the HSMs being concurrently employed.
Claim 18.	
The system of claim 17, wherein the transmission of the generated notification to the client device causes the client device to encrypt the messages being communicated with the included second working cryptogram while previously-provisioned messages from the client device are inflight and are encrypted with the first working cryptogram.
Claim 19.	

Claim 20.	
The system of claim 17, wherein the first cryptogram is generated based on a working key encrypted with the first master key, and the second cryptogram is generated based on the working key encrypted with the second master key.

Allowable Subject Matter
Claims 1-2, 4-15 and 17-20 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
Independent claim 1 is allowable based on the amendment presented  dated on April 02, 2021 and the examiner’s amendment dated on April 29, 2021.
Specifically, the independent claim 1 now recites limitations as follows:

“A computer-implemented method for changing cryptographic keys in high-frequency transaction environments, the method comprising:
employing, by a server device, hardware security modules (HSMs) coupled to the server device to decrypt messages being communicated from a client device, wherein the messages being communicated are 
generating, by the server device, a notification that includes a second working cryptogram for transmission to the client device, wherein the second working cryptogram is generated based on a second master key replacing the first master key on a subset of the HSMs; and
causing, by the server device, the messages being communicated from the client device to be encrypted with the included second working cryptogram based on the transmitted notification, the subset of the HSMs being employed to decrypt the communicated messages encrypted with the included second working cryptogram while a remaining subset of the HSMs is employed to decrypt the communicated messages encrypted with the first working cryptogram, wherein the subset of the HSMs comprises at least one HSM and the remaining subset of the HSMs comprises at least one different HSM, the subset of the HSMs and the remaining subset of the HSMs being concurrently employed, and wherein the remaining subset of the HSMs is employed to decrypt at least one message communicated before the messages were caused to be encrypted with the second working cryptogram”. 

The cited reference Roth et al. (US PGPUB. # US 2017/0134348) discloses, a security module may be implemented as a hardware security module (HSM) or another security module having some or all capabilities (¶102). The data service can send the cryptographic service an API call that includes the encrypted envelope key (or an identifier for the encrypted envelope key) authentication proof, and an identifier of the master key used to encrypt the envelope key to the cryptographic service. The cryptographic service can determine whether the authentication proof is sufficient to allow the operation and, if the authentication proof is sufficient, decrypt the envelope key. The decrypted envelope key can be sent back to the data service, which can use the key to decrypt the encrypted plaintext. Thus messages communicated from the client device are decrypted. (Fig. 6(614), ¶52). Roth further discloses, messages are encrypted with first working cryptograms that was generated based on a first master key of the HSM. (Fig. 3, ¶41, Fig. 4(412), ¶47). The process 800 also includes generating 814 a key, such as an envelope key. (Fig. 8(814), ¶58). The generated key to encrypt a data object. For example, in an embodiment where the cryptographic service generates the key, the cryptographic service can provide the key, the KeyID, and an encrypted copy of the key to the data service. For example, referring to FIG. 7, the data service frontend may receive the envelope key and the KeyID for the master key used to encrypt the envelope key from the cryptography service with any other relevant information, such as authentication proof. The plaintext copy of the encryption key may then be used to encrypt the data object. Thus messages are encrypted with second key (cryptogram). (Fig. 8(816), ¶59). The cryptography service may provide the decrypted (Fig. 10(1018), ¶63).
The reference by Ma et al. (US PGPUB. # US 2012/0331293) discloses, the packager 104 notifies the client 110 of the key change by prepending a header to the encrypted content which contains a flag that describes the expiration of the previous content encryption key and the content encryption key identifier of the new content encryption key to be applied. (¶33).
Updates search has yielded the following reference:
The reference by Laurence Hamid (US PGPUB. # US 2013/0219164) discloses, the exemplary system can also include a plurality of HSMs 660, such as HSM 660a to HSM 660n. The HSMs can be directly connected within system 600, or can be connected to a multi-HSM appliance. HSMs (e.g., 660) can also be in a single physical location or multiple physical locations. Exemplary system 600 can include any number of other devices or data within memory (e.g., 620). 


None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim 1 under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Claim 9 is a non-transitory computer storage medium claim of above method claim 1 and Claim 17 is a system claim of above method claim 1, and therefore, they are also allowed.
Claims 2 and 4-8 depend on the allowed claim 1, and therefore, they are also allowed.
Claims 10-15 depend on the allowed claim 9, and therefore, they are also allowed.
Claims 18-20 depend on the allowed claim 17, and therefore, they are also allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Jacob et al. (US PGPUB. # US 2019/0149527) discloses, a method for encrypting data when a device is offline is disclosed. In the method, a determination is made as to whether a successful connection with a remote server computer can or cannot be made. If a connection cannot be made, then data can be encrypted with an ephemeral public key. Later, then a connection is available, the encrypted data can be transmitted to the remote server computer for processing. 
 Pesonen et al. (US PGPUB. # US 2017/0324560) discloses, a method and a server for providing transaction keys for a transaction system includes transaction units which use pre-delivered transaction keys, and are provided by a key provisioning server and wherein the transaction key usage is checked by a transaction checking server. A transaction key is derived from a master key of a transaction unit, wherein a varying derivation parameter is used in the step of deriving. The step of deriving comprises a 
Fuller et al. (US PAT. # US 9,722,974) discloses, a re-encryption service module in a multi-tiered encryption system that manages key rotation policies continuously or periodically re-encrypts data. Each encryption tier in the system can include a node programmed to service encryption, decryption, and/or re-encryption requests and a key store to store encryption keys. A computing node that interfaces with a requesting device may include the re-encryption service module. The re-encryption module may receive encrypted data and a key identifier identifying the key used to encrypt the data. The re-encryption module may decrypt the encrypted data using the identified key, retrieve a new key if the identified key is exhausted, and use the new key to encrypt the decrypted data. The key identifier may be updated to identify the new key and the re-encrypted data and the updated key identifier may be transmitted to the requesting device.
Phinney (US PGPUB. # US 2007/0140496) discloses, a method of managing encryption keys creates a new encryption key as a predictable and retrospectively repeatable function of a current encryption key. Information is then encrypted or authenticated using the new encryption key. In one embodiment, the generation of a new encryption key is triggered as a function of the amount of information encrypted or authenticated using the current encryption key. In a further embodiment, the new encryption key is created by using the current encryption key to encrypt a pre-agreed block of information, which may be an appropriate-length representation of the current 
Sugaya (US PGPUB. # US 2016/0374127) discloses, a content based on location information is provided to a mobile terminal The mobile terminal 10 is communicatively connected to an access point related content providing server that includes a storage unit having an access point related content database 250 in which IP addresses and URLs of contents are associated with each other and are stored. The mobile terminal 10 performs a communication with a wireless access point to access a public network, acquires an IP address of the wireless access point, and transmits the acquired IP address to the access point related content providing server. The mobile terminal 10 receives an URL of a content that is associated with the transmitted IP address or location information identified by the transmitted IP address, and acquires the content designated by the received URL. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316.  The examiner can normally be reached on M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/DARSHAN I DHRUV/Examiner, Art Unit 2498