DETAILED ACTION
This office action is in response to applicant’s submission filed on 06/22/2018, which has an effective filing date of 06/05/2018. Claims 1-20 are pending and are directed towards system, method, and computer product for Automated Key and Encryption.  This is Non-Final action.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
1.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
2.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-5, 7-12, and 14-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Agarwal et al. (US Pub. 2017/0004312), hereinafter Agarwal, filed on Jun. 29, 2016.
Regarding claim 1, Agarwal teaches a method comprising: 
storing, by an encryption system, a first key policy in association with a first key and a second key policy in association with a second key (para 34, line 1-10 and para 47, line 1-12; data encryption service manages and stores data encryption of resources including encryption key policies specifying the encryption keys to be used in encrypting application data); 
determining a remote machine stores a first application affected by the first key policy and a second application affected by the second key policy, the first application utilizing the first key to encrypt first data, and the second application utilizing the second key to encrypt second data (Fig. 1 and para 47, line 1-12 and para 51, line 1-10; application hosting systems 110 may be a computing device such as a laptop or wearable computer and includes cryptographic policies that specify a particular cryptographic algorithm or key to secure portions of the application for multiple applications); 
determining the first key of the first application is non-compliant with the first key policy (para 131, line 1-23; data encryption service determine that an 
in response to the determining that the first key of the first application is non-compliant with the first key policy, sending a request to deploy a third key (para 131, line 1-23 and para 150, line 1-14; data encryption service includes a monitoring and alert service that sends a request to issue a renewed encryption key for the encryption key not renewed or updated appropriately); and
receiving a first response at the encryption system, the first response including a result of the request to deploy the third key (para 142, line 1-12 and 144, line 1-19; the monitoring and alert service of the data encryption service provides the key updates and stores the identified encryption key for use with the application in the encryption object metadata extraction engine 1738).
Regarding claim 2, Agarwal teaches method of claim 1.
Agarwal teaches determining the second key is non-compliant with the second key policy (para 131, line 1-23; data encryption service determine that an encryption key is not renewed and/or updated appropriately using the encryption key policies applicable to each application); 
in response to the determining that the second key of the second application is non-compliant with the second key policy (para 131, line 1-23; data 
identifying an exception associated with the second application (para 148, line 1-27 and para 155, line 1-11; monitoring and alert engine 1740 monitors the rules for the attributes of an encryption key for an application with a predetermined roll over date); 
suppressing a second request based on the exception (para 148, line 1-24 and para 155, line 1-11; monitoring and alert engine 1740 does not generate an alert if the roll over date of an encryption key for application is not over the predetermined roll over date).
Regarding claim 3, Agarwal teaches method of claim 1.
Agarwal teaches receiving a change to an attribute of a key defined by the first key policy (para 161, line 1-12; generate a set of rules, specifying a set of conditions for the encryption key policies applicable to an application, to be applied to an identified attribute); 
determining the remote machine that stores the first application affected by the first key policy, in response to the change to the attribute of the key defined by the first key policy (para 51, line 1-10 and para 161, line 1-12; generate 
updating the first key utilized by the first application based on the change to the attribute of the key defined by the first key policy (para 155, line 1-11 and para 161, line 1-12; updating an encryption key based on the generated a set of rules, specifying a set of conditions for the encryption key policies applicable to an application, to be applied to an identified attribute).
Regarding claim 4, Agarwal teaches method of claim 3.
Agarwal teaches the attribute of the key is any one of: key length, symmetry or asymmetry of the key, or an algorithm to generate the key (para 144, line 1-17; encryption key may have multiple attributes, such as size of the encryption key).
Regarding claim 5, Agarwal teaches method of claim 1.
Agarwal teaches in response to the determining that the first key of the first application is non-compliant with the first key policy (para 131, line 1-23 and para 150, line 1-14; data encryption service includes a monitoring and alert service that sends a request to issue a renewed encryption key for the encryption key not renewed or updated appropriately): 

deploying the third key to the remote machine (para 51, line 1-10 and para 142, line 1-12 and 144, line 1-19; the monitoring and alert service of the data encryption service provides the key updates to application hosting systems 110, which may be a computing device such as a laptop or wearable computer).
Regarding claim 7, Agarwal teaches method of claim 1.
Agarwal teaches the determining the first key of the first application is non-compliant with the first key policy includes: detecting an expiration event associated with the first key (para 131, line 1-23; data encryption service determine that an encryption key is not periodically renewed and/or updated appropriately using the encryption key policies applicable to each application).
Regarding claim 8, Agarwal teaches method of claim 1.
Agarwal teaches the expiration event includes an expiration of a temporal period associated with the first key (para 131, line 1-23; data encryption service determine that an encryption key is not periodically renewed and/or updated appropriately by monitoring the encryption key lifecycle).
Regarding claim 9, Agarwal teaches a system comprising: 

a non-transitory memory storing instructions that configure the one or more processors to perform operations (para 43, line 14-17; non-transitory computer-readable medium may store instructions executed by a processor) comprising: 
storing, by an encryption system, a first key policy in association with a first key and a second key policy in association with a second key (para 34, line 1-10 and para 47, line 1-12; data encryption service manages and stores data encryption of resources including encryption key policies specifying the encryption keys to be used in encrypting application data); 
identifying first data stored on a remote machine encrypted by the first key; 30WO 2019/232692PCT/CN2018/089928identifying second data stored on the remote machine encrypted by the second key, the first key different than the second key (para 47, line 1-12 and para 51, line 1-10 and para 54, line 1-10; application hosting systems 110 may be a computing device such as a laptop or wearable computer and includes cryptographic policies that specify a particular cryptographic algorithm or key to secure portions of the application for multiple applications, where the encryption key may be different for certain applications); 

in response to determining the first key is not compliant with the first key policy, sending a request to deploy a third key (para 131, line 1-23 and para 150, line 1-14; data encryption service includes a monitoring and alert service that sends a request to issue a renewed encryption key for the encryption key not renewed or updated appropriately); and 
receiving a first response at the encryption system, the first response including a result of the request to deploy the third key (para 142, line 1-12 and 144, line 1-19; the monitoring and alert service of the data encryption service provides the key updates and stores the identified encryption key for use with the application in the encryption object metadata extraction engine 1738).
Regarding claim 10, Agarwal teaches system of claim 9.
Agarwal teaches receiving a change to an attribute of a key defined by the first key policy (para 161, line 1-12; generate a set of rules, specifying a set of conditions for the encryption key policies applicable to an application, to be applied to an identified attribute); 

updating the first key utilized by the first application based on the change to the attribute of the key defined by the first key policy (para 155, line 1-11 and para 161, line 1-12; updating an encryption key based on the generated a set of rules, specifying a set of conditions for the encryption key policies applicable to an application, to be applied to an identified attribute).
Regarding claim 11, Agarwal teaches system of claim 10.
Agarwal teaches the attribute of the key is any one of: key length, symmetry or asymmetry of the key, or an algorithm to generate the key (para 144, line 1-17; encryption key may have multiple attributes, such as size of the encryption key).
Regarding claim 12, Agarwal teaches system of claim 9.
Agarwal teaches in response to the determining that the first key of the first application is non-compliant with the first key policy (para 131, line 1-23 and 
generating the third key at the encryption system (para 142, line 1-12 and 144, line 1-19; the monitoring and alert service of the data encryption service performs and provides the key updates); and 
deploying the third key to the remote machine (para 51, line 1-10 and para 142, line 1-12 and 144, line 1-19; the monitoring and alert service of the data encryption service provides the key updates to application hosting systems 110, which may be a computing device such as a laptop or wearable computer).
Regarding claim 14, Agarwal teaches system of claim 9.
Agarwal teaches the determining the first key of the first application is non-compliant with the first key policy includes: detecting an expiration event associated with the first key (para 131, line 1-23; data encryption service determine that an encryption key is not periodically renewed and/or updated appropriately using the encryption key policies applicable to each application).
Regarding claim 15, Agarwal teaches system of claim 14.
Agarwal teaches the expiration event includes an expiration of a temporal period associated with the first key (para 131, line 1-23; data encryption service 
Regarding claim 16, Agarwal teaches a non-transitory machine-readable storage medium including instructions that, when executed by a machine, cause the machine to perform operations comprising (para 43, line 14-17; non-transitory computer-readable medium may store instructions executed by one or more processing units):
storing, by an encryption system, a first key policy in association with a first key and a second key policy in association with a second key (para 34, line 1-10 and para 47, line 1-12; data encryption service manages and stores data encryption of resources including encryption key policies specifying the encryption keys to be used in encrypting application data); 
determining a remote machine stores a first application affected by the first key policy and a second application affected by the second key policy, the first application utilizing the first key to encrypt first data, and the second application utilizing the second key to encrypt second data (Fig. 1 and para 47, line 1-12 and para 51, line 1-10; application hosting systems 110 may be a computing device such as a laptop or wearable computer and includes cryptographic policies that 
determining the first key of the first application is non-compliant with the first key policy (para 131, line 1-23; data encryption service determine that an encryption key is not renewed and/or updated appropriately using the encryption key policies applicable to each application); 
in response to the determining that the first key of the first application is non-compliant with the first key policy, sending a request to deploy a third key; and (para 131, line 1-23 and para 150, line 1-14; data encryption service includes a monitoring and alert service that sends a request to issue a renewed encryption key for the encryption key not renewed or updated appropriately)
receiving a first response at the encryption system, the first response including a result of the request to deploy the third key (para 142, line 1-12 and 144, line 1-19; the monitoring and alert service of the data encryption service provides the key updates and stores the identified encryption key for use with the application in the encryption object metadata extraction engine 1738).
Regarding claim 17, Agarwal teaches computer product of claim 16.
Agarwal teaches determining the second key is non-compliant with the second key policy (para 131, line 1-23; data encryption service determine that an 
in response to the determining that the second key of the second application is non-compliant with the second key policy (para 131, line 1-23; data encryption service determine that an encryption key is not renewed and/or updated appropriately using the encryption key policies applicable to each application): 
identifying an exception associated with the second application (para 148, line 1-27 and para 155, line 1-11; monitoring and alert engine 1740 monitors the rules for the attributes of an encryption key for an application with a predetermined roll over date); 
suppressing a second request based on the exception (para 148, line 1-24 and para 155, line 1-11; monitoring and alert engine 1740 does not generate an alert if the roll over date of an encryption key for application is not over the predetermined roll over date).
Regarding claim 18, Agarwal teaches computer product of claim 16.
Agarwal teaches receiving a change to an attribute of a key defined by the first key policy (para 161, line 1-12; generate a set of rules, specifying a set of 
determining the remote machine that stores the first application affected by the first key policy, in response to the change to the attribute of the key defined by the first key policy (para 51, line 1-10 and para 161, line 1-12; generate a set of rules, specifying a set of conditions for the encryption key policies applicable to an application of a computing device, to be applied to an identified attribute); and 29WO 2019/232692PCT/CN2018/089928 
updating the first key utilized by the first application based on the change to the attribute of the key defined by the first key policy (para 155, line 1-11 and para 161, line 1-12; updating an encryption key based on the generated a set of rules, specifying a set of conditions for the encryption key policies applicable to an application, to be applied to an identified attribute).
Regarding claim 19, Agarwal teaches computer product of claim 18.
Agarwal teaches the attribute of the key is any one of: key length, symmetry or asymmetry of the key, or an algorithm to generate the key (para 144, line 1-17; encryption key may have multiple attributes, such as size of the encryption key).
Regarding claim 20, Agarwal teaches computer product of claim 16.

generating the third key at the encryption system (para 142, line 1-12 and 144, line 1-19; the monitoring and alert service of the data encryption service performs and provides the key updates); and 
deploying the third key to the remote machine (para 51, line 1-10 and para 142, line 1-12 and 144, line 1-19; the monitoring and alert service of the data encryption service provides the key updates to application hosting systems 110, which may be a computing device such as a laptop or wearable computer).
Claim Rejections - 35 USC § 103
4.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 6 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Agarwal in view of White et al. (US Pub. 2016/0269364), hereinafter White, filed on Mar. 11, 2016.
Regarding claim 6, Agarwal teaches method of claim 5.
Agarwal does not teach the first response further comprises failure information associated with the deploying of the third key to the remote machine.
White teaches the first response further comprises failure information associated with the deploying of the third key to the remote machine (para 55, line 1-9 and para 59, line 1-10; encryption key management involving an applied key management device 110 and a target device 150b may result in a failure message and/or cause of unsuccessful encryption key transaction).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Agarwal to incorporate the teachings of White to provide a result in a failure message and/or cause of unsuccessful encryption key transaction.  Doing so would allow for generation, management, and distribution of applied key management of security objects, as recognized by White.
Regarding claim 13, Agarwal teaches system of claim 12.

White teaches the first response further comprises failure information associated with the deploying of the third key to the remote machine (para 55, line 1-9 and para 59, line 1-10; encryption key management involving an applied key management device 110 and a target device 150b may result in a failure message and/or cause of unsuccessful encryption key transaction).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Agarwal to incorporate the teachings of White to provide a result in a failure message and/or cause of unsuccessful encryption key transaction.  Doing so would allow for generation, management, and distribution of applied key management of security objects, as recognized by White.
Conclusion
6.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
	The following are the related patents and applications: Leach (US Pub. 2008/0091955) discloses a cryptography module in communication with a

module rotates the data in the database; Perkins et al. (US Pub. 2008/0319909) discloses automatically managing the lifecycle of encryption keys that generate, maintain, replace, and destroy encryption keys; Reilly et al. (US Pub. 2011/0293096) discloses A key manager provides a way to separate out the management of encryption keys and policies from application domains.
7.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/NHAN HUU NGUYEN/Examiner, Art Unit 2492

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492