Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2016, is being examined under the first inventor to file provisions of the AIA . 

DETAILED ACTION
This Office Action is in response to the application 16/023,793 filed on 06/29/2018. Claims 1, 8, and 15 have been amended; claims 2-3, 9-10, and 16 have been cancelled. Claims 1, 8, and 15 are independent claims. Claims 1, 7, 8, 14-15, 20 have been examined and are pending. 
Authorization for this Examiner’s Amendment was given via email with Applicant’s representative, Steven L. Wood (Reg. No.: 63,176). Mr. Wood has agreed and authorized the Examiner to amend claims 1, 8, and 15, and cancel claims 2-3, 9-10, and 16.

Examiner’s Amendments
Claims
Replacing claims 1-20 as follows:

1.  (Currently Amended)  A computer-implemented method for providing selective dynamic decryption in a computer network, the method comprising the steps of:
identifying a list of confidential data elements in a database that contain confidential information wherein the confidential data elements comprise columns in at least one table in the database wherein the database is stored within a third party cloud service provider separate from the computer network and wherein the computer network is behind a firewall;
encrypting the confidential data elements in the database wherein each field in the database is encrypted with a different key;
leaving at least some other data elements in the database unencrypted;
storing in a metastore component within the computer network the locations of the confidential data elements in the database;
intercepting from an application in the computer network a query to the database requesting one or more of the encrypted confidential data elements;
querying the database, at the third party cloud service provider, for the encrypted confidential data elements such that the querying comprises transmitting the query through one or more jump hosts that implement encryption in transit;
decrypting the encrypted confidential data elements sent in response to the query, wherein encryption and decryption keys for the confidential data elements are stored on the computer network in the metastore component; and
transmitting to the application the decrypted confidential data elements queried.
	
2.  (Cancelled)  
	3.  (Cancelled)  
	4.  (Cancelled)  
	5.  (Cancelled)  
	6.  (Cancelled)  
	

7.  (Original)  The method of claim 1, wherein the step of identifying confidential data elements in a database that contain confidential information further comprises updating the list according to a risk assessment.

8.  (Currently Amended)  A computer-implemented method for providing selective dynamic encryption in a computer network, the method comprising the steps of:
identifying a list of confidential data elements in a database that contain confidential information wherein the confidential data elements comprise columns in at least one table in the database wherein the database is stored with a third party cloud service provider separate from the computer network and wherein the computer network is behind a firewall;
encrypting the confidential data elements in the database wherein each field in the database is encrypted with a different key;
leaving at least some other data elements in the database unencrypted;
storing in a metastore component within the computer network the locations of the confidential data elements in the database;
intercepting, from an application in the computer network, a query to the database at the third party cloud service provider seeking to add an unencrypted new data element to the database at the location of a confidential data element wherein the query to the database at the third party cloud service provider is transmitted through one or more jump hosts that implement encryption in transit;
encrypting the unencrypted new data element, wherein encryption and decryption keys for the confidential data elements are stored on the computer network in the metastore component; and
transmitting to the database the query to add the encrypted new data element.
	
9.   (Cancelled)  
	10.  (Cancelled)  
	11.  (Cancelled)  

	13. (Cancelled)
  
	14.  (Original)  The method of claim 8, wherein the step of identifying confidential data elements in a database that contain confidential information further comprises updating the list according to a risk assessment.

	15.  (Currently Amended)  A computer-implemented system for providing selective dynamic encryption and decryption in a computer network, the system comprising:
one or more computers in the network;
a database connected to the network, the database being stored with a third party cloud service provider separate from the network and wherein the network is behind a firewall;
a memory to store data from at least one data source; and 
a computer processor that is programmed to: 
identify a list of confidential data elements in the database that contain confidential information wherein the confidential data elements comprise columns in at least one table in the database;
store in the memory the locations of the confidential data elements in the database;
intercept queries from an application to the database on the network;
compare the locations in each query against the locations of the confidential data elements;
store encryption and decryption keys for the confidential data elements in the memory;
encrypt the new data in queries seeking to add new data to the location of a confidential data element and encrypt each field in the database with a different key;
submit the queries to the database at the third party cloud service provider, wherein the queries to the database at the third party cloud service provider further comprise transmitting the request through one or more jump hosts that implement encryption in transit;
decrypt any encrypted confidential data elements returned from the database;
transmit database response to the application.
	
16.  (Cancelled)  
	17.  (Cancelled)  
	18.  (Cancelled)  
	19.  (Cancelled)   
	
20.  (Original)  The system of claim 15, wherein the processor is further programmed to update locations of the confidential data elements in the database according to a risk assessment.





Examiner’s Statement of Reasons for Allowance

Claims 1, 7, 8, 14-15, 20 are allowed. 
The following is an examiner’s statement of reasons for allowance. 
The invention is directed to a system and method for dynamically encrypting and decrypting confidential data fields in a database. According to one embodiment, the invention comprises a method of selective dynamic encryption in a computer network comprising the steps of identifying confidential data elements in a data table (e.g., confidential columns in a table) that contain confidential information; storing in a metastore behind a firewall the locations of the confidential data elements; intercepting a query to the database to add unencrypted confidential data elements; encrypting the unencrypted confidential data elements in computer memory; and transmitting to the 
The invention also relates to computer-implemented system for selective dynamic encryption and decryption, and to a computer readable medium containing program instructions for executing a method for selective dynamic encryption and decryption.
Exemplary embodiments of the invention can provide a number of advantages to a business or organization in need of enhanced data security and computational efficiency. For example, embodiments of the invention allow a user to selectively encrypt only certain columns in a data table that contain sensitive information, thus protecting the most sensitive information that may be stored in a public cloud, but also avoiding decreased computational performance arising from encryption of all data. The system can also execute the encryption and decryption "on the fly" in computer memory, analogous to an executable program running in RAM. This enables seamless data transformations with less input/output (TO) operations, so that the clients are removed from the encryption and decryption process. These and other advantages will be described further in the detailed description below.
The closest prior art include Murray et al. (“Murray,” US 9846784, filed Feb. 26, 2013), Venkatesh et al. (“Venkatesh,” US 20160078088, published Mar. 17, 2016), Herle et al. (“Herle,” US 20150372982, published Dec. 24, 2015) and Tiwari et al. (“Tiwari,” US 20170302916, filed April 14, 2016 are also generally directed to various aspects of a method/system for encrypting and transmitting protected information across a network. 
wherein the database is stored within a third party cloud service provider separate from the computer network and wherein the computer network is behind a firewall; encrypting the confidential data elements in the database wherein each field in the database is encrypted with a different key; leaving at least some other data elements in the database unencrypted; storing in a metastore component within the computer network the locations of the confidential data elements in the database; intercepting from an application in the computer network a query to the database requesting one or more of the encrypted confidential data elements; querying the database, at the third party cloud service provider, for the encrypted confidential data elements such that the querying comprises transmitting the query through one or more jump hosts that implement encryption in transit; decrypting the encrypted confidential data elements sent in response to the query, wherein encryption and decryption keys for the confidential data elements are stored on the computer network in the metastore component; and transmitting to the application the decrypted confidential data elements queried.”

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to void processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.” 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD LONG whose telephone number is (571)272-8961.  The examiner can normally be reached on Monday to Friday, 9 AM - 6 PM EST (Alternate Fridays).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 



/EDWARD LONG/
Examiner, Art Unit 2439



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439