DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of 
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. 
Claims 6-13 and 21-32 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over Claims 1-20 of U.S. Patent 10,404,452. Although the claims at issue are not identical, they are not patentably distinct from each other because aside from a few minor differences, these claims contain the same limitations and perform the same functions.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 6, 10-11, 21, 24-25, 27, and 30-31 are rejected under 35 U.S.C. 103 as being unpatentable over Roth et al., (US 20140380054 A1) hereinafter referred to as Roth in view of Mulholland et al., (US 20050222946 A1) hereinafter referred to as Mulholland.
Regarding Claims 6, 21, and 27, Roth discloses A computer implemented method, comprising: obtaining, from a service, data encryption keys for respective message containers, wherein the service obtained the data encryption keys from a key management service; [paragraph 0046, in embodiments where customer keys are stored in encrypted form in a data storage service, the request processing system 304 may submit API calls to the data storage service to obtain customer keys when needed] 
encrypting message data for the respective messages with a respective encryption key [paragraph 0019, The system may additionally, pursuant to the instructions, receive data encrypted using the cryptographic key, wherein the data encrypted using the cryptographic key additionally being encrypted using a client key. Upon receipt of the data encrypted using the cryptographic key, the system may, pursuant to the instructions, perform one or more operations in connection with the encrypted data, such as by persistently storing the encrypted data in one or more data storage devices – the data are the messages which are encrypted] 
of the data encryption keys obtained by the service from the key management service, [paragraph 0046, in embodiments where customer keys are stored in encrypted form in a data storage service, the request processing system 304 may submit API calls to the data storage service to obtain customer keys when needed] 
the respective data encryption keys associated with the respective message containers in which the respective message is to be added; [paragraph 0019, The system may, pursuant to the instructions, send, in response to the request, a cryptographic key encrypted using at least a key controlled by a service provider operating the one or more computer systems – the key controlled by the service provider is not a client key and is the “data encryption key”] [paragraph 0079, Further, a system (e.g. service provider system) may use AAD to enforce policy. For instance, one or more values in the metadata (e.g., IP address, identity, logical data container identifier of logical data container used to store data, etc.) – the data containers are the message containers] 
and transmitting the encrypted respective message data and a respective version of the data encryption key to storage for each of the respective messages. [paragraph 0019, The operations may include receiving, from a client (such as a computing device of a customer of a computing resource service provider), a request to perform a cryptographic operation using a first key specified in the request…The system may additionally, pursuant to the instructions, receive data encrypted using the cryptographic key, wherein the data encrypted using the cryptographic key additionally being encrypted using a client key. Upon receipt of the data encrypted using the cryptographic key, the system may, pursuant to the instructions, perform one or more operations in connection with the encrypted data, such as by persistently storing the encrypted data in one or more data storage devices]
Roth does not explicitly teach receiving requests from clients to add respective messages to the respective message containers.
Mulholland teaches receiving requests from clients to add respective messages to the respective message containers; paragraph 0024, Such a participant is the resource of the messaging service which then, as part of its rollback processing, replaces (215) the message msg1 202 onto the message queue 201 – the message service is a queue-based message service and the replacing of messages in the queue is the adding of messages into the queue] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Mulholland with the disclosure of Roth. The motivation or suggestion would have been for correct processing of a message. (paragraph 001 and throughout)
Regarding Claims 10, 24, and 30, Roth discloses wherein at least one of the data encryption keys obtained from the service is encrypted with a customer-managed key or a key selected from an existing account of the customer. [paragraph 0047, when a customer requests that a cryptographic operation be performed using a key identified by a KeyID, the encrypted customer key identified by the KeyID may be provided to a security module that can use the domain key to decrypt the customer key and use the decrypted customer key to perform the requested operation using the decrypted customer key]
Regarding Claims 11, 25, and 31, Roth discloses further comprising: prior to said obtaining the data encryption keys from the service: receiving, by the service, a request for the data encryption keys; determining, by the service, that the requested data encryption keys are not stored in a cache local to the service; sending, by the service, a request to the key management service to generate the data encryption keys; receiving, by the service, the respective data encryption keys from the key management service; [paragraph 0039, When the cryptography service receives a ReKey(Ciphertext, OldKeyID, NewKeyID) request, it may use a key identified by the OldKeyID to decrypt the specified ciphertext and then use a key identified by the NewKeyID to encrypt the decrypted ciphertext. If a key identified by the NewKeyID does not yet exist, the cryptography service may generate a key to use and associate the generated key with the specified NewKeyID, such as described in connection the Create(KeyID) request described above – the discovery that a key does not exist would include determining that the key is not stored in a local cache] 
storing, by the service, the received data encryption keys in the cache local to the service; [paragraph 0046, The cryptography service may also store customer keys in encrypted form in a local data storage system] 
and transmitting, by the service in response to the request, the received data encryption keys. [paragraph 0039, In some embodiments, a policy might permit a rekey operation to be performed on a ciphertext but might not permit the same requestor to directly decrypt the ciphertext.- teaches that in some embodiments, a policy might prevent the “requestor to directly decrypt the ciphertext”. This indicates that in other embodiments, the requestor is able to directly decrypt the ciphertext and in order to do this, would need to receive the transmitted decryption key]

Claims 7, 22, and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Roth in view of Mulholland, as applied to Claims 6, 21, and 27, respectively, above, and further in view of Alaranta et al., (US 20140181517 A1) hereinafter referred to as Alaranta.
Regarding Claims 7, 22, and 28, Roth discloses wherein the service includes a metadata service; [paragraph 0079, Further, a system (e.g. service provider system) may use AAD to enforce policy. For instance, one or more values in the metadata (e.g., IP address, identity, logical data container identifier of logical data container used to store data, etc.) can be used to determine whether decryption is allowed by one or more policies that are based at least in part on the values] 
and wherein the metadata service is configured to perform: for a given data encryption key of the data encryption keys, requesting the given data encryption key from the key management service [paragraph 0035, A CreateKey(KeyID) request, in an embodiment, causes the cryptography service to create a key identified by the KeyID identified in the request. Upon receipt of a request, the cryptography service may generate a key and associate the key with the KeyID – the KeyID is the metadata] 
and storing the requested data encryption key in a cache local to the metadata service. [paragraph 0046, The cryptography service may also store customer keys in encrypted form in a local data storage system]
The combination of Roth and Mulholland does not explicitly teach at startup of the metadata service.
Alaranta teaches at startup of the metadata service; [paragraph 0092, Applications on newly started Amazon instances can request the data encryption key… Applications should receive the key during startup and can cache the received key in memory for performance] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Alaranta with the disclosures of Roth and Mulholland. The motivation or suggestion would have been to enhance performance. (paragraph 0092)

Claims 8-9, 23, and 29 are rejected under 35 U.S.C. 103 as being unpatentable over Roth in view of Mulholland in view of Alaranta, as applied to Claims 7, 22, and 28, respectively, above, and further in view of Zhang et al., (US 20060133614 A1) hereinafter referred to as Zhang.
Regarding Claims 8, 23, and 29, the combination of Roth, Mulholland, and Alaranta does not explicitly teach the method further comprising: obtaining, via a graphical user interface element or an application program interface, a period of time associated with rotating a given data encryption key; storing an expiration time for the given data encryption key in accordance with the period of time; and enforcing the expiration time, wherein enforcing includes preventing encryption of a message associated with the given data encryption key.
Zhang teaches the method further comprising: obtaining, via a graphical user interface element or an application program interface, a period of time associated with rotating a given data encryption key; storing an expiration time for the given data encryption key in accordance with the period of time; [paragraph 0023, As shown in the example of FIG. 2, the station key is initially K1 (204), and upon expiration of the key refresh interval – the key refresh interval is the expiration time for the key] [paragraph 0024, On key rotation, the AP 110 maintains and saves the last used key Kold and the new key Kcurrent (202)]
and enforcing the expiration time, wherein enforcing includes preventing encryption of a message associated with the given data encryption key. [paragraph 0027, In a short time the STA also updates its key and starts using K2 (226) as its station key. The STA will then send (228) an encrypted packet using key K2. The AP is now able to decrypt the packets using Kcurrent (230). As soon as the AP receives the first correctly encrypted packet, it resets Csync=0, and sets Kold=Kcurrent (230). This process ensures that a malicious user who was able to deduce key K1 is unable to access the AP at the expiration of the key refresh period – the expired key, K1, is now unusable]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Zhang with the disclosures of Roth, Mulholland, and Alaranta. The motivation or suggestion would have been to ensure no lost data during key rotation. (paragraphs 0023-0028)
Regarding Claim 9, the combination of Roth, Mulholland, and Alaranta does not explicitly teach further comprising: prior to said preventing encryption of the message associated with the given data encryption key, providing a grace period comprising a time period between initiation of generation of a new data encryption key and the expiration time for the given data encryption key; wherein during the grace period, messages associated with the expired data encryption key are encrypted and stored to persistent storage using the expired data encryption key.
Zhang teaches further comprising: prior to said preventing encryption of the message associated with the given data encryption key, providing a grace period comprising a time period between initiation of generation of a new data encryption key and the expiration time for the given data encryption key; wherein during the grace period, messages associated with the expired data encryption key are encrypted and stored to persistent storage using the expired data encryption key. [paragraph 0025, At step 212, or the expiration of a key refresh interval (key rotation interval), the AP generates new key K2, sets Kold=K1 and Kcurrent=K2. The AP sends key K2 (214) to the STA after it is generated and while the previous link using key K1 is still in tact] [paragraph 0026, An out-of-sync condition arises when the AP has started using key K2 while the STA is still using key K1. In other words, all of the packets being sent from the STA (218) to the AP are encrypted with station key K1.– K1 is the old or expired key however, it is still the intact and active key for the “previous link using key K1”. Therefore, even though it’s expired, it is still intact for this link while the new key is being established as the new encryption key] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Zhang with the disclosures of Roth, Mulholland, and Alaranta. The motivation or suggestion would have been to ensure no lost data during key rotation. (paragraphs 0023-0028)

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Roth in view of Mulholland, as applied to Claim 6, above, and further in view of Acar et al., (US 20130259234 A1) hereinafter referred to as Acar.
Regarding Claim 12, the combination of Roth and Mulholland does not explicitly teach further comprising: prior to said receiving requests from the clients to add respective messages to the respective message containers: determining that one or more of the data encryption keys of the respective data encryption keys is not stored in a local cache; sending a request to the service to obtain the one or more data encryption keys; receiving the one or more data encryption keys from the service; and storing the one or more received data encryption keys in the local cache.
Acar teaches further comprising: prior to said receiving requests from the clients to add respective messages to the respective message containers: determining that one or more of the data encryption keys of the respective data encryption keys is not stored in a local cache; [paragraph 0038, the DKM client node 304 looks for the appropriate DKM key on its local store. In the example protocol flow 300, the DKM client node 304 does not have the appropriate DKM key stored locally]
sending a request to the service to obtain the one or more data encryption keys; [paragraph 0039, Because the DKM client node 304 does not have the appropriate DKM key, the DKM client node 304 sends a request for the DKM key to a server node 306 (e.g., a DKM storage node)] 
receiving the one or more data encryption keys from the service; [paragraph 0043, the server node 306 retrieves the DKM key from its local store, performs a remote bind DKM information, and sends the requested DKM key (along with the related key policy) to the DKM client node 304] 
and storing the one or more received data encryption keys in the local cache. [paragraph 0043, The DKM client node 304 stores the DKM key in its local store] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Acar with the disclosures of Roth and Mulholland. The motivation or suggestion would have been for distributed key management. (paragraph 0002)

Claims 13, 26, and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Roth in view of Mulholland, as applied to Claims 6, 21, and 27, respectively, above, and further in view of Brett et al., (US 20050276415 A1) hereinafter referred to as Brett.
Regarding Claims 13, 26, and 32, the combination of Roth and Mulholland does not explicitly teach further comprising: subsequent to determining, based at least in part on an expiration associated with the data encryption key or a number of messages associated with the data encryption key, that a data encryption key in a local cache is inactive: sending a request to the service to obtain an active data encryption key to replace the inactive data key; receiving the requested active data encryption key from the service; and storing the received active data encryption key in the cache local to the service.
Brett teaches further comprising: subsequent to determining, based at least in part on an expiration associated with the data encryption key or a number of messages associated with the data encryption key, that a data encryption key in a local cache is inactive: sending a request to the service to obtain an active data encryption key to replace the inactive data key; receiving the requested active data encryption key from the service; and storing the received active data encryption key in the cache local to the service. [Abstract, The method further provides for requesting a new MEK before the current MEK expires based on its associated expiration time, receiving the new MEK, and continuing to decrypt the encrypted media based on a received MEK indication flag (MIF) that indicates whether the encrypted media is encrypted using the current MEK or the new MEK – the new key is requested based on the expiration date of the current key which would make it inactive] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Brett with the disclosures of Roth and Mulholland. The motivation or suggestion would have been for distributing encryption keys. (paragraph 0001)

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW J STEINLE whose telephone number is (571)272-9923.  The examiner can normally be reached on M-F 10am-6pm CT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ANDREW J STEINLE/Primary Examiner, Art Unit 2497