DETAILED ACTION
The following claims are pending in this office action: 1-15
The following claims are amended: 1, 6, and 11 
Claims 1-15 are rejected. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 6-7 and 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Hamel et al., (US Pub. 2018/0062835) (hereinafter “Hamel”), in view of Mehr (US Patent No. 9,973,481) (hereinafter “Mehr”), in view of Freeman et al. (US Pub. 2009/0006851) (hereinafter “Freeman”), and in view of Kinoshita (US Pub. 2009/0214044) (hereinafter “Kinoshita”).  
As per claim 1, Hamel teaches receiving in memory of a computer from over a computer communications network, by an encryption process, a customer master key for a corresponding instance of a computer program executing remotely over the computer communications network; ([Hamel, para. 0025; para. 0040; and para. 0041] a memory is coupled to a processor, and the system is connected via a secure network connection.  The key release system may exist in the customer’s data center.  The hardware security module of the key release system comprises a customer key)
([Hamel, para. 0034] the tenant [customer client] has a tenant service key which corresponds to each tenant used to encrypt data for every encryption operation.  [Para. 0042] the tenant master key also corresponds to the number of tenants, and so is also used by the tenant to encrypt data for every encryption operation.  [Para. 0042] the creation of every new tenant master key is triggered by the customer sending to key management system, the customer master key, and so, the tenant master key is associated with the customer master key.  This is substantially similar to how the KEK is associated with the CMK in the instant application [see, instant application, para. 0025; Fig. 3A -  the KEK is associated with the CMK by means of the key management server providing the KEK for the customer that provides the CMK for every encryption operation]) 
storing the encrypted form of the key encryption key in a database for the computer program;  ([Hamel, para. 0035] a request for the release of an encryption key to the secure data is initiated by a user.  An encrypted tenant master key … (is) received.   In some embodiments, the encrypted keys are stored in an encrypted key database)
subsequently receiving from the instance of the computer program in the encryption process, unencrypted data to be stored in the database for the computer program; and ([Hamel, para. 0027] the processor is configured to receive a request associated with securely storing data... )
responding to the receipt of the unencrypted data by the encryption process by: ([Hamel, para. 0049; Fig. 2B] the system receives unencrypted data as part of a request to store data)
generating a data key using a randomly generated key; ([Hamel, para. 0049] for example, a tenant service key [data key using a randomly generated key] is generated [e.g., randomly, using entropy from an HSM, using a hash function of the data, or any other appropriate key generation technique] and used to encrypt the data for secure storage)
encrypting the data key with the key encryption key stored in the database for the computer program; ([Hamel, para. 0030; Fig. 2B] the tenant service key is then encrypted using a tenant master key [the key encryption key] which is stored in the key repository – the database for the customer database [see para. 0040])
encrypting the received unencrypted data with the data key ([Hamel, para. 0030; Fig. 2B] encrypting the data using multiple keys.  The repository data is encrypted using a tenant service key)
generating a first hash message authentication code using the key encryption key and the customer master key; ([Hamel, para. 0052] the key management system generates a hash [a first hash message authentication code] of the request context as a unique identifier.  [Para. 0093] the request context includes an encrypted tenant master key [key encryption key] that is encrypted using the customer master key [as the hash is of the request context, and the request context uses the KEK and the CMK, the hash uses the KEK and the CMK])
Hamel does not explicitly teach creating an encrypted data envelope with the encrypted data key and the encrypted data, and returning to the instance of the computer program, only the encrypted data envelope without returning the data key.
	However, Mehr teaches creating an encrypted data envelope with the encrypted data key, [the first hash message authentication code,] and the encrypted data; and ([Mehr, Fig. 3] Encrypt a message with a DEK, Store the Encrypted DEK, Generate a DEK Reference [the encrypted data key], Place the DEKR in an envelope [the encrypted data envelope] with the encrypted data. The encrypted data envelope including a first hash message authentication code is taught later)
([Mehr, Fig. 3; Col. 8 ln. 27-30] The recipient receives the envelope containing the DEKR and the encrypted message)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hamel with the teachings of Mehr to include the additional elements of creating an encrypted data envelope with the encrypted data key and the encrypted data, and returning to the instance of the computer program, only the encrypted data envelope without returning the data key.  One of ordinary skill in the art would have been motivated to make this modification because this allows the contents of the data envelope to be protected even if compromised, by denying an attacker direct access to the data key (Mehr, Col. 3, ln. 24-29).  
Hamel in view of Mehr does not teach creating an encrypted data envelope with the first hash message authentication code.  
However, Freeman teaches creating an encrypted data envelope with the first hash message authentication code.  ([Freeman, para. 0026] the message envelope comprising encrypted MSG content [the encrypted message], the encrypted content encryption key used to decrypt the content [the encrypted data key], and a hash of a confidential mail token as authentication [the first hash message authentication code].  The first hash message authentication code using the key encryption key and the customer master key was taught by Hamel above)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hamel with the teachings of Freeman to include creating an encrypted data envelope with the first hash message authentication code.  One of ordinary skill in the art would have been motivated to make this modification because this modification allows the receiver to verify the integrity of the encrypted data key (Freeman, para. 0023; Fig. 4).  
from the key management service that is separate from the encryption process, both an unencrypted form of the key encryption key and an encrypted form of the key encryption key.
However, Kinoshita teaches receiving, in the memory of the computer in response from the key management service that is separate from the encryption process, both an unencrypted form of the key encryption key and an encrypted form of the key encryption key. ([Kinoshita, para. 0126; para. 0128; Fig. 10] In response to a request, at step 1202 the file encryption program [the memory of the computer, separate from the encryption process] receives the KEK and the identification information of the KEK from the key management service program 414 [the key management service].  [Para. 0097, Fig. 10] the Key ID is a look-up-table identification value that corresponds to the actual KEK value, and is an encrypted KEK)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hamel with the teachings of Kinoshita to include receiving, in the memory of the computer in response from the key management service that is separate from the encryption process, both an unencrypted form of the key encryption key and an encrypted form of the key encryption key.  One of ordinary skill in the art would have been motivated to make this modification because doing so allows other software programs to find the proper key encryption key at a later date without compromising security (Kinoshita, para. 0072; para. 0005).  

As per claim 2, Hamel, in view of Mehr, Freeman, and Kinoshita teaches claim 1.  
Hamel also teaches retrieving the key encryption key from the database; ([Hamel, para. 0035] A request for the release of an encryption key to the secure data is initiated by a user.  An encrypted tenant master key [or key encryption key] … [is] received)
([Hamel, para. 0028] the processor is further configured to decrypt the encrypted tenant service key p using the unencrypted tenant master key)
decrypting the encrypted data with the data key to produce the unencrypted data; and ([Hamel, para. 0030] Decrypting the… data requires decrypting the secure data with the tenant service key)
Hamel does not teach receiving from the instance of the computer program in the encryption process, a decryption request in respect to the encrypted data envelope; and, responding to the receipt of the encrypted data envelope by the encryption process by: splitting the encrypted data envelope into the encrypted data key and the encrypted data, and returning to the instance of the computer program, the unencrypted data.  
However, Mehr teaches receiving from the instance of the computer program in the encryption process, a decryption request in respect to the encrypted data envelope; and ([Mehr, Fig. 3; Col. 8 ln. 27-30] The recipient receives the envelope containing the DEKR and the encrypted message)
responding to the receipt of the encrypted data envelope by the encryption process by: ([Mehr, Col. 6 ln. 47-49] when the recipient receives the envelop-encrypted message)
splitting the encrypted data envelope into the encrypted data key and the encrypted data; ([Mehr, Col. 6 ln. 47-49] the DEKR and the DEK-encrypted data are extracted from the envelope)
returning to the instance of the computer program, the unencrypted data. ([Mehr, col. 14, ln. 22-25] DEK [unencrypted data key] decrypts the encrypted data, the resulting plaintext [unencrypted data] is sent to the client [the instance of the computer program])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hamel with the teachings of Mehr to include the additional elements of receiving from the instance of the computer program in the encryption process, a decryption request in respect to the encrypted data envelope; and, responding to the receipt of the encrypted data envelope using the envelope allows the entirety of the encryption to be done server side, and server-side encryption can sometimes provide higher cryptography performance (Mehr, Col. 1, ln. 39-41).  

As per claim 6, this claim recites a data processing system adapted to perform steps comprising the steps disclosed in the method of claim 1, has claim language that is identical or substantially similar to that of claim 1, and thus is rejected with the same rationale applied against claim 1.   

As per claim 7, the claim language is identical or substantially similar to that of claim 2. Therefore, it is rejected under the same rationale applied to claim 2

As per claim 11, this claim recites a computer program that is programmed to operate according to the steps disclosed in the method of claim 1, has claim language that is identical or substantially similar to that of claim 1, and thus is rejected with the same rationale applied against claim 1.   

As per claim 12, the claim language is identical or substantially similar to that of claim 2. Therefore, it is rejected under the same rationale applied to claim 2.  

Claims 3-4, 8-9, and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Hamel in view of Mehr, in view of Freeman, and in view of Kinoshita as applied to claims 1, 6, and 11 above and further in view of Wisniewski et al. (US Pub. 2020/0053065) (hereinafter “Wisniewski”)


Hamel also teaches encrypting the key encryption key with the database master key ([Hamel, para. 0116] each tenant master key [or Key Encryption Key] is encrypted with a customer generated key.  Such key may be a Database Master Key)
returning to the requestor an indication of success, [the requestor creating a backup of the database including the database master key encrypted key encryption key] ([Hamel, para. 0126] In some embodiments, the customer receives a notification on key rotation.  The requestor creating a backup of the database including the database master key encrypted key encryption key will be taught later)
Hamel does not teach generating a transportable backup of the database by: receiving from a requestor of a transportable backup, an encrypted form of a database master key, requesting the key management service to decrypt the encrypted form of the database master key and receiving in return, the database master key, storing the database master key encrypted key encryption key in the database, and the requestor creating a backup of the database including the database master key encrypted key encryption key.  
However, Wisniewski teaches generating a transportable backup of the database by: ([Wisniewski, para. 0045] the cloud storage monitoring service may orchestrate offline backups for the cloud storage)
receiving from a requestor of a transportable backup, an encrypted form of a database master key; ([Wisniewski, para. 0048] tenants of the database may provide keys [BYOK DEKs or the database master key]…. Which may be encrypted by a first KEK to become an encrypted DEK)
requesting the key management service to decrypt the encrypted form of the database master key and receiving in return, the database master key, ([Wisniewski, para. 0051] the set of HSMs may then retrieve each BYOK DEK encrypted with the first KEK, decrypt each of the BYOK DEKs encrypted by using the first KEK)
storing the database master key encrypted form of the key encryption key in the database; and ([Wisniewski, para. 0051] using a different encryption key, the DEK is encrypted, [the database master key encrypted form of the key encryption key] transmitted, and stored in the database.  The using a tenant master key [key-encrypted-key] for the encryption process instead of a DEK and encrypting the tenant master key using a customer generated key was taught by Hamel above)
the requestor creating a backup of the database including the database including the database master key encrypted form of the key encryption key.  ([Wisniewski, para. 0046] the cloud storage may store offline backups of data from the database. The data may be encrypted a second time (e.g., using a backup key stored in the HSMs) before being written to the cloud storage)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hamel with the teaching of Wisniewski to include the additional elements of generating a transportable backup of the database by: receiving from a requestor of a transportable backup, an encrypted form of a database master key, requesting the key management service to decrypt the encrypted form of the database master key and receiving in return, the database master key, storing the database master key encrypted key encryption key in the database, and the requestor creating a backup of the database including the database master key encrypted key encryption key.  One of ordinary skill in the art would have been motivated to make this modification because by using a database key to encrypt a backup, a database controller will allow the system to create a backup without user interaction (Wisniewski, para. 0078).  

As per claim 4, Hamel in view of Mehr, Freeman, Kinoshita, and Wisniewski teaches claim 3.  
([Hamel, para. 0123] each tenant master key [the key encryption key] is decrypted using the old customer key [the database master key]
transmitting over the computer communications network by the encryption process to the key management service the customer master key as part of the request for the key encryption key and receiving in the memory of the computer in response, both the key encryption key and the encrypted form of the key encryption key by: ([Hamel, para. 0049 and Fig. 2A] the tenant master key [the key encrypted key] is caused to be encrypted using a customer key [key to encrypt the key encrypted key, and together, the encrypted form of the key encrypted key].  There is a pre-generation step in which a customer creates a customer key inside a hardware security module.  The hardware security module is inside the key release system which is separate from the key management system.  The key release system tells the key management system which customer key is used to encrypt the key encrypted key).
Hamel does not teach restoring the backup by: receiving from a restored form of the database the database master key encrypted form of the key encryption key, storing the encrypted form of the key encryption key in the database, and, deleting the database master key from the memory.
However, Wisniewski teaches restoring the backup by: ([Wisniewski, para. 0045] the cloud storage monitoring service may orchestrate offline backups for the cloud storage)
receiving from a restored form of the database the database master key encrypted form of the key encryption key, ([Wisniewski, para. 0046] The cloud storage may store offline backups of data from the database. The data may be encrypted a second time (e.g., using a backup key stored in the HSMs) before being written to the cloud storage)
storing the encrypted form of the key encryption key in the database; and, ([Wisniewski, para. 0086; Fig. 8] the set of encrypted encryption keys may be sent for storage)
([Wisniewski, para. 0087; Fig. 8] the set of HSMs may delete the first KEK [the database master key] from the set of HSMs)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hamel with the teaching of Wisniewski to include the additional elements of restoring the backup by: receiving from a restored form of the database the database master key encrypted form of the key encryption key, storing the encrypted form of the key encryption key in the database, and, deleting the database master key from the memory.  One of ordinary skill in the art would have been motivated to make this modification because in conventional backup systems not utilizing a key rotation, even if the customer key is deleted by the database, other copies of the customer key, such as from a backup, may still be decoded by an attacker (Wisniewski, para. 0004).  

As per claim 8, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.  

As per claim 9, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4.  

As per claim 13, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.  

As per claim 14, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4.  

Claims 5, 10 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Hamel in view of Mehr, in view of Freeman, and in view of Kinoshita  as applied to claims 1, 6, and 11 above, and further in view of Auerbach et al. (US Patent No. 5,673,316) (hereinafter “Auerbach”).  

As per claim 5, Hamel, in view of Mehr, Freeman, and Kinoshita teaches claim 1.  
Hamel also teaches wherein [the encrypted data envelope comprises] the encrypted form of the key encryption key ([Hamel, para. 0049 and Fig. 2A] the tenant master key [the key encrypted key] is caused to be encrypted using a customer key [key to encrypt the key encrypted key, and together, the encrypted form of the key encrypted key]) and the first hash message authentication code generated by the key encryption key and the customer master key ([Hamel, para. 0052] the key management system generates a hash [a first hash message authentication code] of the request context as a unique identifier.  [Para. 0093] the request context includes an encrypted tenant master key [key encryption key] that is encrypted using the customer master key [as the hash is of the request context, and the request context uses the KEK and the CMK, the hash uses the KEK and the CMK]), so that [the encrypted data envelope] is validated by:  ([Hamel, para. 0118; 0134] an audit trail of transactions are maintained by the unique identifiers, and each participant validates their copy of hashes)
the first hash message authentication code generated by the key encryption key and the customer master key ([Hamel, para. 0052] the key management system generates a hash [a first hash message authentication code] of the request context as a unique identifier.  [Para. 0093] the request context includes an encrypted tenant master key [key encryption key] that is encrypted using the customer master key [as the hash is of the request context, and the request context uses the KEK and the CMK, the hash uses the KEK and the CMK])
([Hamel, para. 0123] each tenant master key [the key encryption key] is decrypted using the old customer key [the database master key])
the generation of a second hash message authentication code with the key encryption key and the customer master key; and ([Hamel, para. 0118;] an audit trail is maintained by specifying a unique identifier for the secure data operations.  [Para. 0138] The key associated with the transaction that is used for a number of hash trees composes one or more of… a customer key and a tenant master key [the key encrypted key].   [Para. 0049] the tenant master key is caused to be encrypted using a customer key, which allows the hash messages authentication codes generated to be compared)
a comparison of the first and second hash message authentication codes.  ([Hamel, para. 0100; para. 0130;] the audit records from the KMS Audit DB [key management system that generates the first hash message] and KRS [key release system that generates the second hash message] Audit DB are compared.  The comparison is done by a chain such as a hash tree)
Hamel does not explicitly teach an encrypted data envelope that comprises the first hash message authentication code and a subsequent opening of the encrypted data envelope.  
However, Freeman teaches an encrypted data envelope that comprises a first hash message authentication code. ([Freeman, para. 0026] the message envelope comprising encrypted MSG content [the encrypted message], the encrypted content encryption key used to decrypt the content [the encrypted data key], and a hash of a confidential mail token as authentication [the first hash message authentication code].  The first hash message authentication code using the key encryption key and the customer master key was taught by Hamel above)
a subsequent opening of the encrypted data envelope. ([Freeman, para. 0028] the receiver receives the message envelope transmitted and processes the data within the envelope in order to validate the message envelope)

Hamel in view of Freeman does not explicitly teach an encrypted data envelope that comprises the encrypted form of the key encryption key.
However, Auerbach teaches an encrypted data envelope that comprises the encrypted form of the key encryption key.  ([Auerbach, Fig. 2; col. 5, ln. 8] An envelope contains PEK 210 which are encrypted with a key to form an encrypted PEK.  [Fig. 3; col. 4, ln. 25-35] the PEK 210 encrypts a control part, which include metadata used to facility confidentiality, and itself may encrypt part of the document.  Thus, encrypted PEK is an encrypted key encrypting key, and the envelope contains comprises the encrypted form of the key encryption key)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Hamel with the teachings of Auerbach to include the additional element of an encrypted data envelope that comprises the encrypted form of the key encryption key.  One of ordinary skill in the art would have been motivated to make this modification because doing so allows the integrity of one information part (such as the integrity of the encrypted key encryption key of Hamel) to be checked by computing a second hash on the part and comparing the two hashes (such as the hashes generated as described by Hamel).  (Auerbach, col. 2, ln. 16-41)

As per claim 10, the claim language is identical or substantially similar to that of claim 5. Therefore, it is rejected under the same rationale applied to claim 5.  

As per claim 15, the claim language is identical or substantially similar to that of claim 5. Therefore, it is rejected under the same rationale applied to claim 5.  

RESPONSE TO ARGUMENTS AND REMARKS
Applicant’s arguments filed in the amendment filed 07/01/2021 have been fully considered but are moot in view of new grounds of rejection.  
Hamel, Mehr, and Freeman in combination does not teach “receiving, in the memory of the computer in response from the key management service that is separate from the encryption process, both an unencrypted form of the key encryption key and an encrypted form of the key encryption key”.  However, Kinoshita as mapped above does teach the limitation.  Hence, claims 1-2, 6-7, and 11-12 are taught by the prior art per the mapping above.   
Wisniewski does not teach “receiving, in the memory of the computer in response from the key management service that is separate from the encryption process, both an unencrypted form of the key encryption key and an encrypted form of the key encryption key”.  However, Kinoshita as mapped above does teach the limitation.  Hence, claims 1-2, 6-7, and 11-12 are taught by the prior art per the mapping above.   
Auerbach does not teach “receiving, in the memory of the computer in response from the key management service that is separate from the encryption process, both an unencrypted form of the key encryption key and an encrypted form of the key encryption key”.  However, Kinoshita as mapped above does teach the limitation.  Hence, claims 1-2, 6-7, and 11-12 are taught by the prior art per the mapping above.   
A table of values for converting a set of data to another set of data, such as a look up value, or an index is a well-known method of encryption.  See, for example, Nishika, Rahul Kumar Yadav. "A Lookup Table Based Secure Cryptographic SMS Communication on Android Environment." (2013). Pg. 9, step 9 – obtaining a character equivalent of each encoded character in lookup table.
In the interest of advancing prosecution, Examiner suggests adding the additional limitation: “wherein the unencrypted form of the key encryption key may not be recovered by the computer except .  
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Lim et al. (US Pub. 2018/0048464) teaches sending a document identifier and a key encryption key from the key management server to an encryption service module in order to facilitate sharing of encrypted content.  Agarwal et al. (US Pub. 2019/0173674) teaches a KEK rotator that old KEK to encode new KEKs and sends both a KEK and an encrypted KEK.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through 

/Z.L./Examiner, Art Unit 2493

/PETER C SHAW/Primary Examiner, Art Unit 2493