DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, filed on April 15, 2020, is accepted.
Claims 1 – 20 are being considered on the merits.

Drawings
The drawings, filed on April 15, 2020, is accepted.

Specification
The specification, filed on April 15, 2020, is accepted.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1 – 7 and 10 – 15, and 18  – 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract idea without significantly more. The claims recites encrypting data and storing the encrypted data into a data structure and then creating a mapping which just consider to be a data structure. The claims also recites invalidation upon the request to rotate/change the key which is all presented in the independent claim 1. This judicial exception is not integrated into a practical application because the limitations can all be done as mental steps and does not require any data exchange between networks. The claims does not include 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 3, 7, 10 – 12, 15, and 18 – 19 are rejected under 35 U.S.C. 103 as being unpatentable over US 7111005 B1 to Wessman in view of US 20160105283 A1 to Mityagin and further in view of US 20190097791 A1 to Hersans et al., (hereinafter, “Hersans”). 
Regarding claim 1, Wessman teaches a method, comprising: encrypting, by a computing system, data for a database in a multi-tenant database system, wherein the encrypting uses encryption keys assigned to respective tenants that are using the database; [Wessman, col. 4 lines 43 – 54 discloses Profiles 220 stores encryption profiles created by security administrator 106 in columns 232, 234, 236, and 238. The first row of profiles 220 contains a profile. Column 232 indicates the name, 999, of the profile. Column 234 indicates the encryption mode. In this example, the profile indicates that data encryption standard (DES) encryption is being used. Column 236 indicates the key-length to use. This example indicates a key-length of 56 bits. Column 238 indicates the data integrity mechanism to be used with the profile. This example indicates that secure hash algorithm 1 (SHA-1) is being used. Profiles are supplied to database 118 as profile 214. Col. 1 lines 64 – 66 discloses if a user has designated the column as an encrypted column, the system automatically encrypts the data using an encryption function] storing the encryption keys in a cache; [Wessman, col. 1 lines 66 – 67 discloses this encryption function uses a key stored in a keyfile managed by the security administrator.], but Wessman does not teach in response to a key rotation request for a first tenant, the computing system invalidating an entry in the cache for a first encryption key of the first tenant.  
However, Mityagin does teach in response to a key rotation request for a first tenant. [Mityagin, para. 7 discloses a client device may send a request to the server for a new security key as a replacement for the current active security key. The server may receive the request and generate a candidate security key. The server can then issue the candidate security key to the client device.], but Wessman in view of Mityagin does not teach the computing system invalidating an entry in the cache for a first encryption key of the first tenant.
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Mityagin’s system with Wessman’s system, with a motivation to allow client application 310 to periodically rotate security keys by keeping track of key rotation schedule(s) and signaling to client application 310 when active key 316 needs to be refreshed [Mityagin, para. 62] and dynamically adjust the renewal schedule of a timer depending on factors such as network traffic, server workload, presence of security threats, security policy change, etc. [Mityagin, para. 74]
However, Hersans does teach the computing system invalidating an entry in the cache for a first encryption key of the first tenant. [Hersans, para. 16 discloses the user device may transmit a destruction request message corresponding to a secret or an encryption key to the data center, and the data center may destroy or mark for deletion the specified tenant secret, tenant-specific encryption key, or both, in response.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Hersans’s system with Wessman’s system, with a motivation to send a destruction command to data center 120 for either a tenant secret or encryption key, and data center 120 may delete the corresponding secret (e.g., from a central database) or key (e.g., from the distributed cache) based on the command and be performed efficiently and the cloud client 105 may be confident that no version of the secret or key remains elsewhere in data center. [Hersans, para. 25]

As per claim 2, modified Wessman teaches the method of claim 1, wherein the storing includes: storing a mapping between the first tenant and an identifier of the first key in the cache; and storing a mapping between the identifier of the first key and key material of the first key in the cache. [Wessman, col. 5 lines 14 – 29 discloses the system starts when key management function 114 receives a request from security administrator 106 to create an encryption profile (step 402). Key management function 114 receives the name of the profile to create from security administrator 106 (step 404). Next, key management function 114 receives the encryption algorithm to associate with the profile (step 406). Key management function 114 then receives the key-length to associate with the profile (step 408). Next, key management function 114 receives the type of data integrity to associate with the profile (step 410). Key management function 114 creates the profile (step 412). Finally, key management function 114 stores the profile, consisting of the profile name, encryption mode, key-length, and integrity type in columns 232, 234, 236, and 238, respectively, in the next available row of profiles 220 (step 414).]

Regarding claim 3, modified Wessman teaches the method of claim 2, but Wessman does not teach wherein the invalidating invalidates the mapping between the first tenant and an identifier of the first key in the cache.  
However, Hersans does teach wherein the invalidating invalidates the mapping between the first tenant and an identifier of the first key in the cache. [Hersans, para. 53 discloses the user device 405 may send a call to a key service of the application server 410. The call may be an example of a destroy call, and may indicate either an encryption key (e.g., a DEK), a tenant, a tenant secret, or some combination of these. For example, the destroy call may specify a tenant secret, and the user device may send the destroy call to remove the tenant secret and any encryption keys associated with the tenant secret from a data center (e.g., the data center containing the application server 410, the distributed cache 415, and the central database 420).] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Hersans’s system with Wessman’s system, with a motivation to send a destruction command to data center 120 for either a tenant secret or encryption key, and data center 120 may delete the corresponding secret (e.g., from a central database) or key (e.g., from the distributed cache) based on the command and be performed efficiently and the cloud client 105 may be confident that no version of the secret or key remains elsewhere in data center. [Hersans, para. 25]
	
Regarding claim 7, modified Wessman teaches the method of claim 1, but Wessman does not teach further comprising: generating a command for another node in a cluster to invalidate the first encryption key of the first tenant from its cache.  
However, Hersans does teach further comprising: generating a command for another node in a cluster to invalidate the first encryption key of the first tenant from its cache. [Hersans, para. 54 discloses the application server 410 may send an encryption key destroy call to the distributed cache 415. The encryption key destroy call may include an indication of the tenant or tenant secret. In some cases, at 435, the distributed cache 415 may search distributed cache storage for any encryption keys (e.g., DEKs) corresponding to the indicated tenant or tenant secret, and may remove the corresponding encryption keys from the distributed cache 415.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Hersans’s system with Wessman’s system, with a motivation to send a destruction command to data center 120 for either a tenant secret or encryption key, and data center 120 may delete the corresponding secret (e.g., from a central database) or key (e.g., from the distributed cache) based on the command and be performed efficiently and the cloud client 105 may be confident that no version of the secret or key remains elsewhere in data center. [Hersans, para. 25]

As per claim 10, modified Wessman teaches the method of claim 1, wherein the encrypted data includes data from a database table that includes entries for multiple tenants, wherein the encrypted data includes a plurality of fragments, and wherein each fragment is encrypted using the encryption key of only one of the tenants. [Wessman, col. 1 lines 56 – 67 to col. 2 lines 1 – 3 discloses a system for managing encryption within a database system that is managed by a database administrator, and wherein a user administrator not otherwise associated with the database system, manages users of the database system. This system performs encryption automatically and transparently to a user of the database system. The system operates by receiving a request to store data in a column of the database system. If a user has designated the column as an encrypted column, the system automatically encrypts the data using an encryption function. This encryption function uses a key stored in a keyfile managed by the security administrator. After encrypting the data, the system stores the data in the database system using a storage function of the database system.]

Regarding claim 11, Wessman teaches a non-transitory computer-readable medium having computer instructions stored thereon that are capable of being executed by a computer system to cause operations comprising: encrypting data for a database in a multi-tenant database system, wherein the encrypting uses encryption keys assigned to respective tenants that are using the database; [Wessman, col. 1 lines 60 – 67 to col. 2 lines 1 – 3 discloses this system performs encryption automatically and transparently to a user of the database system. The system operates by receiving a request to store data in a column of the database system. If a user has designated the column as an encrypted column, the system automatically encrypts the data using an encryption function. This encryption function uses a key stored in a keyfile managed by the security administrator. After encrypting the data, the system stores the data in the database system using a storage function of the database system] storing the encryption keys in a cache; [Wessman, col. 1 lines 66 – 67 discloses this encryption function uses a key stored in a keyfile managed by the security administrator], but Wessman does not teach in response to a key rotation request for a first tenant, invalidating an entry in the cache for a first encryption key of the first tenant. 
However, Mityagin does teach in response to a key rotation request for a first tenant. [Mityagin, para. 7 discloses a client device may send a request to the server for a new security key as a replacement for the current active security key. The server may receive the request and generate a candidate security key. The server can then issue the candidate security key to the client device.], but Wessman in view of Mityagin does not teach the computing system invalidating an entry in the cache for a first encryption key of the first tenant.
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Mityagin’s system with Wessman’s system, with a motivation to allow client application 310 to periodically rotate security keys by keeping track of key rotation schedule(s) and signaling to client application 310 when active key 316 needs to be refreshed [Mityagin, para. 62] and dynamically adjust the renewal schedule of a timer depending on factors such as network traffic, server workload, presence of security threats, security policy change, etc. [Mityagin, para. 74]
However, Hersans does teach invalidating an entry in the cache for a first encryption key of the first tenant. [Hersans, para. 16 discloses the user device may transmit a destruction request message corresponding to a secret or an encryption key to the data center, and the data center may destroy or mark for deletion the specified tenant secret, tenant-specific encryption key, or both, in response.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Hersans’s system with Wessman’s system, with a motivation to send a destruction command to data center 120 for either a tenant secret or encryption key, and data center 120 may delete the corresponding secret (e.g., from a central database) or key (e.g., from the distributed cache) based on the command and be performed efficiently and the cloud client 105 may be confident that no version of the secret or key remains elsewhere in data center. [Hersans, para. 25]

As per claim 12, modified Wessman teaches the non-transitory computer-readable medium of claim 11, wherein the storing includes: storing a mapping between the first tenant and an identifier of the first key in the cache; and storing a mapping between the identifier of the first key and key material of the first key in the cache. [Wessman, col. 5 lines 14 – 29 discloses the system starts when key management function 114 receives a request from security administrator 106 to create an encryption profile (step 402). Key management function 114 receives the name of the profile to create from security administrator 106 (step 404). Next, key management function 114 receives the encryption algorithm to associate with the profile (step 406). Key management function 114 then receives the key-length to associate with the profile (step 408). Next, key management function 114 receives the type of data integrity to associate with the profile (step 410). Key management function 114 creates the profile (step 412). Finally, key management function 114 stores the profile, consisting of the profile name, encryption mode, key-length, and integrity type in columns 232, 234, 236, and 238, respectively, in the next available row of profiles 220 (step 414).]

Regarding claim 15, modified Wessman teaches the non-transitory computer-readable medium of claim 11, but Wessman does not teach wherein the operations further comprise: generating a command for another node in a cluster to invalidate the first encryption key of the first tenant from its cache.  
However, Hersans does teach wherein the operations further comprise: generating a command for another node in a cluster to invalidate the first encryption key of the first tenant from its cache. [Hersans, para. 54 discloses the application server 410 may send an encryption key destroy call to the distributed cache 415. The encryption key destroy call may include an indication of the tenant or tenant secret. In some cases, at 435, the distributed cache 415 may search distributed cache storage for any encryption keys (e.g., DEKs) corresponding to the indicated tenant or tenant secret, and may remove the corresponding encryption keys from the distributed cache 415.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Hersans’s system with Wessman’s system, with a motivation to efficiently remove all copies of the secret or encryption key from the data center, as the data center may only store a single copy of the tenant secret in a central database and a single copy of the tenant-specific encryption key in a distributed cache. [Hersans, para. 16]

Regarding claim 18, Wessman teaches a system, comprising: one or more processors; and one or more memories having instructions stored thereon that are capable of being executed by the one or more processors to cause operations comprising: encrypting data for a database in a multi-tenant database system, wherein the encrypting uses encryption keys assigned to respective tenants that are using the database; [Wessman, col. 1 lines 60 – 67 to col. 2 lines 1 – 3 discloses this system performs encryption automatically and transparently to a user of the database system. The system operates by receiving a request to store data in a column of the database system. If a user has designated the column as an encrypted column, the system automatically encrypts the data using an encryption function. This encryption function uses a key stored in a keyfile managed by the security administrator. After encrypting the data, the system stores the data in the database system using a storage function of the database system] storing the encryption keys in a cache; [Wessman, col. 1 lines 66 – 67 discloses this encryption function uses a key stored in a keyfile managed by the security administrator], but Wessman does not teach in response to a key rotation request for a first tenant, invalidating an entry in the cache for a first encryption key of the first tenant.
However, Mityagin does teach in response to a key rotation request for a first tenant. [Mityagin, para. 7 discloses a client device may send a request to the server for a new security key as a replacement for the current active security key. The server may receive the request and generate a candidate security key. The server can then issue the candidate security key to the client device.], but Wessman in view of Mityagin does not teach invalidating an entry in the cache for a first encryption key of the first tenant.
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Mityagin’s system with Wessman’s system, with a motivation to allow client application 310 to periodically rotate security keys by keeping track of key rotation schedule(s) and signaling to client application 310 when active key 316 needs to be refreshed [Mityagin, para. 62] and dynamically adjust the renewal schedule of a timer depending on factors such as network traffic, server workload, presence of security threats, security policy change, etc. [Mityagin, para. 74]
However, Hersans does teach invalidating an entry in the cache for a first encryption key of the first tenant. [Hersans, para. 16 discloses the user device may transmit a destruction request message corresponding to a secret or an encryption key to the data center, and the data center may destroy or mark for deletion the specified tenant secret, tenant-specific encryption key, or both, in response.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Hersans’s system with Wessman’s system, with a motivation to send a destruction command to data center 120 for either a tenant secret or encryption key, and data center 120 may delete the corresponding secret (e.g., from a central database) or key (e.g., from the distributed cache) based on the command and be performed efficiently and the cloud client 105 may be confident that no version of the secret or key remains elsewhere in data center. [Hersans, para. 25]

As per claim 19, modified Wessman teaches the system of claim 18, wherein the storing includes: storing a mapping between the first tenant and an identifier of the first key in the cache; and storing a mapping between the identifier of the first key and key material of the first key in the cache. [Wessman, col. 5 lines 14 – 29 discloses the system starts when key management function 114 receives a request from security administrator 106 to create an encryption profile (step 402). Key management function 114 receives the name of the profile to create from security administrator 106 (step 404). Next, key management function 114 receives the encryption algorithm to associate with the profile (step 406). Key management function 114 then receives the key-length to associate with the profile (step 408). Next, key management function 114 receives the type of data integrity to associate with the profile (step 410). Key management function 114 creates the profile (step 412). Finally, key management function 114 stores the profile, consisting of the profile name, encryption mode, key-length, and integrity type in columns 232, 234, 236, and 238, respectively, in the next available row of profiles 220 (step 414).] 

Claims 4 – 6, 13 – 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 7111005 B1 to Wessman in view of US 20160105283 A1 to Mityagin further in view of US 20190097791 A1 to Hersans et al., (hereinafter, “Hersans”) and in further view of US 20110191594 A1 to Bartlett et al., (hereinafter, “Bartlett”).
Regarding claim 4, modified Wessman teaches the method of claim 1, but modified Wessman does not teach further comprising: blocking one or more writes for the first tenant until an entry for a new key for the first tenant is allocated in the cache.  
However, Bartlett teaches further comprising: blocking one or more writes for the first tenant until an entry for a new key for the first tenant is allocated in the cache. [Bartlett, para. 56 discloses if the I/O request is for data within a data block currently undergoing key rotation at the data block referenced by the key rotation pointer, they I/O request is deferred until key rotation for that data block has been completed after which the new key is used to service the I/O request.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Bartlett’s system with Wessman’s system, with a motivation to have the ability to perform key rotation while the system continues normal operation and encrypt some of the data on the storage device with the old encryption key, and other data with the new encryption key, and ensure that data is read and written with the proper key. [Bartlett, para. 16]

Regarding claim 5, modified Wessman teaches the method of claim 4, but modified Wessman does not teach further comprising: performing one or more writes for one or more other tenants during the blocking, using stored encryption keys in the cache for the one or more other tenants.  
However, Bartlett does teach further comprising: performing one or more writes for one or more other tenants during the blocking, using stored encryption keys in the cache for the one or more other tenants. [Bartlett, para. 16 discloses during key rotation, CLIM 14 continues to service storage media I/O requests from host 12. If an I/O request is for data that has undergone key rotation, the new key is used to decrypt the data for read requests and encrypt the data for write requests. If the I/O request is for data that has not undergone key rotation, the old key is used. If the I/O request is for data within a data block currently undergoing key rotation at the data block referenced by the key rotation pointer, they I/O request is deferred until key rotation for that data block has been completed after which the new key is used to service the I/O request.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Bartlett’s system with Wessman’s system, with a motivation to have the ability to perform key rotation while the system continues normal operation and encrypt some of the data on the storage device with the old encryption key, and other data with the new encryption key, and ensure that data is read and written with the proper key. [Bartlett, para. 16]

Regarding claim 6, modified Wessman teaches the method of claim 1, but modified Wessman does not teach wherein the invalidating the first encryption key is performed in response to receipt of a new key for the first tenant and wherein the encrypting uses the first key during an interval between the key rotation request and receipt of the new key.  
However, Bartlett does teach wherein the invalidating the first encryption key is performed in response to receipt of a new key for the first tenant and wherein the encrypting uses the first key during an interval between the key rotation request and receipt of the new key. [Bartlett, para. 55 discloses during key rotation, CLIM 14 continues to service storage media I/O requests from host 12. If an I/O request is for data that has undergone key rotation, the new key is used to decrypt the data for read requests and encrypt the data for write requests. If the I/O request is for data that has not undergone key rotation, the old key is used. If the I/O request is for data within a data block currently undergoing key rotation at the data block referenced by the key rotation pointer, they I/O request is deferred until key rotation for that data block has been completed after which the new key is used to service the I/O request.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Bartlett’s system with Wessman’s system, with a motivation to have the ability to perform key rotation while the system continues normal operation and encrypt some of the data on the storage device with the old encryption key, and other data with the new encryption key, and ensure that data is read and written with the proper key. [Bartlett, para. 16]

Regarding claim 13, modified Wessman teaches the non-transitory computer-readable medium of claim 11, but modified Wessman does not teach wherein the operations further comprise: blocking one or more writes for the first tenant until an entry for a new key for the first tenant is allocated in the cache.  
However, Bartlett teaches wherein the operations further comprise: blocking one or more writes for the first tenant until an entry for a new key for the first tenant is allocated in the cache. [Bartlett, para. 56 discloses if the I/O request is for data within a data block currently undergoing key rotation at the data block referenced by the key rotation pointer, they I/O request is deferred until key rotation for that data block has been completed after which the new key is used to service the I/O request.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Bartlett’s system with Wessman’s system, with a motivation to have the ability to perform key rotation while the system continues normal operation and encrypt some of the data on the storage device with the old encryption key, and other data with the new encryption key, and ensure that data is read and written with the proper key. [Bartlett, para. 16]

Regarding claim 14, modified Wessman teaches the non-transitory computer-readable medium of claim 13, but modified Wessman does not teach wherein the operations further comprise: performing one or more writes for one or more other tenants during the blocking, using stored encryption keys in the cache for the one or more other tenants.  
However, Bartlett does teach wherein the operations further comprise: performing one or more writes for one or more other tenants during the blocking, using stored encryption keys in the cache for the one or more other tenants.  [Bartlett, para. 16 discloses during key rotation, CLIM 14 continues to service storage media I/O requests from host 12. If an I/O request is for data that has undergone key rotation, the new key is used to decrypt the data for read requests and encrypt the data for write requests. If the I/O request is for data that has not undergone key rotation, the old key is used. If the I/O request is for data within a data block currently undergoing key rotation at the data block referenced by the key rotation pointer, they I/O request is deferred until key rotation for that data block has been completed after which the new key is used to service the I/O request.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Bartlett’s system with Wessman’s system, with a motivation to have the ability to perform key rotation while the system continues normal operation and encrypt some of the data on the storage device with the old encryption key, and other data with the new encryption key, and ensure that data is read and written with the proper key. [Bartlett, para. 16]

Regarding claim 20, modified Wessman the system of claim 18, but modified Wessman does not teach wherein the operations further comprise: blocking one or more writes for the first tenant until an entry for a new key for the first tenant is allocated in the cache.
However, Bartlett teaches wherein the operations further comprise: blocking one or more writes for the first tenant until an entry for a new key for the first tenant is allocated in the cache. [Bartlett, para. 56 discloses if the I/O request is for data within a data block currently undergoing key rotation at the data block referenced by the key rotation pointer, they I/O request is deferred until key rotation for that data block has been completed after which the new key is used to service the I/O request.] 
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Bartlett’s system with Wessman’s system, with a motivation to have the ability to perform key rotation while the system continues normal operation and encrypt some of the data on the storage device with the old encryption key, and other data with the new encryption key, and ensure that data is read and written with the proper key. [Bartlett, para. 16]

Claims 8 – 9, and 16 – 17 are rejected under 35 U.S.C. 103 as being unpatentable over US 7111005 B1 to Wessman in view of US 20160105283 A1 to Mityagin further in view of US 20190097791 A1 to Hersans et al., (hereinafter, “Hersans”) and in further view of US 20170004093 A1 to Susarla et al., (hereinafter, “Susarla”).
Regarding claim 8, modified Wessman teaches the method of claim 1, further comprising: maintaining a list of tenants that have active data in memory associated with a flush or merge operation; [Wessman, col. 1 lines 56 – 64 discloses a system for managing encryption within a database system that is managed by a database administrator, and wherein a user administrator not otherwise associated with the database system, manages users of the database system. This system performs encryption automatically and transparently to a user of the database system. The system operates by receiving a request to store data in a column of the database system], but modified Wessman does not teach in response to the list reaching a threshold number of tenants, issuing a bulk key fetch from a key management system and storing fetched keys from the bulk key fetch in the cache. 
However, Susarla does teach in response to the list reaching a threshold number of tenants, issuing a bulk key fetch from a key management system and storing fetched keys from the bulk key fetch in the cache. [Susarla, para. 35 discloses the memory in the caching system for storing blocks is finite in size, meaning that only a certain number of blocks may be cached at one time. After the memory fills and a predetermined cache block limit is reached, the caching system eventually begins evicting or removing blocks so that they may be replaced by blocks from more recent storage requests. Many caching systems use a least recently used (LRU) or related algorithm to select the blocks that are to be evicted. Para. 54 discloses Cache space utilization for each of the tenants may be determined by examining each of the CCBs present in the caching system at any given time as each CCB corresponds to a block that is stored in the memory of the caching system. By examining the tenant information included in each of the CCBs, a count of a number of blocks corresponding to each tenant may be determined. In some embodiments, the count for each tenant may be determined at the end of each monitoring epoch by iterating through the CCBs and incrementing each corresponding count value based on the tenant information.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Susarla’s system with modified Wessman’s system, with a motivation to obtains the high hit rate by keeping copies of data associated with previous storage requests and in some cases may prefetch data immediately after data requested in the previous storage requests [Susarla, para. 17] and knowing information about how much of the storage in the caching system is being used by each of the tenants may be helpful in determining whether the caching system is seeing balanced usage among the tenants or whether there is an imbalance between the tenants. [Susarla, para. 19]

Regarding claim 9, modified Wessman teaches the method of claim 1, further comprising: determining a number of tenants associated with the database; [Wessman, col. 1 lines 56 – 64 discloses a system for managing encryption within a database system that is managed by a database administrator, and wherein a user administrator not otherwise associated with the database system, manages users of the database system. This system performs encryption automatically and transparently to a user of the database system. The system operates by receiving a request to store data in a column of the database system], but modified Wessman does not teach in response to the number of tenants being greater than a number of entries in the cache, selecting a portion of the tenants for a bulk key fetch into the cache, wherein the selected portion does not fill the cache.  
However, Susarla does teach in response to the number of tenants being greater than a number of entries in the cache, selecting a portion of the tenants for a bulk key fetch into the cache, wherein the selected portion does not fill the cache. [Susarla, para. 47 discloses the caching system maintains a pool of free blocks that are kept free of cached data so that the predetermined cache block limit is less than the total cache block capacity of the memory in the caching system that is reserved for cache blocks. The pool of free blocks helps reduce caching delay as allocated blocks may be taken from the pool of free blocks without waiting for the eviction process to identify a next block to evict and the write back operation on the block finish before storing newly cached data to the block. Thus, when a cache block is allocated during process 220 and/or 230, the eviction and/or write back may begin and when the eviction and/or write back completes, the memory occupied by the evicted block is added to the pool of free blocks. Para. 54 discloses Cache space utilization for each of the tenants may be determined by examining each of the CCBs present in the caching system at any given time as each CCB corresponds to a block that is stored in the memory of the caching system. By examining the tenant information included in each of the CCBs, a count of a number of blocks corresponding to each tenant may be determined. In some embodiments, the count for each tenant may be determined at the end of each monitoring epoch by iterating through the CCBs and incrementing each corresponding count value based on the tenant information.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Susarla’s system with modified Wessman’s system, with a motivation to obtains the high hit rate by keeping copies of data associated with previous storage requests and in some cases may prefetch data immediately after data requested in the previous storage requests [Susarla, para. 17] and knowing information about how much of the storage in the caching system is being used by each of the tenants may be helpful in determining whether the caching system is seeing balanced usage among the tenants or whether there is an imbalance between the tenants. [Susarla, para. 19]

Regarding claim 16, modified Wessman teaches the non-transitory computer-readable medium of claim 11, wherein the operations further comprise: maintaining a list of tenants that have active data in memory associated with a flush or merge operation; [Wessman, col. 1 lines 56 – 64 discloses a system for managing encryption within a database system that is managed by a database administrator, and wherein a user administrator not otherwise associated with the database system, manages users of the database system. This system performs encryption automatically and transparently to a user of the database system. The system operates by receiving a request to store data in a column of the database system], but modified Wessman does not teach in response to the list reaching a threshold number of tenants, issuing a bulk key fetch from a key management system and storing fetched keys from the bulk key fetch in the cache. 
However, Susarla does teach in response to the list reaching a threshold number of tenants, issuing a bulk key fetch from a key management system and storing fetched keys from the bulk key fetch in the cache. [Susarla, para. 35 discloses the memory in the caching system for storing blocks is finite in size, meaning that only a certain number of blocks may be cached at one time. After the memory fills and a predetermined cache block limit is reached, the caching system eventually begins evicting or removing blocks so that they may be replaced by blocks from more recent storage requests. Many caching systems use a least recently used (LRU) or related algorithm to select the blocks that are to be evicted. Para. 54 discloses Cache space utilization for each of the tenants may be determined by examining each of the CCBs present in the caching system at any given time as each CCB corresponds to a block that is stored in the memory of the caching system. By examining the tenant information included in each of the CCBs, a count of a number of blocks corresponding to each tenant may be determined. In some embodiments, the count for each tenant may be determined at the end of each monitoring epoch by iterating through the CCBs and incrementing each corresponding count value based on the tenant information.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Susarla’s system with modified Wessman’s system, with a motivation to obtains the high hit rate by keeping copies of data associated with previous storage requests and in some cases may prefetch data immediately after data requested in the previous storage requests [Susarla, para. 17] and knowing information about how much of the storage in the caching system is being used by each of the tenants may be helpful in determining whether the caching system is seeing balanced usage among the tenants or whether there is an imbalance between the tenants. [Susarla, para. 19]

Regarding claim 17, modified Wessman teaches the non-transitory computer-readable medium of claim 11, wherein the operations further comprise determining a number of tenants associated with the database; [Wessman, col. 1 lines 56 – 64 discloses a system for managing encryption within a database system that is managed by a database administrator, and wherein a user administrator not otherwise associated with the database system, manages users of the database system. This system performs encryption automatically and transparently to a user of the database system. The system operates by receiving a request to store data in a column of the database system], but modified Wessman does not teach in response to the number of tenants being greater than a number of entries in the cache, selecting a portion of the tenants for a bulk key fetch into the cache, wherein the selected portion does not fill the cache.
However, Susarla does teach in response to the number of tenants being greater than a number of entries in the cache, selecting a portion of the tenants for a bulk key fetch into the cache, wherein the selected portion does not fill the cache. [Susarla, para. 47 discloses the caching system maintains a pool of free blocks that are kept free of cached data so that the predetermined cache block limit is less than the total cache block capacity of the memory in the caching system that is reserved for cache blocks. The pool of free blocks helps reduce caching delay as allocated blocks may be taken from the pool of free blocks without waiting for the eviction process to identify a next block to evict and the write back operation on the block finish before storing newly cached data to the block. Thus, when a cache block is allocated during process 220 and/or 230, the eviction and/or write back may begin and when the eviction and/or write back completes, the memory occupied by the evicted block is added to the pool of free blocks. Para. 54 discloses Cache space utilization for each of the tenants may be determined by examining each of the CCBs present in the caching system at any given time as each CCB corresponds to a block that is stored in the memory of the caching system. By examining the tenant information included in each of the CCBs, a count of a number of blocks corresponding to each tenant may be determined. In some embodiments, the count for each tenant may be determined at the end of each monitoring epoch by iterating through the CCBs and incrementing each corresponding count value based on the tenant information.]
Therefore, it would have been obvious to one of ordinary skill within the art before the effective filling date to combine Susarla’s system with modified Wessman’s system, with a motivation to obtains the high hit rate by keeping copies of data associated with previous storage requests and in some cases may prefetch data immediately after data requested in the previous storage requests [Susarla, para. 17] and knowing information about how much of the storage in the caching system is being used by each of the tenants may be helpful in determining whether the caching system is seeing balanced usage among the tenants or whether there is an imbalance between the tenants. [Susarla, para. 19]


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Phuc Pham whose telephone number is (571)272-8893. The examiner can normally be reached Monday - Thursday 7:30 AM - 4:30 PM; Friday 8:00 AM - 12:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/P.P./Patent Examiner, Art Unit 2434                                                                                                                                                                                                        

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434