Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
           This action is in response to the communication filed on 8/6/2021. 
Claims 1, 3-4, 6-8, 10, 11, 13, 14, 16, 17, 19-26 are allowed. 
Claims 2, 5, 9, 12, 15 and 18 are cancelled.   
                       
    Allowable Subject Matter
Claims 1, 3-4, 6-8, 10, 11, 13, 14, 16, 17, 19-26 are allowed. 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 7/29/2021.  Accordingly, the information disclosure statement is being considered by the examiner.
               
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.  
the applicant’s representative, Mr Barry Goldsmith on 10/28/2021. 

CLAIM LISTING

This listing of claims will replace all prior versions, and listings, of claims in the application:

1. (Currently Amended) A method of rewiring a key management system (KMS)
service instance (SI) with associated keys, the method comprising:
in response to a request, deleting a first SI corresponding to a user that is
mapped to one or more keys, the one or more keys stored in the KMS, the first SI
associated with a dedicated first database schema and comprising a first Application
Programming Interface (API) that allows access to the one or more keys stored in the
KMS, the deletion of the first SI causing the user to have no access to the one or more
keys stored in the KMS, wherein the first SI is mapped to the first database schema and
is associated with a uniform resource locator (URL) that allows the user to manage the
keys;
creating a second SI associated with a dedicated second database schema
comprising a second API; and
mapping the second SI to the one or more keys, the mapping providing the user
with access to the one or more keys stored in the KMS using the second API, wherein
the mapping the second SI to the one or more keys comprises mapping the second SI
to the second database schema.

2. (Canceled).

3. (Currently Amended) The method of claim 1, wherein deleting the first SI
causes access to the keys by the user to be deleted.

4. (Original) The method of claim 1, wherein the keys comprise master
encryption keys (MEKs) and are stored in a hardware security module (HSM).

5. (Canceled).

6. (Original) The method of claim 1, wherein in response to the deleting the first
SI, the keys are deleted after an expiration of a predefined time period.

7. (Original) The method of claim 1, wherein the mapping is implemented by a
mid-tier of the KMS, wherein the mid-tier is implemented by one or more microservices.

8. (Currently Amended) A key management system (KMS) comprising:
a mid-tier comprising one or more microservices; and
a data tier coupled to mid-tier and comprising one or more hardware security
modules (HSMs) and one or more databases;
the mid-tier adapted to, in response to a first request, delete a first service
instance (SI) corresponding to a user that is mapped to one or more keys, the one or

schema and comprising a first Application Programming Interface (API) that allows
access to the one or more keys stored in the KMS, the deletion of the first SI causing
the user to have no access to the one or more keys stored in the KMS and, in response
to a second request, create a second SI associated with a dedicated second database
schema comprising a second API, and map the second SI to the one or more keys, the
mapping providing the user with access to the one or more keys stored in the KMS
using the second API;
wherein the first SI is mapped to the first database schema and is associated
with a uniform resource locator (URL) that allows the user to manage the keys, and the
mapping the second SI to the one or more keys comprises mapping the second SI to
the second database schema.

9. (Canceled).

10. (Currently Amended) The key management system of claim 8, wherein
deleting the first SI causes access to the keys by the user to be deleted.

11. (Original) The key management system of claim 8, wherein the keys
comprise master encryption keys (MEKs) and are stored in the HSMs.

12. (Canceled).


the deleting the first SI, the keys are deleted after an expiration of a predefined time
period.

14. (Currently Amended) A non-transitory computer readable medium having
instructions stored thereon that, when executed by one or more processors, cause the
processors to rewire a key management system (KMS) service instance (SI) with
associated keys, the rewiring comprising:
in response to a request, deleting a first SI corresponding to a user that is
mapped to one or more keys, the one or more keys stored in the KMS, the first SI
associated with a dedicated first database schema and comprising a first Application
Programming Interface (API) that allows access to the one or more keys stored in the
KMS, the deletion of the first SI causing the user to have no access to the one or more
keys stored in the KMS, wherein the first SI is mapped to the first database schema and
is associated with a uniform resource locator (URL) that allows the user to manage the
keys;
creating a second SI associated with a dedicated second database schema
comprising a second API; and
mapping the second SI to the one or more keys, the mapping providing the user
with access to the one or more keys stored in the KMS using the second API, wherein
the mapping the second SI to the one or more keys comprises mapping the second SI
to the second database schema.



16. (Currently Amended) The computer readable medium of claim 14,
wherein deleting the first SI causes access to the keys by the user to be deleted.

17. (Original) The computer readable medium of claim 14, wherein the keys
comprise master encryption keys (MEKs) and are stored in a hardware security module

18. (Canceled).

19. (Original) The computer readable medium of claim 14, wherein in response
to the deleting the first SI, the keys are deleted after an expiration of a predefined time
period.

20. (Original) The computer readable medium of claim 14, wherein the mapping
is implemented by a mid-tier of the KMS, wherein the mid-tier is implemented by one or
more microservices.

21. (New) The method of claim 1, the deleting the first SI is in response to a
prompt to verify a force deletion.

22. (New) The key management system of claim 8, the deleting the first SI is in
response to a prompt to verify a force deletion.

23. (New) The computer readable medium of claim 14, the deleting the first SI is
in response to a prompt to verify a force deletion.

24. (New) The method of claim 1, wherein the first database schema is deleted in
response to the deleting the first SI, and the mapping the second SI to the second
database schema comprises mapping the second SI to the deleted first database
schema.

25. (New) The key management system of claim 8, wherein the first database
schema is deleted in response to the deleting the first SI, and the mapping the second
SI to the second database schema comprises mapping the second SI to the deleted first
database schema.

26. (New) The computer readable medium of claim 14, wherein the first database
schema is deleted in response to the deleting the first SI, and the mapping the second
SI to the second database schema comprises mapping the second SI to the deleted first
database schema.

Prior Art of Record
         The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Angel et al US Patent 11,075,753 teaches Key Fragment Management with plurality of KFM instances associated with cryptographic process relating data-item using a data-specific key fragment based on generated data identifier and fragmented key identifier based on root key fragment of device. 

Peikert et al US Patent 10,803,451 teaches modelling of digital assets, rights of plurality of parties, await function of each instance, authorized configured function, and consent and storing of secure keys of each user, device and function. 

Brandwine et al US Patent 10,243,739 teaches secure component with validation of opseraiton configuration of device (offload) with secure and trusted configuration with validation of root Key and multiple Key(s) management system. 

Bernat et al US Patent 10,623,386 teaches secure storage system and data protection with each device key, encryption data key, encrypting the keys with master secret,, generating plurality of shares from the master secret and storing the encrypted data. 

Bernat et al US Patent 10,623,386 teaches secure storage system and data protection with each device key, encryption data key, encrypting the keys with master secret,, generating plurality of shares from the master secret and storing the encrypted data. 

Yuki et al US Patent 10,747,529 teaches secure version management and secure storage device retaining version histories with predetermined function in predetermined system with association to multiple keys related to master key function. 
Roth et al US Patent 9,887,836 teaches cryptography service for management of cryptographic keys in multiple environments with specification of policies application to cryptographic keys with contexts and request and referral to another system for key. 
Mohammad Abdul et al US Publication 2018/0337914 teaches user authentication based on KDC key distribution system with user ID with tenant specific principal key user Kerberos Master Key to generated encrypted fragmented key(s) with password policy and password state attributes. 
                                      	
REASONS FOR ALLOWANCE
          The following is an examiner’s statement of reasons for allowance:
Examiner finds claims dated 10/18/2021 are persuasive for reason of allowance.  
The prior art of record does not explicitly disclose, in light of other features recited in independent claims 1 and 16 as follows :
Claims 1 and 16 ‘ .. a data encryption part in which part of at least one round function of a plurality of round functions for successively performing encryption processing on an input value is tabulated to be encrypted using a white-box model in which input/output values of the at least one round function using the white-box model are able to be recognized from the outside, 
wherein each round function of the plurality of round functions includes a 
wherein each tabulated encryption function is updated with a random number,
wherein at least one round function of the plurality of round functions includes a plurality of tabulated encryption functions,
wherein a first coefficient is exclusive-ORed to an input value of the encryption function, a second coefficient is exclusive-ORed to an output value of the encryption function, and at least the second coefficient is a random number,
wherein the first coefficient is adjusted to be a value that cancels a change in the data encryption part that is caused when the second coefficient is exclusive-ORed to the output value, and
wherein the data encryption part is implemented via at least one hardware processor.’ with additional detailed steps in claim(s) as described in independent claim(s) on 10/18/2021. 
Claims 17 and 18 ‘ .. a data decryption part configured to perform decryption by an inverse operation of encryption processing, the encryption processing of tabulating part of at least one round function of a plurality of round functions for successively performing encryption processing on an input value to be encrypted using a white-box model in which input/output values of the at least one round function using the white-box model are able to be recognized from the outside, 
wherein each round function of the plurality of round functions encrypts an input value with an encryption function that is tabulated in a black-box model in which the 
wherein at least one round function of the plurality of round functions includes a plurality of tabulated encryption functions,
wherein a first coefficient is exclusive-ORed to an input value of the encryption function, a second coefficient is exclusive-ORed to an output value of the encryption function, and at least the second coefficient is a random number,
wherein the first coefficient is adjusted to be a value that cancels a change in the data encryption part that is caused when the second coefficient is exclusive-ORed to the output value, and
wherein the data decryption part is implemented via at least one hardware processor.’ with additional detailed steps in claim(s) as described in independent claim(s) on 10/18/2021. 
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest in combination with the rest of the limitations recited in the independent claim(s).
None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim(s) under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRAL S LAKHIA whose telephone number is (571)270-3363.  The examiner can normally be reached on 8 am - 6 pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRAL S LAKHIA/Examiner, Art Unit 2431