Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restrictions
2.    NO restrictions warranted at initial time of filing for patent.

Priority
3.    Applicant claims domestic priority under 35 USC 119e to provisional application filed on 11/08/2013.

Oath/Declaration
4.    Applicant’s Oath was filed on 08/02/2019.

Drawings
5.    Applicant’s drawings filed on 08/02/2019 has been inspected and is in compliance with MPEP 608.01.
Specification
6.    Applicant’s specification filed on 08/02/2019 has been inspected and is in compliance with MPEP 608.02.

Claim Objections
7.    NO objections warranted at initial time of filing for patent.

Remarks
8.	Examiner request Applicant review relevant prior art under the conclusion of this office action.


EXAMINER'S AMENDMENT
9.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

10.	Authorization for this examiner’s amendment was given in an interview with Andrew Smith on 10/13/2021.

The application has been amended as follows: 

1. (Currently Amended) A database management system comprising: 
a tool programmatic implementation using executable code stored in a physical memory device and executed on a processor of a computer;
a configuration file stored in the same or a different physical memory, the configuration file comprising a source location of a database, an action, and a resource limit, wherein the configuration file is generated by hand or generated via a user interface uses a rule base or decision tree to prompt a user through the various choices to be made about a database; 
and a queue table stored in the same or a different physical memory, the queue table including a row identifier and a status field, the queue table holds the location of a hardware security module (HSM) when one is used for encryption, decryption or hashing, wherein the tool reads the configuration file to determine a source location of elements to read from the database, an action to take on the elements of the database, wherein the tool operates at or below the resource limit, wherein the tool then operates to read a record from the database, perform the action, store an updated record, and update the queue table with an indication of the action performed, the tool operates to selecting data from a column, sending the data to a HSM for decrypting with a first key, re-encrypting with a second key and receiving the data back from the HSM for re-saving to the database at the same or a different location, wherein when all records have not been processed, determining whether to continue the resource limit has been exceeded.

10. (Currently Amended) A method of managing a database using a database management system including 
a tool programmatic implementation, a configuration file, and a queue table, the method comprising:
executing the tool using executable code stored in a physical memory of a computer; 
, wherein the configuration file is generated by hand or generated via a user interface uses a rule base or decision tree to prompt a user through the various choices to be made about a database; 
reading by the tool from the configuration file an action to perform on the database; 
reading by the tool from the configuration file a resource limit that constrains to the tool to an upper limit of resources to be used by the tool;
accessing the database according to the source location to retrieve a record; 
performing the action on the record to generate an updated record; 
storing the updated record; 
updating the queue table to indicate completion of the action on the record, the queue table holds the location of a hardware security module (HSM) when one is used for encryption, decryption or hashing; and 
responsive to the resource limit not being exceeded, accessing the database to retrieve a next record for performing the action, the tool operates to selecting data from a column, sending the data to a HSM for decrypting with a first key, re-encrypting with a second key and receiving the data back from the HSM for re-saving to the database at the same or a different location, wherein when all records have not been processed, determining whether to continue the resource limit has been exceeded.


a tool programmatic implementation, a configuration file, and a queue table, the method comprising:
accessing the database using the tool, the database identified via the configuration file; 
reading a record from the database; 
performing an action on the record to generate an updated record, the action specified via the configuration file, wherein the configuration file is generated by hand or generated via a user interface uses a rule base or decision tree to prompt a user through the various choices to be made about a database;; 
storing the updated record at a location specified via the configuration file; and 
responsive to storing the updated record, adding a log entry to the queue table, the log entry including a reference to the record and the action, wherein the queue table holds the location of a hardware security module (HSM) when one is used for encryption, decryption or hashing, and the tool operates to selecting data from a column, sending the data to a HSM for decrypting with a first key, re-encrypting with a second key and receiving the data back from the HSM for re-saving to the database at the same or a different location, wherein when all records have not been processed, determining whether to continue the resource limit has been exceeded.

Reasons for Allowance
11.	Claims 1-20 including all of the limitations of the base claim and any intervening claims are allowed.

Closest Prior Art:
U.S. Publication No. 20200134199 discloses on paragraph 0052 “In some embodiments, the encryption/decryption engine 210 may comprise a hardware security module (HSM), capable of that safeguarding and managing digital keys for strong authentication and cryptoprocessing. A hardware security module may be a physical computing device configured to safeguard and manage digital keys for strong authentication. The hardware security module may also be configured to provide cryptoprocessing.” paragraph 0085 “At 514, the decrypted set of source data may be provided in a response to the submitted query at 514. In some embodiments, the decrypted set of source data may be provided to a user that submitted the query. In some embodiments, the decrypted set of source data may be provided to the database system so that further action may be taken with regard to the information in the decrypted set of source data. For example, the decrypted set of source data may be utilized in an update process as described with respect to FIG. 6 below.” Para 0090 “At block 602, a user may identify one or more rows in the source table relevant to a piece of data to be updated. In accordance with at least some embodiments, process 600 may identify one or more rows to be updated via the process described with respect to FIG. 5 by first querying a searchable table to identify encrypted Para 0092 “At block 606, once the appropriate row for which the data to be updated is identified, the new data may be encrypted using an encryption algorithm/encryption key appropriate for that row and column. In some embodiments, the new data may be provided to an encryption engine to be encrypted. The encryption engine may be an example encryption/decryption engine 210 of FIG. 2.” 

U.S. Publication No. 20140281512 discloses on paragraph 0004 “Briefly, various aspects of the subject matter described herein are directed towards secure query processing over encrypted data without disclosing information, except for permitted information. In one aspect, a client machine specifies in a security model which information is permitted and which is not permitted to be disclosed during query processing. The client machine establishes the security model with an untrusted component and a trusted component of a secure query processing system. In one aspect, a driver running on the client machine translates the set of queries into secure query plans that follow the secure model. The driver generates the secure query plans, including by replacing insecure operators with secure operators that are implemented by the trusted component of the secure query processing system.”

U.S. Patent No. 10841286 discloses on Col. 11 Line 43 – Col. 12 Line 6 “As shown in FIG. 1, in accordance with one of the embodiments of the present 

U.S. Publication No. 20150143112 discloses on paragraph 0041 “The server memory 152 stores an encrypted search table 154, a set of encrypted files 156, and a copy of the file counter hash table 116 that is also stored in the memory 112 of the client 104. The encrypted search table is a two-dimensional table with one dimension corresponding to individual search terms in the encrypted files and another dimension including entries that correspond to individual files in encrypted files 156. In the illustrative embodiments described herein, each row of the table 154 includes encrypted entries for a single search term that is either present or absent from a particular file, and each column of the table 154 includes entries that correspond to different search terms that are either present or absent from a single file. Search queries for different search terms address the table 154 through numeric search indices and the server 144 cannot identify the underlying search term based on only the search index. As described in more detail below, the client 104 converts a search term to an appropriate numeric index for the table 154 using an encryption process that prevents the server 144 from identifying the contents of the search term from the search index number. The server 144 uses the search index value to select a row of encrypted search data from the table 154. The client 104 also generates a two single use cryptographic keys that the server 144 uses to decrypt the contents of the selected row of the table 154 and re-encrypt the contents of the selected row after identifying files that include the search term associated with the row.”
U.S. Publication No. 20070074047 discloses on paragraph 0009 “According to certain embodiments, the mechanism that is used for automatically re-encrypting data in the target database includes the following functionality: 1) allow a user to select one or more previously encrypted columns for re-encryption, 2) allow the user to specify a new initialization vector at the column level for columns selected by the user for re-encryption, 3) allow the user to request for the generation of a new initialization vector at the row level for each row selected by the user for re-encryption, 4) allow the user to specify a new encryption key for use in the re-encryption of the column or row data selected by the user, 5) allow the user to specify a batch size for the re-encryption of the data selected by the user, 6) execute the re-encryption as specified by the user, 7) log the history of the encryption key usage to assist in data decryption of back-up data of the relational database at a later time, if so desired, and 8) allow the user to specify a different encryption mode, if desired.”

U.S. Publication No. 20180309735 discloses on paragraph 0161 “ According to various embodiments, the P2PE Management System 500 includes only one Master Read-Only Database 230, MQTT Queues 231, and Read/Write Database 232, regardless of the number of Authentication Web Servers 224, Read-Only Databases 228, Decryption Web Servers 234, and HSMs 238. According to various embodiments, to process up to about 6,400 payloads per second, the P2PE Management System 500 includes four Decryption Web Servers 234, four HSMs 238, six Authentication Web Servers 224, six Read-Only Databases 228, one Master Read-Only Database 230, one MQTT Queues 231, and one Read/Write Database 232. According to various embodiments, to process up to about 12,800 payloads per second, the P2PE Management System 500 includes eight Decryption Web Servers 234, eight HSMs 238, twelve Authentication Web Servers 224, twelve Read-Only Databases 228, one Master Read-Only Database 230, one MQTT Queues 231, and one Read/Write Database 232.”

 	The following is an Examiner’s Statement of Reasons for Allowance: 
 	Claims 1-20 are allowable over prior art references taken individually or in combination fails to particularly disclose, fairly suggests or render obvious are argued by the applicant which examiner considers persuasive as set forth above
 	Although the prior art discloses a configuration file and tool reads the configuration file to determine a source location of elements to read from the database, an action to take on the elements of the database, no one or two references anticipates or obviously suggest, the configuration file is generated by hand or generated via a user interface uses a rule base or decision tree to prompt a user through the various choices to be made about a database. A queue table that holds the location of a hardware security module (HSM) when one is used for encryption, decryption or hashing, wherein the tool reads the configuration file to determine a source location of elements to read from the database, an action to take on the elements of the database, wherein the tool operates at or below the resource limit, wherein the tool then operates to read a record from the database, perform the action, store an updated record, and update the queue table with an indication of the action performed, the tool operates to selecting data from a column, sending the data to a HSM for decrypting with a first key, re-encrypting with a second key and receiving the data back from the HSM for re-saving to the database at the same or a different location, wherein when all records have not been processed, determining whether to continue the resource limit has been exceeded.

 Any comments considered necessary by applicant must be submitted no later 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GARY S GRACIA/           Primary Examiner, Art Unit 2491