Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
DETAILED ACTION
This Office Action is in response to the application 15/485,061 filed on 04/11/2017. Independent claims 1, 8 and 15 have been amended; claims 7, 14 and 23 have been canceled. Claims 1, 3-6, 8-10, 12, 14-15, 17-22, and 24 have been examined and are pending. 
Authorization for this Examiner’s Amendment was made via email with the Applicant’s representative, Travis H. Dubose (Reg. No.: 74,629). Mr. Dubose has agreed and authorized the Examiner to amend claims 1, 8 and 15, and cancel claims 7, 14 and 23.  
Examiner’s Amendments
Claims
Replacing claims 1-24 as follows:
	1.	(currently amended)   A system for transmitting an encrypted character string stored in a database from a provider environment to a customer environment, the system comprising:
a server device operating in the provider environment, the server device including a memory and a processor, wherein the memory includes instructions executable by the processor to:
receive a clear text character string in the provider environment;
encrypt the received clear text character string in the provider environment using a provider public key associated with the provider environment to generate an encrypted character string;

responsive to a request from the customer environment for the encrypted character string, retrieve the encrypted character string from the database of the provider environment;
decrypt the encrypted character string in the provider environment using a provider private key to generate a decrypted character string;
determine if the encrypted character string is to be transmitted to the customer environment using a transport encryption configured between the customer environment and the provider environment;
in response to [[a]] the determination that the encrypted character string is to be transmitted to the customer environment using the transport encryption, re-encrypt the decrypted character string using a transport encryption key and transmit the re-encrypted character string to the customer environment; and
in response to [[a]] the determination that the encrypted character string is not to be transmitted using the transport encryption: 
request a customer public key;
receive the customer public key from the customer environment;
encrypt the decrypted character string in the provider environment using the received customer public key associated with the customer environment to generate the re-encrypted character string and store the re-encrypted character string in a staging table of the database, wherein the staging table is external from the database, and wherein the provider environment sends a pull request to the staging table in response to the request to transmit the encrypted character string to the customer environment; 
store an encryption marker associated with the re-encrypted character string stored in the staging table, wherein the encryption marker indicates that the re-encrypted character string is an encrypted value; and
transmit the re-encrypted character string from the staging table in the provider environment to the customer environment.

2. 	(canceled) 

3.	(previously presented)   The system of claim 1, wherein the customer environment stores a customer private key, and wherein the customer private key is inaccessible by the server device in the provider environment.

4.	(previously presented)   The system of claim 1, wherein the received clear text character string is encrypted with the transport encryption key before being encrypted by the provider public key.

5.	(previously presented)   The system of claim 1, wherein the memory further includes instructions executable by the processor to:
generate a history record that includes the re-encrypted character string and does not include the decrypted character string. 

6.	(previously presented)   The system of claim 1, wherein the memory further includes instructions executable by the processor to:
store, on the server device, the customer public key received from the customer environment.

7.	(canceled)

8.	(currently amended)   A method for transmitting an encrypted character string stored in a database from a provider environment to a customer environment, the method comprising:
receiving a clear text character string in the provider environment;
encrypting the received clear text character string in the provider environment using a provider public key associated with the provider environment to generate an encrypted character string;
storing the encrypted character string in the database of the provider environment;
retrieving the encrypted character string in response to a request from the customer environment for the encrypted character string;
decrypting the encrypted character string in the provider environment using a provider private key to generate a decrypted character string;
determining if the encrypted character string is to be transmitted to the customer environment using a transport encryption configured between the customer environment and the provider environment;
in response to [[a]] the determination that the encrypted character string is to be transmitted to the customer environment using the transport encryption, re-encrypting the decrypted character string using a transport encryption key and transmitting the re-encrypted character string to the customer environment; and
in response to [[a]] the determination that the encrypted character string is not to be transmitted using the transport encryption: 
requesting a customer public key;
receiving the customer public key from the customer environment;
encrypting the decrypted character string in the provider environment using the received customer public key associated with the customer environment to generate the re-encrypted character string and store the re-encrypted character string in a staging table of the database, wherein the staging table is external from the database, and wherein the provider environment sends a pull request to the staging table in response to the request to transmit the encrypted character string to the customer environment;
storing an encryption marker associated with the re-encrypted character string stored in the staging table, wherein the encryption marker indicates that the re-encrypted character string is an encrypted value; and
in response to the request received by the provider environment, transmitting the re-encrypted character string from the staging table in the provider environment to the customer environment.

9.	(previously presented)   The method of claim 8, wherein the request is transmitted by software in the customer environment.

10.	(previously presented)   The method of claim 9, further comprising:
generating a history record that includes the re-encrypted character string and does not include the decrypted character string. 

11.	(canceled)   

12.	(previously presented)   The method of claim 8, wherein the received clear text character string is encrypted with the transport encryption key before being encrypted by the provider public key. 

13.	(canceled)

14.	(canceled)   

15.	(currently amended)   A non-transitory computer-readable storage medium for transmitting an encrypted character string stored in a database of a provider environment to a software in a customer environment, wherein the non-transitory computer-readable storage medium includes executable instructions that, when executed by a processor, facilitate performance of operations, comprising:
receiving a request from the customer environment to transmit the encrypted character string that is encrypted in the provider environment using a provider public key;
receiving a customer public key to the provider environment from the customer environment;
decrypting the encrypted character string in the provider environment using a provider private key to generate a decrypted character string;
determining if the encrypted character string is to be transmitted to the customer environment using a transport encryption configured between the customer environment and the provider environment;
in response to [[a]] the determination that the encrypted character string is to be transmitted to the customer environment using the transport encryption, re-encrypting the decrypted character string using a transport encryption key and transmitting the re-encrypted character string to the customer environment; and
in response to [[a]] the determination that the encrypted character string is not to be transmitted using the transport encryption, requesting a customer public key:
receiving the customer public key from the customer environment;
encrypting the decrypted character string in the provider environment using the received customer public key to generate the re-encrypted character string and store the re-encrypted character string in a staging table of the database, wherein the staging table is external from the database, and wherein the provider environment sends a pull request to the staging table in response to the request to transmit the encrypted character string to the customer environment; 
storing an encryption marker associated with the re-encrypted character string stored in the staging table, wherein the encryption marker indicates that the re-encrypted character string is an encrypted value; and
transmitting the re-encrypted character string from the staging table in the provider environment to the software in the customer environment.

16.	(canceled) 

17.	(previously presented)   The non-transitory computer-readable storage medium of claim 15, wherein the customer environment stores a customer private key, wherein the customer private key is used for decryption and is accessible by the software.

18.	(previously presented)   The non-transitory computer-readable storage medium of claim 15, wherein the operations further comprise:
generating a history record that includes the re-encrypted character string and does not include the decrypted character string. 

19.	(previously presented)   The non-transitory computer-readable storage medium of claim 15, wherein the operations further comprise: 
in response to receiving clear text sensitive information in the provider environment, encrypting the received clear text sensitive information in the provider environment using the provider public key to provide the encrypted character string; and
storing the encrypted character string in the staging table of the provider environment.

20.	(previously presented)   The non-transitory computer-readable storage medium of claim 15, wherein the operations further comprise:
storing the re-encrypted character string in a database of the provider environment; and
receiving the request for the re-encrypted character string from the software for sensitive information in the database.

21.	(previously presented) The non-transitory computer-readable storage medium of claim 15, wherein the staging table holds data temporarily for a predetermined time period prior to transmitting data to the software in the customer environment.  

22.	(previously presented) The non-transitory computer-readable storage medium of claim 15, wherein the staging table stores the encrypted character string along with a corresponding encryption marker indicating the values preceding, succeeding, or a combination thereof, are encrypted values.  

23.	(canceled)

24.	(previously presented)	 The non-transitory computer-readable storage medium of claim 15, wherein the decrypted character string that is re-encrypted using the transport encryption key is not stored in the staging table in response to transmitting the re-encrypted character string using the transport encryption.  

Examiner’s Statement of Reasons for Allowance
Claims 1, 3-6, 8-10, 12, 15, 17-22, and 24 are allowed. 
The following is an examiner’s statement of reasons for allowance. 
The invention is directed to secure methods and systems for transmitting encrypted record values stored in a database from a provider environment to a customer environment. The system includes a server device operating in the provider environment. The server device includes a memory and a processor. The memory includes instructions executable by the processor to encrypt a received value using a first encryption mechanism associated with the provider environment to provide an encrypted record value, and store the encrypted record value in the database. The memory also includes instructions executable by the processor to, responsive to a request for the encrypted record value, decrypt the encrypted record value using the first encryption mechanism to provide a decrypted record value, and encrypt the decrypted record value using a second public key of a second encryption mechanism to provide a re-encrypted record value. A second private key of the second encryption mechanism is stored in the customer environment and is inaccessible by the server device. The memory further includes instructions executable by the processor to store the re-encrypted record value in a staging database, and transmit the re-encrypted record value from the staging database to an agent software in the customer environment.
In an implementation, a method is provided for transmitting encrypted record values stored in a database from a provider environment to a customer environment. The method includes encrypting a received value using a first encryption mechanism associated with the provider environment to provide an encrypted record value, storing the encrypted record value in the database, decrypting the encrypted record value using the first encryption mechanism to provide a decrypted record value, and encrypting the decrypted record value using a second public key of a second encryption mechanism associated with the customer environment, to provide a re-encrypted record value. A second private key of the second encryption mechanism is inaccessible by the provider environment. The method further includes storing the re-encrypted record value in a staging database, and in response to a request received by the provider environment, transmitting the re-encrypted record value from the staging database to an agent software in the customer environment.
In an implementation, a non-transitory computer-readable storage medium is provided for transmitting an encrypted record value stored in a database to an agent software. The non-transitory computer-readable storage medium includes executable instructions that, when executed by a processor, facilitate performance of operations. The operations include receiving a request to transmit to the agent software the encrypted record value that is encrypted using a first encryption mechanism, decrypting the encrypted record value using the first encryption mechanism to provide a decrypted record value, encrypting the decrypted record value to provide a re-encrypted record value using a second encryption mechanism, and transmitting the re-encrypted record value to the agent software.
The closest prior art are Sinor (“Sinor,” US 9369443), Fahey et al. (“Fahey,” US 20150156174), Nelke et al. (“Nelke,” US 20150254474) are also generally directed to various aspects of encrypting information and secure transmission of files and documents. 
However, none of Sinor, Fahey, and Nelke, alone or in combination, the particular combination of steps or elements as recited in the independent claim 1. For example, these references fails to teach all limitations recited in claim 1 as a whole, especially “A system for transmitting an encrypted character string stored in a database from a provider environment to a customer environment, the system comprising: a server device operating in the provider environment, the server device including a memory and a processor, wherein the memory includes instructions executable by the processor to: receive a clear text character string in the provider environment; encrypt the received clear text character string in the provider environment using a provider public key associated with the provider environment to generate an encrypted character string; store the encrypted character string in the database of the provider environment; responsive to a request from the customer environment for the encrypted character string, retrieve the encrypted character string from the database of the provider environment; decrypt the encrypted character string in the provider environment using a provider private key to generate a decrypted character string; determine if the encrypted character string is to be transmitted to the customer environment using a transport encryption configured between the customer environment and the provider environment; in response to the determination that the encrypted character string is to be transmitted to the customer environment using the transport encryption, re-encrypt the decrypted character string using a transport encryption key and transmit the re-encrypted character string to the customer environment; and in response to the determination that the encrypted character string is not to be transmitted using the transport encryption: request a customer public key; receive the customer public key from the customer environment; encrypt the decrypted character string in the provider environment using the received customer public key associated with the customer environment to generate the re-encrypted character string and store the re-encrypted character string in a staging table of the database, wherein the staging table is external from the database, and wherein the provider environment sends a pull request to the staging table in response to the request to transmit the encrypted character string to the customer environment; store an encryption marker associated with the re-encrypted character string stored in the staging table, wherein the encryption marker indicates that the re-encrypted character string is an encrypted value; and transmit the re-encrypted character string from the staging table in the provider environment to the customer environment.” 
These features in light of other features described in the independent claim 1 is allowable over the prior art of record. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to void processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.” 






Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD LONG whose telephone number is (571)272-8961.  The examiner can normally be reached on Monday to Friday, 9 AM - 6 PM EST (Alternate Fridays).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/EDWARD LONG/
Examiner, Art Unit 2439

/KARI L SCHMIDT/Primary Examiner, Art Unit 2439