DETAILED ACTION
This non-final office action is in response to claims 1-20 filed on 08/09/2021 for examination. Claims 1-20 are being examined and are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 07/29/2021 have been considered by the examiner. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 08/09/2021 has been entered.

Response to Amendment
The amendment filed August 9, 2021 has been entered. Claims 1-20 remain pending in the application. The claims have been amended. Applicant’s arguments and amendments to the claims are directed to the 35 U.S.C. 102 rejection previously set forth in the Final Office Action mailed May 10, 2021. Claims 1-2, 4, 6, 9-10, 12, 14, 17-18, and 20 have been amended and have necessitated a new ground(s) of rejection in this Office Action. Therefore, Applicants’ arguments filed on 07/08/2021 have been fully considered but are moot in view of the new ground(s) of rejection because the arguments do not apply to any of the updated reference(s) being used in the current rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 8-9, 11, 16, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shankar et al. (US8601263, Hereinafter Shankar) in view of Mutescu (US10979403, Hereinafter “Mutescu”).
Regarding claim 1, Shankar discloses a method of managing cryptographic keys in a multi- tenant cloud based system (see abstract & column 1 lines 17-56: cryptographic keys may be managed in a cloud service), the method comprising: 
receiving from a client a wrapping request for a wrapped data encryption key (DEK) (column 12, lines 41-50: interface backend 108 requests a wrapped resource encryption key from keystore 109; column 8, lines 48-53: “the group exercising administrative control of the interface backend 108 and the 109 may be different” <i.e., backend 108 may be a client of keystore 109>); 
generating a random key (column 9, lines 11-18: keystore generates a random resource encryption key); 
fetching additional authentication data (AAD) that corresponds to the client (Column 12, lines 41-50: the identifiers are received from a user/retrieved in memory and used to wrap a resource key; Column 2, lines 57-67: “The wrapped key can also include the group identifier <i.e., additional authenticated data corresponding to client> in encrypted form. <i.e., additional authentication data is encoded into the wrapped key>” wherein the group identifier is used to determine whether the user is authorized to unwrap the wrapped key; See also Shankar at column 8, lines 30-47: “The resource encryption key itself has been encrypted by the keystore 109. The encrypted key can also carry associated metadata <i.e., additional authentication data> that is cryptographically bound to the key itself.”); 
generating the wrapped DEK comprising the random key and the AAD encoded in the wrapped DEK (column 12, lines 41-50: “The keystore 109 generates and encrypts a wrapped key (214) and can provide the wrapped key to the backend 108. The wrapped key can include the resource encryption key, resource identifier, and user identifier”; Column 2, lines 57-67: “The wrapped key can also include the group identifier <i.e., additional authenticated data> in encrypted form. <i.e., additional authentication data is encoded into the wrapped key>”; See also Shankar at column 8, lines 30-47: “The resource encryption key itself has been encrypted by the keystore 109. The encrypted key can also carry associated metadata <i.e., additional authentication data> that is cryptographically bound to the key itself. Such keys are referred to as wrapped keys <i.e., metadata is encoded in the wrapped key>); and 
returning the wrapped DEK to the client (column 12, lines 41-50: “The keystore 109 generates and encrypts a wrapped key (214) and can provide the wrapped key to the backend 108.”); 
receiving a unwrapping request from the client to unwrap the wrapped DEK (Column 2, line 60 to Column 3, line 12: a request is received from the client to unwrap the resource encryption key), the unwrapping request comprising user provided AAD (Column 8, lines 30-47: “To obtain the cleartext key of a wrapped key for use (e.g., to encrypt or decrypt a data resource,) the interface backend 108 can provide the wrapped key and client authentication credentials to the keystore 109. The keystore 109 can verify, based in part on the wrapped key's metadata <i.e., the AAD>, that the provided authentication credential <i.e., provided AAD> is sufficient to authorize release of the key, and if so, can return the unwrapped key to the interface backend 108.”); and 
[[before unwrapping the DEK,]] using the encoded AAD [[in the header]] in comparison to the user provided AAD to determine whether the client is authorized to unwrap the wrapped DEK (Column 8, lines 30-47: “To obtain the cleartext key of a wrapped key for use (e.g., to encrypt or decrypt a data resource,) the interface backend 108 can provide the wrapped key and client authentication credentials to the keystore 109. The keystore 109 can verify, based in part on the wrapped key's metadata <i.e., the AAD>, that the provided authentication credential <i.e., provided AAD> is sufficient to authorize release of the key, and if so, can return the unwrapped key to the interface backend 108.”).
While Shankar teaches including a metadata comprising additional authentication data encoded in the wrapped DEK and confirming the metadata additional authentication data matches the provided additional authentication data before granting access to the DEK (see, e.g., Shankar at column 2, line 60-column 3, line 12; and column 8, lines 30-47), Shankar appears to fail to specifically disclose wherein the wrapped DEK comprises a header and the AAD is encoded in the header; and before unwrapping the DEK, using the encoded AAD in the header in comparison to the user provided AAD to determine whether the client is authorized to unwrap the wrapped DEK.
However, Mutescu teaches a known technique for authenticating AAD when protecting sensitive data such as credentials (in lieu of specifically a data encryption key DEK) by comparing provided AAD Mutescu at column 8, lines 18-37). The technique is applicable to the system of Shankar because they both share similar characteristics and capabilities, namely, they are both directed to authenticating AAD to provide access to sensitive information (see, e.g., Mutescu at column 5 lines 51-67 and Shankar at column 3, lines 52-61).
	Particularly, Mutescu teaches a similar system for protecting a data object using additional authentication data AAD (see, e.g., Figs. 4 and 8), wherein the wrapped <<credential>> comprises a header and the AAD is encoded in the header (Fig. 8, column 2, lines 21-33 – AAD is encoded in the header of a request <which contains the encrypted data object>, and must be matched with the request’s AAD before the data object can be unwrapped; see also column 11, line 41-column 12, 14 – comparing the header’s AAD); and before unwrapping the <<credential>>, using the encoded AAD in the header in comparison to the user provided AAD to determine whether the client is authorized to unwrap the wrapped <<credential>> (Fig. 8, column 2, lines 21-33 – AAD is encoded in the header of a request <which contains the encrypted data object>, and must be matched with the request’s AAD before the data object can be unwrapped; see also column 11, line 41-column 12, 14 – comparing the header’s AAD).
One of ordinary skill in the art would have recognized that applying the known technique of Mutescu (of authenticating provided AAD to determine whether to unwrap the sensitive data) to the system of Shankar would have yielded predictable results and resulted in an improved system. It would have been recognized that applying the technique of Mutescu to the system of Shankar would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references shows the ability to reduce unnecessary decryption (see, e.g., Mutescu at column 3, lines 13-24 with Shankar at column 3, lines 52-61).
Shankar with the teachings of Mutescu, wherein the wrapped DEK comprises a header and the AAD is encoded in the header; and before unwrapping the DEK, using the encoded AAD in the header in comparison to the user provided AAD to determine whether the client is authorized to unwrap the wrapped DEK, to reduce unnecessary decryption of credentials/DEKs that a user is not authorized to access (see, e.g., Mutescu at column 3, lines 13-24 and column 15, line 26-column 16, line 14 with Shankar at column 3, lines 52-61).

Regarding claim 3, the combination of Shankar and Mutescu disclose the method of claim 1, further comprising embedding tags in the wrapped DEK (Shankar at column 12, lines 41-50: the wrapped key includes additional context information of, e.g., a user identifier and resource identifier <i.e., embedded tags>; column 14, line 6-column 15, line 12: the user identifier in the context information is authenticated), the tags used for enforcing policy decisions in response to the U.S. Application No. 16/269,736request to unwrap (Shankar at Column 8, lines 30-47: “To obtain the cleartext key of a wrapped key for use (e.g., to encrypt or decrypt a data resource,) the interface backend 108 can provide the wrapped key and client authentication credentials to the keystore 109. The keystore 109 can verify, based in part on the wrapped key's metadata <i.e., the tags/AAD>, that the provided authentication credential is sufficient to authorize release of the key <i.e., based on stored permissions/policies, see column 12, lines 55-60>, and if so, can return the unwrapped key to the interface backend 108.”; see also column 7 controlling scope of permissions based on the embedded identifiers).

Regarding claim 8, the combination of Shankar and Mutescu disclose the method of claim 1, wherein the request comprises a representational state transfer (REST) application program interface (API) (Shankar at column 4, lines 50-61 – “the hosted storage service 120 can be implemented as a Web Service with a corresponding set of Web Service Application Programming Interfaces (APIs). The Web Service APIs may be implemented, for example, as a Representational State Transfer (REST)-based HTTP interface or a Simple Object Access Protocol (SOAP)-based interface”; column 4, lines 50-61 – requests are received and controlled to keystore services).  

Regarding claim 9, Shankar discloses a non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to manage cryptographic keys in a multi-tenant cloud based system (column 20, lines 11-31: system may use a processor to run instructions stored in a memory; abstract & column 1 lines 17-56: cryptographic keys may be managed in a cloud service), the managing comprising: U.S. Application No. 16/269,736 Page 3 of 10 
receiving from a client a wrapping request for a wrapped data encryption key (DEK) (column 12, lines 41-50: interface backend 108 requests a wrapped resource encryption key from keystore 109; column 8, lines 48-53: “the group exercising administrative control of the interface backend 108 and the group exercising administrative control over the keystore 109 may be different” <i.e., backend 108 may be a client of the keystore 109>); 
generating a random key (column 9, lines 11-18: keystore generates a random resource encryption key); 
fetching additional authentication data (AAD) that corresponds to the client (Column 12, lines 41-50: the identifiers are received from a user/retrieved in memory and used to wrap a resource key; Column 2, lines 57-67: “The wrapped key can also include the group identifier <i.e., additional authenticated data corresponding to client> in encrypted form. <i.e., additional authentication data is encoded into the wrapped key>” wherein the group identifier is used to determine whether the user is authorized to unwrap the wrapped key; See also Shankar at column 8, lines 30-47: “The resource 109. The encrypted key can also carry associated metadata <i.e., additional authentication data> that is cryptographically bound to the key itself.”); 
generating the wrapped DEK comprising the random key and the AAD encoded in the wrapped DEK (column 12, lines 41-50: “The keystore 109 generates and encrypts a wrapped key (214) and can provide the wrapped key to the backend 108. The wrapped key can include the resource encryption key, resource identifier, and user identifier”; Column 2, lines 57-67: “The wrapped key can also include the group identifier <i.e., additional authenticated data> in encrypted form. <i.e., additional authentication data is encoded into the wrapped key>”; See also Shankar at column 8, lines 30-47: “The resource encryption key itself has been encrypted by the keystore 109. The encrypted key can also carry associated metadata <i.e., additional authentication data> that is cryptographically bound to the key itself. Such keys are referred to as wrapped keys <i.e., metadata is encoded in the wrapped key>); and returning the wrapped DEK to the client (column 12, lines 41-50: “The keystore 109 generates and encrypts a wrapped key (214) and can provide the wrapped key to the backend 108.”); 
receiving a unwrapping request from the client to unwrap the wrapped DEK (Column 2, line 60 to Column 3, line 12: a request is received from the client to unwrap the resource encryption key), the unwrapping request comprising user provided AAD (Column 8, lines 30-47: “To obtain the cleartext key of a wrapped key for use (e.g., to encrypt or decrypt a data resource,) the interface backend 108 can provide the wrapped key and client authentication credentials to the keystore 109. The keystore 109 can verify, based in part on the wrapped key's metadata <i.e., the AAD>, that the provided authentication credential <i.e., provided AAD> is sufficient to authorize release of the key, and if so, can return the unwrapped key to the interface backend 108.”); and 
[[before unwrapping the DEK,]] using the encoded AAD [[in the header]] in comparison to the user provided AAD to determine whether the client is authorized to unwrap the wrapped DEK 108 can provide the wrapped key and client authentication credentials to the keystore 109. The keystore 109 can verify, based in part on the wrapped key's metadata <i.e., the AAD>, that the provided authentication credential <i.e., provided AAD> is sufficient to authorize release of the key, and if so, can return the unwrapped key to the interface backend 108.”).  
While Shankar teaches including a metadata encoded in the wrapped DEK comprising additional authentication data and confirming the metadata additional authentication data matches the provided additional authentication data before granting access to the DEK (see, e.g., Shankar at column 2, line 60-column 3, line 12; and column 8, lines 30-47), Shankar appears to fail to specifically disclose wherein the wrapped DEK comprises a header and the AAD is encoded in the header; and before unwrapping the DEK, using the encoded AAD in the header in comparison to the user provided AAD to determine whether the client is authorized to unwrap the wrapped DEK.
However, Mutescu teaches a known technique for authenticating AAD when protecting sensitive data such as credentials (in lieu of specifically a data encryption key DEK) by comparing provided AAD against the AAD in a header of the protected data before decryption of the sensitive data (see, e.g., Mutescu at column 8, lines 18-37). The technique is applicable to the system of Shankar because they both share similar characteristics and capabilities, namely, they are both directed to authenticating AAD to provide access to sensitive information (see, e.g., Mutescu at column 5 lines 51-67 and Shankar at column 3, lines 52-61).
	Particularly, Mutescu teaches a similar system for protecting a data object using additional authentication data AAD (see, e.g., Figs. 4 and 8), wherein the wrapped <<credential>> comprises a header and the AAD is encoded in the header (Fig. 8, column 2, lines 21-33 – AAD is encoded in the header of a request <which contains the encrypted data object>, and must be matched with the ; and before unwrapping the <<credential>>, using the encoded AAD in the header in comparison to the user provided AAD to determine whether the client is authorized to unwrap the wrapped <<credential>> (Fig. 8, column 2, lines 21-33 – AAD is encoded in the header of a request <which contains the encrypted data object>, and must be matched with the request’s AAD before the data object can be unwrapped; see also column 11, line 41-column 12, 14 – comparing the header’s AAD).
One of ordinary skill in the art would have recognized that applying the known technique of Mutescu (of authenticating provided AAD to determine whether to unwrap the sensitive data) to the system of Shankar would have yielded predictable results and resulted in an improved system. It would have been recognized that applying the technique of Mutescu to the system of Shankar  would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references shows the ability to reduce unnecessary decryption of credentials/DEKs that a user is not authorized to access (see, e.g., Mutescu at column 3, lines 13-24 with Shankar at column 3, lines 52-61).
	In view of the foregoing, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the protected credential (i.e., the DEK) of Shankar with the teachings of Mutescu, wherein the wrapped DEK comprises a header and the AAD is encoded in the header; and before unwrapping the DEK, using the encoded AAD in the header in comparison to the user provided AAD to determine whether the client is authorized to unwrap the wrapped DEK, to reduce unnecessary decryption of credentials/DEKs that a user is not authorized to access (see, e.g., Mutescu at column 3, lines 13-24 and column 15, line 26-column 16, line 14 with Shankar at column 3, lines 52-61).
	
Regarding claim 11, the combination of Shankar and Mutescu disclose the computer readable medium of claim 9, further comprising embedding tags in the wrapped DEK (Shankar at column 12, lines 41-50: the wrapped key includes additional context information of, e.g., a user identifier and resource identifier <i.e., embedded tags>; column 14, line 6-column 15, line 12: the user identifier in the context information is authenticated), the tags used for enforcing policy decisions in response to the request to unwrap (Shankar at Column 8, lines 30-47: “To obtain the cleartext key of a wrapped key for use (e.g., to encrypt or decrypt a data resource,) the interface backend 108 can provide the wrapped key and client authentication credentials to the keystore 109. The keystore 109 can verify, based in part on the wrapped key's metadata <i.e., the tags/AAD>, that the provided authentication credential is sufficient to authorize release of the key <i.e., based on stored permissions/policies, see column 12, lines 55-60>, and if so, can return the unwrapped key to the interface backend 108.”; see also column 7 controlling scope of permissions based on the embedded identifiers).  

Regarding claim 16, the combination of Shankar and Mutescu disclose the computer readable medium of claim 9, wherein the request comprises a representational state transfer (REST) application program interface (API) (Shankar at column 4, lines 50-61 – “the hosted storage service 120 can be implemented as a Web Service with a corresponding set of Web Service Application Programming Interfaces (APIs). The Web Service APIs may be implemented, for example, as a Representational State Transfer (REST)-based HTTP interface or a Simple Object Access Protocol (SOAP)-based interface”; column 4, lines 50-61 – requests are received and controlled to keystore services).  

Regarding claim 17, Shankar discloses a multi-tenant cloud based key management system (see abstract & column 1 lines 17-56: cryptographic keys may be managed in a cloud service) comprising: 
a mid-tier comprising one or more microservices (see, e.g., fig. 1A & column 4, lines 50-60: frontend backend interfaces 106 and 108 providing REST services and operating encryption/decryption <i.e., microservices>); and a data tier coupled to the mid-tier and comprising one or more databases and one or more hardware security modules (see, e.g., fig. 1A & column 4, lines 50-60 storage backend 110  storing data and keystore 109 performing security functions coupled with backend interface 108); the one or more microservices: 
receiving from a client a wrapping request for a wrapped data encryption key (DEK) (column 12, lines 41-50: interface backend 108 requests a wrapped resource encryption key from keystore 109; column 8, lines 48-53: “the group exercising administrative control of the interface backend 108 and the group exercising administrative control over the keystore 109 may be different” <i.e., backend 108 may be a client of the keystore 109>; see also column 1, lines 31-56 receiving application request); 
generating a random key (column 9, lines 11-18: keystore generates a random resource encryption key); 
fetching additional authentication data (AAD) that corresponds to the client (Column 12, lines 41-50: the identifiers are received from a user/retrieved in memory and used to wrap a resource key; Column 2, lines 57-67: “The wrapped key can also include the group identifier <i.e., additional authenticated data corresponding to client> in encrypted form. <i.e., additional authentication data is encoded into the wrapped key>” wherein the group identifier is used to determine whether the user is authorized to unwrap the wrapped key; See also Shankar at column 8, lines 30-47: “The resource encryption key itself has been encrypted by the keystore 109. The encrypted key can also carry associated metadata <i.e., additional authentication data> that is cryptographically bound to the key itself.”); 
generating the wrapped DEK comprising the random key and the AAD encoded in the wrapped DEK (column 12, lines 41-50: “The keystore 109 generates and encrypts a wrapped key (214) 108. The wrapped key can include the resource encryption key, resource identifier, and user identifier”; Column 2, lines 57-67: “The wrapped key can also include the group identifier <i.e., additional authenticated data> in encrypted form. <i.e., additional authentication data is encoded into the wrapped key>”; See also Shankar at column 8, lines 30-47: “The resource encryption key itself has been encrypted by the keystore 109. The encrypted key can also carry associated metadata <i.e., additional authentication data> that is cryptographically bound to the key itself. Such keys are referred to as wrapped keys <i.e., metadata is encoded in the wrapped key>); and 
returning the wrapped DEK to the client (column 12, lines 41-50: “The keystore 109 generates and encrypts a wrapped key (214) and can provide the wrapped key to the backend 108.”); 
receiving a unwrapping request from the client to unwrap the wrapped DEK (Column 2, line 60 to Column 3, line 12: a request is received from the client to unwrap the resource encryption key), the unwrapping request comprising user provided AAD (Column 8, lines 30-47: “To obtain the cleartext key of a wrapped key for use (e.g., to encrypt or decrypt a data resource,) the interface backend 108 can provide the wrapped key and client authentication credentials to the keystore 109. The keystore 109 can verify, based in part on the wrapped key's metadata <i.e., the AAD>, that the provided authentication credential <i.e., provided AAD> is sufficient to authorize release of the key, and if so, can return the unwrapped key to the interface backend 108.”); and 
[[before unwrapping the DEK,]] using the encoded AAD [[in the header]] in comparison to the user provided AAD to determine whether the client is authorized to unwrap the wrapped DEK (Column 8, lines 30-47: “To obtain the cleartext key of a wrapped key for use (e.g., to encrypt or decrypt a data resource,) the interface backend 108 can provide the wrapped key and client authentication credentials to the keystore 109. The keystore 109 can verify, based in part on the wrapped key's metadata <i.e., the AAD>, that the provided authentication credential <i.e., provided AAD> is sufficient 108.”).  
While Shankar teaches including a metadata encoded in the wrapped DEK comprising additional authentication data and confirming the metadata additional authentication data matches the provided additional authentication data before granting access to the DEK (see, e.g., Shankar at column 2, line 60-column 3, line 12; and column 8, lines 30-47), Shankar appears to fail to specifically disclose wherein the wrapped DEK comprises a header and the AAD is encoded in the header; and before unwrapping the DEK, using the encoded AAD in the header in comparison to the user provided AAD to determine whether the client is authorized to unwrap the wrapped DEK.
However, Mutescu teaches a known technique for authenticating AAD when protecting sensitive data such as credentials (in lieu of specifically a data encryption key DEK) by comparing provided AAD against the AAD in a header of the protected data before decryption of the sensitive data (see, e.g., Mutescu at column 8, lines 18-37). The technique is applicable to the system of Shankar because they both share similar characteristics and capabilities, namely, they are both directed to authenticating AAD to provide access to sensitive information (see, e.g., Mutescu at column 5 lines 51-67 and Shankar at column 3, lines 52-61).
	Particularly, Mutescu teaches a similar system for protecting a data object using additional authentication data AAD (see, e.g., Figs. 4 and 8), wherein the wrapped <<credential>> comprises a header and the AAD is encoded in the header (Fig. 8, column 2, lines 21-33 – AAD is encoded in the header of a request <which contains the encrypted data object>, and must be matched with the request’s AAD before the data object can be unwrapped; see also column 11, line 41-column 12, 14 – comparing the header’s AAD); and before unwrapping the <<credential>>, using the encoded AAD in the header in comparison to the user provided AAD to determine whether the client is authorized to unwrap the wrapped <<credential>> (Fig. 8, column 2, lines 21-33 – AAD is encoded in the header of a .
One of ordinary skill in the art would have recognized that applying the known technique of Mutescu (of authenticating provided AAD to determine whether to unwrap the sensitive data) to the system of Shankar would have yielded predictable results and resulted in an improved system. It would have been recognized that applying the technique of Mutescu to the system of Shankar  would have yielded predictable results because the level of ordinary skill in the art demonstrated by the references shows the ability to reduce unnecessary decryption of credentials/DEKs that a user is not authorized to access (see, e.g., Mutescu at column 3, lines 13-24 with Shankar at column 3, lines 52-61).
	In view of the foregoing, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the protected credential (i.e., the DEK) of Shankar with the teachings of Mutescu, wherein the wrapped DEK comprises a header and the AAD is encoded in the header; and before unwrapping the DEK, using the encoded AAD in the header in comparison to the user provided AAD to determine whether the client is authorized to unwrap the wrapped DEK, to reduce unnecessary decryption of credentials/DEKs that a user is not authorized to access (see, e.g., Mutescu at column 3, lines 13-24 and column 15, line 26-column 16, line 14 with Shankar at column 3, lines 52-61).

Claim(s) 2, 4, 6, 10, 12, 14, 18, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shankar in view of Mutescu, further in view of Roth (US20190229899, Hereinafter “Roth”).
Regarding claim 2, the combination of Shankar and Mutescu teach the method of claim 1. The combination of Shankar and Mutescu appear to fail to disclose wherein the AAD comprises at least one of a location of the client, a region of the client or a tenant of the client. 
Roth discloses a key management system using encryption contexts to decrypt keys (see abstract, [0021]), wherein the encoded AAD comprises at least one of a location of the client, a region of the client or a tenant of the client ([0032], e.g., “the client may make available to the cryptography service 212, as part of the encryption context, characteristics of the client that includes or precludes the use of an encryption configuration to fulfill the request. For example, a client may provide information on its physical geography (e.g., global positioning system (GPS) coordinates, a country identifier and/or other information that indicates a geographic location)”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the encryption context indicators of Shankar and Mutescu with the teachings of Roth, wherein the AAD comprises at least one of a location of the client, a region of the client or a tenant of the client, so that additional restrictions may be imposed on encryption configurations in compliance with local government regulations and/or exporting of cryptography regulations (see, e.g., Roth at [0032]).

Regarding claim 4, the combination of Shankar and Mutescu disclose the method of claim 1. The combination of Shanker and Mutescu appear to fail to specifically disclose wherein the user provided AAD comprises at least one of a location from which the client is making the unwrapping request or a tenancy of the client.
However, Roth discloses a key management system using encryption contexts to decrypt keys (see abstract, [0021]), wherein the user provided AAD comprises at least one of a location from which the client is making the unwrapping request or a tenancy of the client ([0032] – “the client may make available to the cryptography service 212, as part of the encryption context, characteristics of the client that includes or precludes the use of an encryption configuration to fulfill the request. For example, a .
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the encryption context indicators of Shankar and Mutescu with the teachings of Roth, wherein the AAD comprises at least one of a location of the client, a region of the client or a tenant of the client, so that additional restrictions may be imposed on encryption configurations in compliance with local government regulations and/or exporting of cryptography regulations (see, e.g., Roth at [0032]).

Regarding claim 6, the combination of Shankar and Mutescu disclose the method of claim 1, further comprising: 
receiving the request to unwrap the wrapped DEK (Shankar at column 10, lines 17-27: a request is received to unwrap the wrapped key); 
parsing the wrapped DEK (Shankar at column 13, lines 1-7: the keystore unwraps the key and looks through the authentication credentials to match the unwrapped key’s user identifiers; column 8, lines 30-47: metadata of the wrapped key may be used to verify release the key);
validating the encoded AAD (Shankar at column 13, lines 1-7: the keystore unwraps the key and looks through the authentication credentials to match the unwrapped key’s user identifiers; see also column 11, lines 1-6 validating the user identifier <i.e., AAD> of the wrapped key; column 8, lines 30-47: metadata of a wrapped key used to verify release the key); and 
returning an unwrapped DEK (Shankar at column 8, lines 30-58: an unwrapped key is returned for use to decrypt a data resource; column 11, lines 1-6 similarly sends key in unencrypted form to backend 108 from keystore 109).  
Shankar and Mutescu disclose locating and using a master key to decrypt the encryption key (see, e.g., column 14, lines 21-46; column 10, lines 46-53), the combination of Shankar and Mutescu appear to fail to specifically disclose validating a master encryption key (MEK) presence in a hardware security module (HSM).
	However, Roth discloses using a system for requesting a key to be unwrapped (see, e.g., Roth at [0023-0027]), comprising validating a master encryption key (MEK) presence in a hardware security module (HSM) ([0027] – “the encryption service 110 may be a software and/or hardware component that is capable of accessing a cryptographic key usable to perform cryptographic operations such as encryption and decryption. In some embodiments, the encryption service may comprise a hardware security module (HSM)”, see also [0031-0035] – encryption context is used to determine whether to permit the encryption operation to be performed using a HSM cryptography service’s managed key <i.e., master encryption key>).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the master key of the combination of Shankar and Mutescu with the teachings of Roth, comprising validating a master encryption key (MEK) presence in a hardware security module (HSM), to securely locate and provide the key to decrypt the wrapped key using a cryptography service separate from the client systems (see, e.g., Roth at [0020], [0027], [0035]).

Regarding claim 10, the combination of Shankar and Mutescu teach the computer readable medium of claim 9. The combination of Shankar and Mutescu appear to fail to disclose wherein the AAD comprises at least one of a location of the client, a region of the client or a tenant of the client. 
However, Roth discloses a key management system using encryption contexts to decrypt keys (see abstract, [0021]), wherein the encoded AAD comprises at least one of a location of the client, a region of the client or a tenant of the client ([0032], e.g., “the client may make available to the 212, as part of the encryption context, characteristics of the client that includes or precludes the use of an encryption configuration to fulfill the request. For example, a client may provide information on its physical geography (e.g., global positioning system (GPS) coordinates, a country identifier and/or other information that indicates a geographic location)”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the encryption context indicators of Shankar and Mutescu with the teachings of Roth, wherein the AAD comprises at least one of a location of the client, a region of the client or a tenant of the client, so that additional restrictions may be imposed on encryption configurations in compliance with local government regulations and/or exporting of cryptography regulations (see, e.g., Roth at [0032]).

Regarding claim 12, the combination of Shankar and Mutescu disclose the computer readable medium of claim 9. The combination of Shanker and Mutescu appear to fail to specifically disclose wherein the user provided AAD comprises at least one of a location from which the client is making the unwrapping request or a tenancy of the client.
However, Roth discloses a key management system using encryption contexts to decrypt keys (see abstract, [0021]), wherein the user provided AAD comprises at least one of a location from which the client is making the unwrapping request or a tenancy of the client ([0032] – “the client may make available to the cryptography service 212, as part of the encryption context, characteristics of the client that includes or precludes the use of an encryption configuration to fulfill the request. For example, a client may provide information on its physical geography (e.g., global positioning system (GPS) coordinates, a country identifier and/or other information that indicates a geographic location)”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the encryption context indicators of Shankar and Mutescu with the Roth, wherein the AAD comprises at least one of a location of the client, a region of the client or a tenant of the client, so that additional restrictions may be imposed on encryption configurations in compliance with local government regulations and/or exporting of cryptography regulations (see, e.g., Roth at [0032]).

Regarding claim 14, the combination of Shankar and Mutescu disclose the computer readable medium of claim 9, the managing further comprising: 
receiving the request to unwrap the wrapped DEK (Shankar at column 10, lines 17-27: a request is received to unwrap the wrapped key); 
parsing the wrapped DEK (Shankar at column 13, lines 1-7: the keystore unwraps the key and looks through the authentication credentials to match the unwrapped key’s user identifiers; column 8, lines 30-47: metadata of the wrapped key may be used to verify release the key); 
validating the encoded AAD (Shankar at column 13, lines 1-7: the keystore unwraps the key and looks through the authentication credentials to match the unwrapped key’s user identifiers; see also column 11, lines 1-6 validating the user identifier <i.e., AAD> of the wrapped key; column 8, lines 30-47: metadata of a wrapped key used to verify release the key); and 
returning an unwrapped DEK (Shankar at column 8, lines 30-58: an unwrapped key is returned for use to decrypt a data resource; column 11, lines 1-6 similarly sends key in unencrypted form to backend 108 from keystore 109).  
While the combination of Shankar and Mutescu disclose locating and using a master key to decrypt the encryption key (see, e.g., column 14, lines 21-46; column 10, lines 46-53), the combination of Shankar and Mutescu appear to fail to specifically disclose validating a master encryption key (MEK) presence in a hardware security module (HSM).
	However, Roth discloses using a system for requesting a key to be unwrapped (see, e.g., Roth at [0023-0027]), comprising validating a master encryption key (MEK) presence in a hardware security module (HSM) ([0027] – “the encryption service 110 may be a software and/or hardware component that is capable of accessing a cryptographic key usable to perform cryptographic operations such as encryption and decryption. In some embodiments, the encryption service may comprise a hardware security module (HSM)”, see also [0031-0035] – encryption context is used to determine whether to permit the encryption operation to be performed using a HSM cryptography service’s managed key <i.e., master encryption key>).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the master key of the combination of Shankar and Mutescu with the teachings of Roth, comprising validating a master encryption key (MEK) presence in a hardware security module (HSM), to securely locate and provide the key to decrypt the wrapped key using a cryptography service separate from the client systems (see, e.g., Roth at [0020], [0027], [0035]).

Regarding claim 18, the combination of Shankar and Mutescu teach the multi-tenant cloud based key management system of claim 17. The combination of Shankar and Mutescu appear to fail to disclose wherein the AAD comprises at least one of a location of the client, a region of the client or a tenant of the client. 
However, Roth discloses a key management system using encryption contexts to decrypt keys (see abstract, [0021]), wherein the encoded AAD comprises at least one of a location of the client, a region of the client or a tenant of the client ([0032], e.g., “the client may make available to the cryptography service 212, as part of the encryption context, characteristics of the client that includes or precludes the use of an encryption configuration to fulfill the request. For example, a client may provide .
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the encryption context indicators of Shankar and Mutescu with the teachings of Roth, wherein the AAD comprises at least one of a location of the client, a region of the client or a tenant of the client, so that additional restrictions may be imposed on encryption configurations in compliance with local government regulations and/or exporting of cryptography regulations (see, e.g., Roth at [0032]).

Regarding claim 20, the combination of Shankar and Mutescu disclose the multi-tenant cloud based key management system of claim 17, the one or more microservices further: 
receiving the request to unwrap the wrapped DEK (Shankar at column 10, lines 17-27: a request is received to unwrap the wrapped key); 
parsing the wrapped DEK (Shankar at column 13, lines 1-7: the keystore unwraps the key and looks through the authentication credentials to match the unwrapped key’s user identifiers; column 8, lines 30-47: metadata of the wrapped key may be used to verify release the key); 
validating the user provided AAD (Shankar at column 13, lines 1-7: the keystore unwraps the key and looks through the authentication credentials to match the unwrapped key’s user identifiers; see also column 11, lines 1-6 validating the user identifier <i.e., AAD> of the wrapped key; column 8, lines 30-47: metadata of a wrapped key used to verify release the key); and 
returning an unwrapped DEK (Shankar at column 8, lines 30-58: an unwrapped key is returned for use to decrypt a data resource; column 11, lines 1-6 similarly sends key in unencrypted form to backend 108 from keystore 109).
Shankar and Mutescu disclose locating and using a master key to decrypt the encryption key (see, e.g., column 14, lines 21-46; column 10, lines 46-53), the combination of Shankar and Mutescu appear to fail to specifically disclose validating a master encryption key (MEK) presence in a hardware security module (HSM).
	However, Roth discloses using a system for requesting a key to be unwrapped (see, e.g., Roth at [0023-0027]), comprising validating a master encryption key (MEK) presence in a hardware security module (HSM) ([0027] – “the encryption service 110 may be a software and/or hardware component that is capable of accessing a cryptographic key usable to perform cryptographic operations such as encryption and decryption. In some embodiments, the encryption service may comprise a hardware security module (HSM)”, see also [0031-0035] – encryption context is used to determine whether to permit the encryption operation to be performed using a HSM cryptography service’s managed key <i.e., master encryption key>).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the master key of the combination of Shankar and Mutescu with the teachings of Roth, comprising validating a master encryption key (MEK) presence in a hardware security module (HSM), to securely locate and provide the key to decrypt the wrapped key using a cryptography service separate from the client systems (see, e.g., Roth at [0020], [0027], [0035]).

Claim(s) 5, 7, 13, 15, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shankar and Mutescu in view of Jones et al. (NPL: “RFC 7516 - JSON Web Encryption (JWE)”, May 2015, Hereinafter “RFC 7516”).
Regarding claim 5, the combination of Shankar and Mutescu disclose the method of claim 1. The combination of Shankar and Mutescu appear to fail to specifically disclose wherein the wrapped DEK comprises a JavaScript Object Notation (JSON) Web Encryption (JWE) structure.
RFC 7516 discloses a known method of wrapping a key and including policy enforcement information in the header (see abstract; pg. 16-17, section 5.1), particularly, wherein the wrapped DEK comprises a JavaScript Object Notation (JSON) Web Encryption (JWE) structure (see, e.g., pg. 15-17, section 5.1, steps 1-19: system wraps keys using a JWE structure to create a serialized output with authentication data that made be validated during decryption (as in pgs. 17-19 at section 5.2)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Shankar and Mutescu to perform its key wrapping in compliance with RFC 7516, wherein the wrapped DEK comprises a JavaScript Object Notation (JSON) Web Encryption (JWE) structure, to follow a standard data wrapping format for producing protected and validatable information (see, e.g., RFC 7516 at pgs. 17-19, section 5.2 and RFC 7516 at pgs. 10, section 3.3).

Regarding claim 7, the combination of Shankar and Mutescu disclose the method of claim 1. While the combination of Shankar and Mutescu disclose wrapping a key (see, e.g., Shankar at column 12, lines 41-51), the combination of Shankar and Mutescu appear to fail to specifically disclose the generating the wrapped DEK further comprising an Initialization Vector (IV) and an authentication TAG key.
However, RFC 7516 discloses a known method of wrapping a key and including policy enforcement information in the header (see abstract; pg. 16-17, section 5.1), particularly, the generating the wrapped DEK further comprising an Initialization Vector (IV) and an authentication TAG key (see, e.g., pg. 15-17, section 5.1, steps 1-19: system wraps keys using a JWE structure to, e.g., “Create the desired serialized output. The Compact Serialization of this result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Authentication Tag).” [emphasis added]; see also, e.g., section 3.3, pg. 10 wrapping using a JWE initialization vector and JWE authentication tag).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Shankar and Mutescu to perform its key wrapping in compliance with RFC 7516, the generating the wrapped DEK further comprising an Initialization Vector (IV) and an authentication TAG key, to be compliant with standard object wrapping formatting to produce a wrapped protected information for verification  (see, e.g., RFC 7516 at pgs. 17-19, section 5.2 and RFC 7516 at pgs. 10, section 3.3).

Regarding claim 13, the combination of Shankar and Mutescu disclose the computer readable medium of claim 9. The combination of Shankar and Mutescu appear to fail to specifically disclose wherein the wrapped DEK comprises a JavaScript Object Notation (JSON) Web Encryption (JWE) structure.
However, RFC 7516 discloses a known method of wrapping a key and including policy enforcement information in the header (see abstract; pg. 16-17, section 5.1), particularly, wherein the wrapped DEK comprises a JavaScript Object Notation (JSON) Web Encryption (JWE) structure (see, e.g., pg. 15-17, section 5.1, steps 1-19: system wraps keys using a JWE structure to create a serialized output with authentication data that made be validated during decryption (as in pgs. 17-19 at section 5.2)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Shankar and Mutescu to perform its key wrapping in compliance with RFC 7516, wherein the wrapped DEK comprises a JavaScript Object Notation (JSON) Web Encryption (JWE) structure, to follow a standard data wrapping format for producing protected and RFC 7516 at pgs. 17-19, section 5.2 and RFC 7516 at pgs. 10, section 3.3).

Regarding claim 15, the combination of Shankar and Mutescu disclose the computer readable medium of claim 9. While the combination of Shankar and Mutescu disclose wrapping a key (see, e.g., Shankar at column 12, lines 41-51), the combination of Shankar and Mutescu appear to fail to specifically disclose the generating the wrapped DEK further comprising an Initialization Vector (IV) and an authentication TAG key.
However, RFC 7516 discloses a known method of wrapping a key and including policy enforcement information in the header (see abstract; pg. 16-17, section 5.1), particularly, the generating the wrapped DEK further comprising an Initialization Vector (IV) and an authentication TAG key (see, e.g., pg. 15-17, section 5.1, steps 1-19: system wraps keys using a JWE structure to, e.g., “Create the desired serialized output. The Compact Serialization of this result is the string BASE64URL(UTF8(JWE Protected Header)) || '.' || BASE64URL(JWE Encrypted Key) || '.' || BASE64URL(JWE Initialization Vector) || '.' || BASE64URL(JWE Ciphertext) || '.' || BASE64URL(JWE Authentication Tag).” [emphasis added]; see also, e.g., section 3.3, pg. 10 wrapping using a JWE initialization vector and JWE authentication tag).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Shankar and Mutescu to perform its key wrapping in compliance with RFC 7516, the generating the wrapped DEK further comprising an Initialization Vector (IV) and an authentication TAG key, to be compliant with standard object wrapping formatting to produce a wrapped protected information for verification  (see, e.g., RFC 7516 at pgs. 17-19, section 5.2 and RFC 7516 at pgs. 10, section 3.3).

Regarding claim 19, the combination of Shankar and Mutescu disclose the multi-tenant cloud based key management system of claim 17. The combination of Shankar and Mutescu appear to fail to specifically disclose wherein the wrapped DEK comprises a JavaScript Object Notation (JSON) Web Encryption (JWE) structure.
However, RFC 7516 discloses a known method of wrapping a key and including policy enforcement information in the header (see abstract; pg. 16-17, section 5.1), particularly, wherein the wrapped DEK comprises a JavaScript Object Notation (JSON) Web Encryption (JWE) structure (see, e.g., pg. 15-17, section 5.1, steps 1-19: system wraps keys using a JWE structure to create a serialized output with authentication data that made be validated during decryption (as in pgs. 17-19 at section 5.2)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Shankar and Mutescu to perform its key wrapping in compliance with RFC 7516, wherein the wrapped DEK comprises a JavaScript Object Notation (JSON) Web Encryption (JWE) structure, to follow a standard data wrapping format for producing protected and validatable information (see, e.g., RFC 7516 at pgs. 17-19, section 5.2 and RFC 7516 at pgs. 10, section 3.3).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Mehr (US10623186) teaches protecting sensitive data by requiring provided AAD information to be matched with encoded AAD information in the header before decryption (see, e.g., abstract, Fig. 2, and column 14, lines 16-50). Le Saint et al. (US20160241389) discloses a method of wrapping and transmitting encryption keys to a client using JSON web encryption, additional authenticated information, and a hardware security module (see, e.g., Le Saint at [0261]-[0269]).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA RAYMOND WHITE whose telephone number is (571)272-4365. The examiner can normally be reached Monday-Thursday, & Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/J.R.W./Examiner, Art Unit 2438                                                                                                                                                                                                        /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438