DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This Office Action is in response to communication received on 10/05/2021.
Claims 1, 8 and 15 were amended.
Claims 7, 13 and 20 were canceled.
Claims 1-6, 8-12 and 14-19 are pending.

Response to Arguments
In light of applicant’s amendments most of the 35 USC § 112(b) rejection is withdrawn, however applicant did not fix part of claim 15, therefore rejection for this part is maintained.
In light of the applicant’s amendments the 35 USC § 101 rejection is withdrawn.
Applicant’s amended claims necessitated new grounds of rejection. With respect to the newly added claims that the applicant argues, they are rejected as below in view of Banks et al. (US 20080033960 A1), which was used to reject some of the claims in the prior office action but now is being used to include all the independent claims. The 35 USC § 103 rejection is maintained.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.



The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 15-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as failing to set forth the subject matter which the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the applicant regards as the invention. 
Claim 15 recites “communicate the encrypted first security key securely by encrypting it with a key derived from password” it is unclear if this “a password” as in a second password or there is a missing word. For the sake of compact prosecution the examiner will treat the limitation as reciting “communicate the encrypted first security key securely by encrypting it with a key derived from the password”.
Claim 15 recites the limitation "storing the encrypted security key in a file for consumption at the target database" which seems that it should have been “the encrypted first security key”.  There is insufficient antecedent basis for this limitation in the claim.
Claims 16-19 do not cure the deficiencies of the independent claim upon which they depend and are therefore rejected under 35 U.S.C. 112(b).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-2, 4-6, 8-9, 11-12, 14-16 and 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rungta et al. (US 10922423 B1) hereinafter referred to as Rungta in view of Waldron et al. (US 20200125754 A1) hereinafter referred to as Waldron and in view of Thomlinson et al. (US 6044155 A) hereinafter referred to as Thomlinson and further in view of Banks et al. (US 20080033960 A1) hereinafter referred to as Banks.

With respect to claim 1, Rungta discloses: A computer-implemented method comprising: receiving a transfer command with a syntax comprising, (Rungta column 15 line 47 to column 16 line 26 disclose user submitting calls including “migration services” wherein submitting a call to migration services is mapped to receiving transfer command. This is interpreted in light of applicant summary of the invention and background section of the applicant specifications document. See also Rungta column 9 lines 25-55).
a password, (Rungta column 11 lines 10-30 disclose “a client may access the computing systems of the computing resource service provider environment 100 (e.g., using the client's user account 
a filename, (Rungta column 16 lines 20-30 disclose access to resource element “Booker_ROY.png” which means implicitly that a filename is specified to be accessed).
an override function, (Rungta column 16 line 60 to column 17 line 15 disclose “deleting an access key” command, wherein the deleting is mapped to override function as will be shown in dependent claim 4).
and a keyname of an individual security key (Rungta column 19 lines 5-35 disclose encryption key identifier which could be mapped to the keyname).
Rungta does not explicitly disclose “a first security key of a key hierarchy of a source database”.
However, Waldron in an analogous art discloses: or a first security key of a key hierarchy of a source database; (Waldron [0053] discloses “The customer's data may be encrypted using a hierarchy of keys or multiple layers of encryption keys. The multiple layers, or hierarchy of encryption keys include higher level keys and lower level keys or subordinate keys. The higher level keys may be referred to as principal or master keys” wherein the second master key CX, mentioned in Waldron [0057], is mapped to a first security key).
receiving from an external key store, a second security key used to decrypt an encrypted first security key; (Waldron [0059] discloses “The key controller (18) may then perform (2014) an authentication process with the backend server (12) and may then request TPx-PUB(TPG) and receive it from the backend server (12). Next, the key controller (18) may derive (2016) TPx from Ax and use TPx to decrypt the received TPX-PUB(TPG), thereby extracting TPG … the key controller (18) requests (2020) the key-encrypted-key TPG-PUB(Cx) (35) from the backend server (12) and decrypts it using TPG to 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rungta wherein a first security key of a key hierarchy of a source database receiving from an external key store, a second security key used to decrypt the first security key as disclosed by Waldron because a hierarchy of cryptographic keys for cryptographically protecting data of the network and which hierarchy of keys are distributed between the network, the key controller and the backend server, the hierarchy of keys comprising a first master key that is associated with the administrator and a second master key that is associated with the key controller and one or more derived keys that are derived from the first and second master keys, wherein at least one of the first and second master keys are kept resident on the network and at least one of the derived keys are kept resident on the backend server, thereby inhibiting the backend server from obtaining access to plaintext data and plaintext master keys of the network (see Waldron [0012]).
Rungta does not explicitly disclose “in response to the transfer command, communicating the encrypted first security key securely by encrypting the first security key with a key derived from the password”.
However, Thomlinson in an analogous art discloses column 11 line 60 to column 12 line 5 disclose “The storage provider derives the user key from the user-supplied password and uses the user key to decrypt the master key and master authentication key” additionally Thomlinson discloses: in response to the transfer command, communicating the encrypted first security key securely by encrypting the first security key with a key derived from the password (Thomlinson concerned with securing sensitive transaction as recited in column 1 lines 15-30, additionally, Thomlinson column 6 lines 
and storing the encrypted first security key in a file for consumption at a target database receiving encrypted information loaded from the source database. (Thomlinson column 2 line 55 to column 3 line 45 disclose in the summary that “The encrypted combination is then returned to the local computer and stored there” which includes the encrypted master key wherein the local computer is understood by the examiner, according to the prior art that it receives encrypted information loaded from the server or supervisory network computer, which could be the source. See also column 11 lines 50-65 and column 12 lines 25-50).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rungta wherein in response to the transfer command, communicating the first security key securely by encrypting the first security key with a key derived from password and storing the encrypted security key in a file for consumption at a target database receiving encrypted information loaded from the source database as disclosed by Thomlinson to verify user and ensure data integrity (see Thomlinson column 4 lines 5-30).
Rungta does not explicitly disclose: “and checking a permission to access the encrypted first security key based upon a column encryption key type”.
However, Banks in an analogous art discloses: and checking a permission to access the encrypted first security key based upon a column encryption key type. (Banks [0110] discloses “key that is used to encrypt the key. This key-encrypting key is constructed from a password” wherein user has to use password to know if they have permission to access the key-encrypting key and therefore the 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rungta checking a permission to access the encrypted first security key based upon a column encryption key type as disclosed by Banks to ensure the right user has permission for decryption of keys, see Banks [0250].

With respect to claim 2, Rungta in view of Waldron, Thomlinson and Banks disclose: A method as in claim 1 wherein: the second security key is at a first level of the key hierarchy; the first security key comprises a master key at a second level of the key hierarchy lower than the first level; and the encrypted information comprises an entirety of the source database. (the applicant is not claiming the second security key as the root but rather a broader concept wherein Waldron [0059] discloses “The key controller (18) may then perform (2014) an authentication process with the backend server (12) and may then request TPx-PUB(TPG) and receive it from the backend server (12). Next, the key controller (18) may derive (2016) TPx from Ax and use TPx to decrypt the received TPX-PUB(TPG), thereby extracting TPG … the key controller (18) requests (2020) the key-encrypted-key TPG-PUB(Cx) (35) from the backend server (12) and decrypts it using TPG to extract Cx” and since TPG is used to extract CX then TPG is interpreted as first level while the master key CX is interpreted as second level. In addition Waldron [0060] “The data ( 40) may be stored in encrypted form (using the hierarchy of keys (24)) in the remote database or vault (14).” Which is interpreted that the entire source is encrypted on database 14 as illustrated in Waldron Fig. 1).

With respect to claim 4, Rungta in view of Waldron, Thomlinson and Banks disclose: A method as in claim 1 wherein the override function is referenced to delete or re-name an existing copy of the first key in the target database. (Rungta column 16 line 60 to column 17 line 15 disclose “deleting an access key” command, wherein the deleting is mapped to override function).

With respect to claim 5, Rungta in view of Waldron, Thomlinson and Banks disclose: A method as in claim 1 further comprising validating the first key by successfully decrypting at least a portion of the encrypted information. (Thomlinson column 11 line 60 to column 12 line 11 disclose “The master key is then used to decrypt an appropriate item key and corresponding item authentication key. The item authentication key is used in conjunction with the MAC to verify that the item key decrypted correctly” wherein the master key was mapped to the first key and the decryption is verified, wherein the “the at least a portion of the encrypted information” is irrelevant since this could mean all the information is decrypted).

With respect to claim 6, Rungta in view of Waldron, Thomlinson and Banks disclose: A method as in claim 1 further comprising checking a permission to access the encrypted information, based upon the password. (Waldron [0059-0060] disclose authenticating customer identity to access and encrypted data, wherein the authenticating is mapped to “checking a permission to access”).

With respect to claim 8, Rungta discloses: A non-transitory computer readable storage medium embodying a computer program for performing a method, said method comprising: receiving a transfer command with syntax comprising, (Rungta column 15 line 47 to column 16 line 26 disclose user submitting calls including “migration services” wherein submitting a call to migration services is mapped to receiving transfer command. This is interpreted in light of applicant summary of the 
a password, (Rungta column 11 lines 10-30 disclose “a client may access the computing systems of the computing resource service provider environment 100 (e.g., using the client's user account credentials) using a computing device 102 to connect to a first user interface 108 …  command consoles” which is interpreted that the user uses their username and password to perform commands wherein password is part of the credentials because according to column 16 lines 45-60 the password can be changed).
a filename, (Rungta column 16 lines 20-30 disclose access to resource element “Booker_ROY.png” which means implicitly that a filename is specified to be accessed).
an override function, (Rungta column 16 line 60 to column 17 line 15 disclose “deleting an access key” command, wherein the deleting is mapped to override function).
wherein the override function is referenced when a copy of the first security key is present in the target database. (Rungta column 16 line 60 to column 17 line 15 disclosed in the previous limitation would implicitly only work if there is an copy of a security key present to delete).
and a keyname of an individual security key (Rungta column 19 lines 5-35 disclose encryption key identifier which could be mapped to the keyname).
Rungta does not explicitly disclose “a first security key of a key hierarchy of a source database”.
However, Waldron in an analogous art discloses: or a first security key of a key hierarchy of a source database; (Waldron [0053] discloses “The customer's data may be encrypted using a hierarchy of keys or multiple layers of encryption keys. The multiple layers, or hierarchy of encryption keys include higher level keys and lower level keys or subordinate keys. The higher level keys may be referred to as principal or master keys” wherein the second master key CX, mentioned in Waldron [0057], is mapped to a first security key).
receiving from an external key store, a second security key used to decrypt an encrypted first security key; (Waldron [0059] discloses “The key controller (18) may then perform (2014) an authentication process with the backend server (12) and may then request TPx-PUB(TPG) and receive it from the backend server (12). Next, the key controller (18) may derive (2016) TPx from Ax and use TPx to decrypt the received TPX-PUB(TPG), thereby extracting TPG … the key controller (18) requests (2020) the key-encrypted-key TPG-PUB(Cx) (35) from the backend server (12) and decrypts it using TPG to extract Cx”. Which is interpreted that the key controller receives from a backend server, acting as the keystore, the TPX-PUB(TPG). The backend server, shown in Fig. 1, is mapped to the external keystore. Wherein the TPG, mapped to the second security key, is used to extract the CX, wherein the CX is a master key according to Waldron [0059]).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rungta wherein a first security key of a key hierarchy of a source database receiving from an external key store, a second security key used to decrypt the first security key as disclosed by Waldron because a hierarchy of cryptographic keys for cryptographically protecting data of the network and which hierarchy of keys are distributed between the network, the key controller and the backend server, the hierarchy of keys comprising a first master key that is associated with the administrator and a second master key that is associated with the key controller and one or more derived keys that are derived from the first and second master keys, wherein at least one of the first and second master keys are kept resident on the network and at least one of the derived keys are kept resident on the backend server, thereby inhibiting the backend server from obtaining access to plaintext data and plaintext master keys of the network (see Waldron [0012]).
Rungta does not explicitly disclose “in response to the transfer command, communicating the encrypted first security key securely by encrypting the first security key with a key derived from password”.
However, Thomlinson in an analogous art discloses column 11 line 60 to column 12 line 5 disclose “The storage provider derives the user key from the user-supplied password and uses the user key to decrypt the master key and master authentication key” additionally Thomlinson discloses: in response to the transfer command, communicating the encrypted first security key securely by encrypting the first security key with a key derived from the password (Thomlinson concerned with securing sensitive transaction as recited in column 1 lines 15-30, additionally, Thomlinson column 6 lines 25-46 disclose “A user may enter commands and information into the personal computer 20 through input devices such as keyboard 40 and pointing device 42”. Wherein based on a transaction, which implicitly includes a transfer command, Thomlinson column 11 lines 10-35 disclose, “the master key and master authentication key are encrypted using a password that is derived from user authentication or identification”).
and storing the encrypted first security key in a file for consumption at a target database receiving encrypted information loaded from the source database, (Thomlinson column 2 line 55 to column 3 line 45 disclose in the summary that “The encrypted combination is then returned to the local computer and stored there” which includes the encrypted master key wherein the local computer is understood by the examiner, according to the prior art that it receives encrypted information loaded from the server or supervisory network computer, which could be the source. See also column 11 lines 50-65 and column 12 lines 25-50).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rungta wherein in response to the transfer command, communicating the first security key securely by encrypting the first security key with a key derived from password and storing the encrypted security key in a file for consumption at a target database receiving encrypted information loaded from the source database as disclosed by Thomlinson to verify user and ensure data integrity (see Thomlinson column 4 lines 5-30).
and checking a permission to access the encrypted first security key based upon a column encryption key type”.
However, Banks in an analogous art discloses: and checking a permission to access the encrypted first security key based upon a column encryption key type. (Banks [0110] discloses “key that is used to encrypt the key. This key-encrypting key is constructed from a password” wherein user has to use password to know if they have permission to access the key-encrypting key and therefore the encrypted key, which is interpreted as having permission to access encrypted key based on a column encryption key; wherein the key could a column encryption key (CEK) as understood by the examiner from Banks [0114, 0122, 0195 and 0250]).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rungta checking a permission to access the encrypted first security key based upon a column encryption key type as disclosed by Banks to ensure the right user has permission for decryption of keys, see Banks [0250].

With respect to claim 9, Rungta in view of Waldron, Thomlinson and Banks disclose: A non-transitory computer readable storage medium as in claim 8 wherein: the second security key is at a first level of the key hierarchy; the first security key comprises a master key at a second level of the key hierarchy lower than the first level; and the encrypted information comprises an entirety of the source database. (the applicant is not claiming the second security key as the root but rather a broader concept wherein Waldron [0059] discloses “The key controller (18) may then perform (2014) an authentication process with the backend server (12) and may then request TPx-PUB(TPG) and receive it from the backend server (12). Next, the key controller (18) may derive (2016) TPx from Ax and use TPx to decrypt the received TPX-PUB(TPG), thereby extracting TPG … the key controller (18) requests (2020) the key-encrypted-key TPG-PUB(Cx) (35) from the backend server (12) and decrypts it using TPG to 

With respect to claim 11, Rungta in view of Waldron, Thomlinson and Banks disclose: A non-transitory computer readable storage medium as in claim 8 wherein the method further comprises validating the first key by successfully decrypting at least a portion of the encrypted information. (Thomlinson column 11 line 60 to column 12 line 11 disclose “The master key is then used to decrypt an appropriate item key and corresponding item authentication key. The item authentication key is used in conjunction with the MAC to verify that the item key decrypted correctly” wherein the master key was mapped to the first key and the decryption is verified, wherein the “the at least a portion of the encrypted information” is irrelevant since this could mean all the information is decrypted).

With respect to claim 12, Rungta in view of Waldron, Thomlinson and Banks disclose: A non-transitory computer readable storage medium as in claim 8 wherein the method further comprises checking a permission to access the encrypted information, based upon the password. (Waldron [0059-0060] disclose authenticating customer identity to access and encrypted data, wherein the authenticating is mapped to “checking a permission to access”).

With respect to claim 14, Rungta in view of Waldron, Thomlinson and Banks disclose: A non-transitory computer readable storage medium as in claim 9 wherein: the source database comprises an in-memory database; and communicating the first security key is performed by an in-memory database engine of the source database. (Banks [0245] discloses “The decrypted key is cached in the in-

With respect to claim 15, Rungta discloses: A computer system comprising: a software program, executable on said computer system, the software program configured to cause an database engine of an source database to: receive a transfer command with syntax comprising, (Rungta column 15 line 47 to column 16 line 26 disclose user submitting calls including “migration services” wherein submitting a call to migration services is mapped to receiving transfer command. This is interpreted in light of applicant summary of the invention and background section of the applicant specifications document. See also Rungta column 9 lines 25-55).
a password, (Rungta column 11 lines 10-30 disclose “a client may access the computing systems of the computing resource service provider environment 100 (e.g., using the client's user account credentials) using a computing device 102 to connect to a first user interface 108 …  command consoles” which is interpreted that the user uses their username and password to perform commands wherein password is part of the credentials because according to column 16 lines 45-60 the password can be changed).
a filename, (Rungta column 16 lines 20-30 disclose access to resource element “Booker_ROY.png” which means implicitly that a filename is specified to be accessed).
an override function, (Rungta column 16 line 60 to column 17 line 15 disclose “deleting an access key” command, wherein the deleting is mapped to override function).
wherein the override function is referenced to delete or re-name an existing copy of the first key in the target database. (Rungta column 16 line 60 to column 17 line 15 disclose “deleting an access key” command, wherein the deleting is mapped to override function).
and a keyname of an individual security key (Rungta column 19 lines 5-35 disclose encryption key identifier which could be mapped to the keyname).
Rungta does not explicitly disclose “a first security key of a key hierarchy of a source database”.
However, Waldron in an analogous art discloses: or a first security key of a key hierarchy of the source database; (Waldron [0053] discloses “The customer's data may be encrypted using a hierarchy of keys or multiple layers of encryption keys. The multiple layers, or hierarchy of encryption keys include higher level keys and lower level keys or subordinate keys. The higher level keys may be referred to as principal or master keys” wherein the second master key CX, mentioned in Waldron [0057], is mapped to a first security key).
receive from an external key store, a second security key used to decrypt the encrypted first security key; (Waldron [0059] discloses “The key controller (18) may then perform (2014) an authentication process with the backend server (12) and may then request TPx-PUB(TPG) and receive it from the backend server (12). Next, the key controller (18) may derive (2016) TPx from Ax and use TPx to decrypt the received TPX-PUB(TPG), thereby extracting TPG … the key controller (18) requests (2020) the key-encrypted-key TPG-PUB(Cx) (35) from the backend server (12) and decrypts it using TPG to extract Cx”. Which is interpreted that the key controller receives from a backend server, acting as the keystore, the TPX-PUB(TPG). The backend server, shown in Fig. 1, is mapped to the external keystore. Wherein the TPG, mapped to the second security key, is used to extract the CX, wherein the CX is a master key according to Waldron [0059]).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rungta wherein a first security key of a key hierarchy of a source 
Rungta does not explicitly disclose “in response to the transfer command, communicate the encrypted first security key securely by encrypting it with a key derived from password”.
However, Thomlinson in an analogous art discloses column 11 line 60 to column 12 line 5 disclose “The storage provider derives the user key from the user-supplied password and uses the user key to decrypt the master key and master authentication key” additionally Thomlinson discloses: in response to the transfer command, communicate the encrypted first security key securely by encrypting it with a key derived from password (Thomlinson concerned with securing sensitive transaction as recited in column 1 lines 15-30, additionally, Thomlinson column 6 lines 25-46 disclose “A user may enter commands and information into the personal computer 20 through input devices such as keyboard 40 and pointing device 42”. Wherein based on a transaction, which implicitly includes a transfer command, Thomlinson column 11 lines 10-35 disclose, “the master key and master authentication key are encrypted using a password that is derived from user authentication or identification”).
and storing the encrypted security key in a file for consumption at the target database receiving encrypted information loaded from the source database, (Thomlinson column 2 line 55 to 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rungta wherein in response to the transfer command, communicating the first security key securely by encrypting the first security key with a key derived from password and storing the encrypted security key in a file for consumption at a target database receiving encrypted information loaded from the source database as disclosed by Thomlinson to verify user and ensure data integrity (see Thomlinson column 4 lines 5-30).
Rungta does not explicitly disclose the database is “in-memory database” and “checking a permission to access the encrypted first security key based upon a column encryption key type”.
However, Banks in an analogous art discloses: the database could be an in-memory database (Banks [0245] discloses “The decrypted key is cached in the in-memory execution plan. For each row of data, the unit invokes the encryption module to execute the E_COLENCRYPT instruction on each encrypted column written to the database, as indicated at step 622. Encryption is done using the associated key value” wherein the key in Fig. 6c step 622 could be mapped to a first security key).
Furthermore, Banks discloses: checking a permission to access the encrypted first security key based upon a column encryption key type (Banks [0110] discloses “key that is used to encrypt the key. This key-encrypting key is constructed from a password” wherein user has to use password to know if they have permission to access the key-encrypting key and therefore the encrypted key, which is interpreted as having permission to access encrypted key based on a column encryption key; wherein 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rungta wherein the database is in-memory as disclosed by Banks to provide a programmable in-memory database which offers unlimited potential to program the database to virtually do anything possible for a database (see Banks [0245]). Furthermore, modifying Rungta with checking a permission to access the encrypted first security key based upon a column encryption key type as disclosed by Banks to ensure the right user has permission for decryption of keys, see Banks [0250].

With respect to claim 16, Rungta in view of Waldron, Thomlinson and Banks disclose: A computer system as in claim 15 wherein: the second security key is at a first level of the key hierarchy; the first security key comprises a master key at a second level of the key hierarchy lower than the first level; and the encrypted information comprises an entirety of the source database. (the applicant is not claiming the second security key as the root but rather a broader concept wherein Waldron [0059] discloses “The key controller (18) may then perform (2014) an authentication process with the backend server (12) and may then request TPx-PUB(TPG) and receive it from the backend server (12). Next, the key controller (18) may derive (2016) TPx from Ax and use TPx to decrypt the received TPX-PUB(TPG), thereby extracting TPG … the key controller (18) requests (2020) the key-encrypted-key TPG-PUB(Cx) (35) from the backend server (12) and decrypts it using TPG to extract Cx” and since TPG is used to extract CX then TPG is interpreted as first level while the master key CX is interpreted as second level. In addition Waldron [0060] “The data ( 40) may be stored in encrypted form (using the hierarchy of keys (24)) in the remote database or vault (14).” Which is interpreted that the entire source is encrypted on database 14 as illustrated in Waldron Fig. 1).

With respect to claim 18, Rungta in view of Waldron, Thomlinson and Banks disclose: A computer system as in claim 15 further comprising the in-memory database engine validating the first key by successfully decrypting at least a portion of the encrypted information. (Thomlinson column 11 line 60 to column 12 line 11 disclose “The master key is then used to decrypt an appropriate item key and corresponding item authentication key. The item authentication key is used in conjunction with the MAC to verify that the item key decrypted correctly” wherein the master key was mapped to the first key and the decryption is verified, wherein the “the at least a portion of the encrypted information” is irrelevant since this could mean all the information is decrypted).

With respect to claim 19, Rungta in view of Waldron, Thomlinson and Banks disclose: A computer system as in claim 15 further comprising the in-memory database engine checking a permission to access the encrypted information, based upon the password. (Banks Fig. 6C step 621-623 explain using user password to allow access to encrypted information).


Claims 3, and 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rungta in view of Waldron, Thomlinson, and Banks as applied to claims 1-2, 4-6, 8-9, 11-12, 14-16 and 18-19 above, and further in view of Hazel et al. (US 20070276765 A1) hereinafter referred to as Hazel.

With respect to claim 3, Rungta in view of Waldron, Thomlinson and Banks disclose: A method as in claim 1 wherein: the second security key is at a first level of the key hierarchy; a master security key of the source database is at a second level of the key hierarchy lower than the first level; (the applicant is not claiming the second security key as the root but rather a broader concept wherein Waldron [0059] discloses “The key controller (18) may then perform (2014) an authentication process 
They do not explicitly disclose “the first security key is at a third level of the key hierarchy lower than the second level; and the encrypted information comprises only a portion of the source database”.
However, Hazel in an analogous field of endeavor discloses: the first security key is at a third level of the key hierarchy lower than the second level; (Hazel [0133] discloses “a hierarchy key management can be established to include primary keys, OEM keys, merchant keys and terminal keys” wherein each key could be mapped to every corresponding level cited by the claim limitation).
and the encrypted information comprises only a portion of the source database. (Interpreted in view of applicant specifications paragraph [0049]. Hazel [0112] discloses “personal account number of a credit card is encrypted as follows: the first six digits, or the bank identification number, are left in clear text, the next six digits are encrypted, and the last four digits of the account number are left in clear text.” Which is interpreted that part of the credit card sensitive information is encrypted).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rungta in view of Waldron, Thomlinson and Banks recited above wherein the first security key is at a third level of the key hierarchy lower than the second level; and the encrypted information comprises only a portion of the source database as disclosed by Hazel to enable 

With respect to claim 10, Rungta in view of Waldron, Thomlinson and Banks disclose: A non-transitory computer readable storage medium as in claim 8 wherein: the second security key is at a first level of the key hierarchy; a master security key of the source database is at a second level of the key hierarchy lower than the first level; (the applicant is not claiming the second security key as the root but rather a broader concept wherein Waldron [0059] discloses “The key controller (18) may then perform (2014) an authentication process with the backend server (12) and may then request TPx-PUB(TPG) and receive it from the backend server (12). Next, the key controller (18) may derive (2016) TPx from Ax and use TPx to decrypt the received TPX-PUB(TPG), thereby extracting TPG … the key controller (18) requests (2020) the key-encrypted-key TPG-PUB(Cx) (35) from the backend server (12) and decrypts it using TPG to extract Cx” and since TPG is used to extract CX then TPG is interpreted as first level while the master key CX is interpreted as second level. In addition Waldron [0060] “The data ( 40) may be stored in encrypted form (using the hierarchy of keys (24)) in the remote database or vault (14).” Which is interpreted that the entire source is encrypted on database 14 as illustrated in Waldron Fig. 1).
 “the first security key is at a third level of the key hierarchy lower than the second level; and the encrypted information comprises only a portion of the source database”.
However, Hazel in an analogous field of endeavor discloses: the first security key is at a third level of the key hierarchy lower than the second level; (Hazel [0133] discloses “a hierarchy key management can be established to include primary keys, OEM keys, merchant keys and terminal keys” wherein each key could be mapped to every corresponding level cited by the claim limitation).
and the encrypted information comprises only a portion of the source database. (Interpreted in view of applicant specifications paragraph [0049]. Hazel [0112] discloses “personal account number of a credit card is encrypted as follows: the first six digits, or the bank identification number, are left in clear text, the next six digits are encrypted, and the last four digits of the account number are left in clear text.” Which is interpreted that part of the credit card sensitive information is encrypted).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rungta in view of Waldron, Thomlinson and Banks recited above wherein the first security key is at a third level of the key hierarchy lower than the second level; and the encrypted information comprises only a portion of the source database as disclosed by Hazel to enable data capture devices with respect to credit card processing with the encryption features (whether a new device or a retrofitted device) can be integrated into the network and be compatible with terminals that are expecting data from non-encrypting magnetic stripe readers. In addition using keys in a hierarchy, keys can be automatically managed and maintained by a key management module, which can be used as a service or as an appliance. As a service, keys can be remotely managed by merchants. Each merchant's terminal or group of terminals can be assigned a unique key that is used to decrypt the encrypted card data (see Hazel [0112, 0133-0134]).

Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rungta in view of Waldron, Thomlinson, and Banks as applied to claims 1-2, 4-6, 8-9, 11-12, 14-16 and 18-19 above, and further in view of Hazel et al. (US 20070276765 A1) hereinafter referred to as Hazel.

With respect to claim 17, Rungta in view of Waldron, Thomlinson and Banks disclose: A computer system as in claim 15 wherein: the second security key is at a first level of the key hierarchy; a master security key of the in-memory source database is at a second level of the key hierarchy lower than the first level; (the applicant is not claiming the second security key as the root but rather a broader concept wherein Waldron [0059] discloses “The key controller (18) may then perform (2014) an authentication process with the backend server (12) and may then request TPx-PUB(TPG) and receive it from the backend server (12). Next, the key controller (18) may derive (2016) TPx from Ax and use TPx to decrypt the received TPX-PUB(TPG), thereby extracting TPG … the key controller (18) requests (2020) the key-encrypted-key TPG-PUB(Cx) (35) from the backend server (12) and decrypts it using TPG to extract Cx” and since TPG is used to extract CX then TPG is interpreted as first level while the master key CX is interpreted as second level. In addition Waldron [0060] “The data ( 40) may be stored in encrypted form (using the hierarchy of keys (24)) in the remote database or vault (14).” Which is interpreted that the entire source is encrypted on database 14 as illustrated in Waldron Fig. 1).
They do not explicitly disclose, “the first security key is at a third level of the key hierarchy lower than the second level; and the encrypted information comprises only a portion of the source database.”
However, Hazel in an analogous field of endeavor discloses: the first security key is at a third level of the key hierarchy lower than the second level; (Hazel [0133] discloses “a hierarchy key management can be established to include primary keys, OEM keys, merchant keys and terminal keys” wherein each key could be mapped to every corresponding level cited by the claim limitation).
and the encrypted information comprises only a portion of the source database. (Interpreted in view of applicant specifications paragraph [0049]. Hazel [0112] discloses “personal account number of a credit card is encrypted as follows: the first six digits, or the bank identification number, are left in clear text, the next six digits are encrypted, and the last four digits of the account number are left in clear text.” Which is interpreted that part of the credit card sensitive information is encrypted).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Rungta in view of Waldron, Thomlinson and Banks recited above wherein the first security key is at a third level of the key hierarchy lower than the second level; and the encrypted information comprises only a portion of the source database as disclosed by Hazel to enable data capture devices with respect to credit card processing with the encryption features (whether a new device or a retrofitted device) can be integrated into the network and be compatible with terminals that are expecting data from non-encrypting magnetic stripe readers. In addition using keys in a hierarchy, keys can be automatically managed and maintained by a key management module, which can be used as a service or as an appliance. As a service, keys can be remotely managed by merchants. Each merchant's terminal or group of terminals can be assigned a unique key that is used to decrypt the encrypted card data (see Hazel [0112, 0133-0134]).

Conclusion 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Newman et al. (US 20030046572 A1) Abstract discloses, “The invention provides a transparent encryption infrastructure which allows the user to point-and-click on columns and tables to encrypt data. The creation of triggers and views are also easily implemented, to encrypt and decrypt data, to manage the encryption keys and to grant and revoke access to a column. Public and private key pairs are hashed and encrypted with a valid password. The process or encryption starts by creating a .
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HANY S GADALLA whose telephone number is (571)272-2322. The examiner can normally be reached Mon to Fri 8:30AM - 5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To 





/H.S.G./Examiner, Art Unit 2493                                                                                                                                                                                                        
/Michael Simitoski/Primary Examiner, Art Unit 2493