DETAILED ACTION

Continuation
This application is a continuation application of US 15/420,026 (filed on Jan. 30, 2017 – now US Patent No. 10,516,530). The prosecution history and references cited in the above application have been fully considered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 3/19/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:


The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: “a lock module that…”, “a decryption module that…”, “an encryption module that…”, “a key module that…” and “a data module that…” in claims 1-19.

If applicant does not intend to have these limitations interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-3, 5-6, 10, 13, and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-5, 7-9, 11, and 14-20 of U.S. Patent No. 10,516,530. Although the claims at issue are not identical, they are not patentably distinct from each other because the conflicting patent claims contain each and every element of the current . 
The following is a comparison table between exemplary independent claims.
Instant application (16/726118)
Conflicting patent (10,516,530)
1. An apparatus comprising: 

1. A method comprising: (a method corresponding to the apparatus in the instant application)

a lock module that: receives a request to decrypt encrypted data that is stored in a data repository, the encrypted data encrypted using a first encryption key; 
receiving a request from an aggregation server to access encrypted credential information for a user, the aggregation server aggregating financial data from one or more financial institutions where a user has an account using the encrypted credential information; (the request is to receive data and decrypt as recited in a later limitation)

determining whether the aggregation server is authorized to communicate with an encryption engine that is used to encrypt the credential information for the user by cross-referencing one or more tokens issued to the 

receiving, in response to determining that the aggregation server is authorized to communicate with the encryption engine, a plurality of keys for unlocking the encryption engine, each key associated with a key holder; combining at least a subset of the plurality of keys to generate a master key, the subset comprising at least two keys of the plurality of keys; unlocking the encryption engine using the master key;

receiving, at the encryption engine, the encrypted credential information for accessing the user's accounts at the plurality of financial institutions, the credential information encrypted using a first encryption key; (this limitation is non-distinct from the functions of the lock module in the instant application – specifically, the credentials are encrypted with a first encryption key, wherein the credentials are “requested” in an earlier limitation and decrypted/re-encrypted in the following limitations)

decrypting the encrypted credential information using the first encryption key, the decrypted credential information transmitted to the aggregation server for accessing the one or more financial institutions where the user has an account;
and an encryption module that re-encrypts the decrypted data using the encryption engine, the decrypted data re-encrypted with a second encryption key that is different than the first encryption key, the re-encrypted data stored in the data repository.
and re-encrypting the decrypted credential information using a second encryption key, the second encryption key newer than the first encryption key.


	Furthermore, the same reasoning for claim 1 is also applicable to the remaining independent claims of the instant application. In another example, the instant applications also recite a “system” and another “apparatus”, which similarly corresponds to the apparatus and a program product of claims 14 and 20, respectively, of the conflicting patent.

Instant application (16/726118)
Conflicting patent (10,516,530)
2. The apparatus of claim 1, further comprising a data module that receives the encrypted data from the data repository on a continuous basis, in response to the encryption engine being unlocked, without a delay between different sets of encrypted data.
9. The method of claim 8, further comprising receiving the records on a continuous basis by receiving each record of the plurality of records without a delay between each record.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1-2, 7-10, 13-15, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Vault (hereinafter, “Vault”), A HashiCorp Project, Published on various days in Apr, May, & Sep 2015, https://web.archive.org/web/20150503005402/http://vaultproject.io/ - Sections "Intro" and "Docs" in view of Fuller et al. (hereinafter, “Fuller”), US 9,722,974.
As per claim 1: Vault discloses: An apparatus comprising: a lock module that: receives a request to decrypt encrypted data that is stored in a data repository), the encrypted data encrypted using a first encryption key (“Vault can be used to encrypt/decrypt data that is stored elsewhere. The primary use of this is to allow applications to encrypt their data while still storing it in the primary data store.” [Vault, pg. 5, Data Encryption]; a high level illustrated overview of Vault is depicted in [Vault, pg. 8]; therefore, Vault is a tool for securing access to secrets (e.g. the “first encryption key” used to encrypt/decrypt data that is stored in a data store); see [Vault, pg. 1, Introduction to Vault]); and unlocks an encryption engine in response to the request, the encryption engine unlocked using a master key that is generated based on combination of a plurality of keys held by a plurality of key holders (“Once started, the Vault is in a sealed state. Before any operation can be performed on the Vault it must be unsealed. This is done by providing the unseal keys. When the Vault is initialized it generates an encryption key which is used to protect all the data. That key is protected by a master key. By default, Vault uses a technique known as Shamir's secret sharing algorithm…to split the master key into 5 shares, any 3 of which are required to reconstruct the master key.” [Vault, pg. 8]); a decryption module that decrypts the encrypted data using the encryption engine, the encrypted data decrypted using the first encryption key (“The data stored by Vault is stored first encryption key”; it does not refer to the claimed “encrypted data”, which is encrypted by said “first encryption key”); .
Vault does not does the strikethrough limitations. Vault primarily recites a secure framework that controls access to secrets, such as credentials, cryptographic keys, etc. However, Vault does discloses key rotation, where a new encryption key is added to a keyring for encrypting new values written to the storage backend [Vault, pg. 12]. Key rotation is a common practice in computer security. A form of key rotation includes re-encrypting stored data with new key(s), rather than just new incoming data. For example, Fuller is directed to analogous art of re-encrypting and storing data [Fuller, Abstract]. Hence, Fuller discloses: an encryption module that re-encrypts the decrypted data using the encryption engine, the decrypted data re-encrypted with a second encryption key that is different than the first encryption key, the re-encrypted data stored in the data repository (a request to re-encrypt data is received from a requesting device, wherein a second key is generated to re-encrypt the data after it has been decrypted by a first key [Fuller, col. 10, line 64 – col. 11, line 35; fig. 2]).


As per claim 2: Vault in view of Fuller disclose all limitations of claim 1. Furthermore, Vault in view of Fuller disclose: further comprising a data module that receives the encrypted data from the data repository on a continuous basis, in response to the encryption engine being unlocked, without a delay between different sets of encrypted data (re-encrypting the data periodically at a scheduled time; these requests are continuously transmitted [Fuller, col. 5, lines 33-45]; these requests originate from a requesting device 105 to re-encrypt data in a device data store 150 [Fuller, col. 7, lines 5-11; Fig. 1]).

As per claim 7: Vault in view of Fuller disclose all limitations of claim 1. Furthermore, Vault in view of Fuller disclose: wherein the decryption module checks a key version identifier that is stored as metadata with the encrypted data to determine the first encryption key that was used to encrypt the encrypted data (encrypted encryption keys (e.g. the “encrypted data”, or the data being re-encrypted [Fuller, col. 7, lines 5-11]) and their corresponding identifiers are stored in key data stores 160, 170, wherein the identifiers are used to identify the encryption key used to encrypt a respective encryption key [Fuller, col. 7, lines 55-64]).

As per claim 8: Vault in view of Fuller disclose all limitations of claim 7. Furthermore, Vault in view of Fuller disclose: wherein the decryption module cross references the key version identifier with a list of previously used encryption keys to locate the encryption key that matches the key version identifier (retrieving the encryption key and/or identifier of the encryption key used to encrypt the encryption key retrieved from a key data store [Fuller, col. 8, lines 13-29]).

As per claim 9: Vault in view of Fuller disclose all limitations of claim 1. Furthermore, Vault in view of Fuller disclose: wherein the second encryption key that is used to re-encrypt the decrypted data comprises a newly generated encryption key that has never been used (generating a second key [Fuller, col. 11, lines 23-26]).

As per claim 10: Vault in view of Fuller disclose all limitations of claim 1. Furthermore, Vault in view of Fuller disclose: further comprising a key module that generates, on a consistent frequency, new encryption keys for re-encrypting the encrypted data in the data repository, wherein the key module expires encryption keys that are no longer in use such that the expired encryption keys cannot be used again (determining if the first key is exhausted, such as the number of times said first key has been used or the amount of time that said first key has existed; if the first key has been exhausted, generating the second key [Fuller, col. 11, lines 13-26]; keys are generated periodically [Fuller, col. 5, lines 7-12 & 34-45).

As per claim 13: Claim 13 is different in overall scope from claim 1 but recites substantially similar subject matter as claim 1. Claim 13 is directed to a system comprising an apparatus corresponding to the apparatus in claim 1. Thus, the response provided above for claim 1 is equally applicable to claim 13.

As per claim 14: Vault in view of Fuller disclose all limitations of claim 13. Vault does not disclose the features of claim 14. However, Fuller presents a structure where a device data store is distributed over many different locations. In an example embodiment, the device data store 150 operates in conjunction with a request device 105 [Fuller, col. 6, lines 45-56 & col. 7, lines 5-11; Fig. 1]. Therefore, Vault in view of Fuller disclose: further comprising a member server that is configured to facilitate communications between the data repository and the encryption engine (a requesting device 105 (“member server”, or the client in Vault) can retrieve data to be encrypted, decrypted, or re-encrypted from device data store 150 to the multi-tiered encryption system 125 (e.g. the Vault) [Hird, col. 6, lines 45-56 & col. 7, lines 20-23; Fig. 1]).
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify Vault to operate as a centralized encryption system, such as in Fuller, to enable management of cryptographic services for multiple clients. Both the Vault and encryption system share the same purpose: to manage cryptographic secrets and to provide encrypt, decrypt, and/or re-encrypt services.

 As per claim 15: Vault in view of Fuller disclose all limitations of claim 14. Furthermore, Vault in view of Fuller disclose: wherein the member server comprises one or more tokens for identifying itself, the encryption engine being unlocked in response to determining that the member server is authorized to access the encryption engine based on the one or more tokens (tokens are used by clients (or the requesting device in Fuller) as means for authenticating to Vault [Vault, pg. 18, Tokens; pg. 20, Authentication).

As per claim 18: Vault in view of Fuller disclose all limitations of claim 13. Furthermore, Vault in view of Fuller disclose: wherein the lock module is further configured to lock the encryption engine in response to one or more of detecting changes in a configuration of the encryption engine and receiving a manual request to lock the encryption engine, the detected configuration changes comprising one or more of a change in network ports and a change in available backends used by the encryption engine (a threat model for Vault includes securing Vault from eavesdropping as well as communication from Vault to its storage backend, detecting tampering of data-at-rest or data-in-transit [Vault, pg. 24, Threat Model]; furthermore, revocation can assist in locking down system in case of an intrusion [Vault, pg. 2]; furthermore, an API is provided to seal (lock) the Vault by a single operator and/or when an intrusion is detected [Vault, pg. 14, Sealing])

As per claim 19: Vault in view of Fuller disclose all limitations of claim 13. Furthermore, Vault in view of Fuller disclose: wherein the lock module is further configured to use at least a subset of the plurality of keys received from a plurality of key holders to generate the master key, wherein a number of the subset is user configurable (“Vault uses a technique known as Shamir’s secret sharing algorithm” and the “number of shares and minimum threshold required can both be specified” [Vault, pp. 8-9]).

As per claim 20: Claim 20 is different in overall scope from claim 1 but recites substantially similar subject matter as claim 1. Claim 20 is directed to an apparatus with structure corresponding to the modules of the apparatus in claim 1. Thus, the response provided above for claim 1 is equally applicable to claim 20.

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Vault in view of Fuller and in further view of Mattsson et al. (hereinafter, “Mattsson”), US 2007/0079119.
As per claim 3: Vault in view of Fuller disclose all limitations of claim 2. Vault and Fuller do not disclose the features of claim 3. However, Mattsson discloses: wherein the data module receives the encrypted data as a continuous stream of data transmitted from the data repository (re-encryption of a database column involves iterating through every row (i.e. “continuous stream”) of the database [Mattsson, ¶45] – when under consideration of Vault, this stream of database records is provided to Vault for encryption).
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to apply Vault to any form of data to be encrypted/decrypted, such as a continuous stream of database records. This is a design choice pertaining to the goals and/or requirements of a developer. For example, the developer may be designing a cryptographic service to secure sensitive values in a database.

	
s 4 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Vault in view of Fuller and in further view of Ophir et al. (hereinafter, “Ophir”), US 2004/0143733.
As per claim 4: Vault in view of Fuller disclose all limitations of claim 3. Vault in view of Fuller do not disclose the features of claim 4. However, Ophir discloses: wherein the data module further encrypts the encrypted data using a cryptographic protocol while the encrypted data is in transit to the encryption engine (a client may encrypt data-in-transit to a mediator, wherein the mediator is capable of receiving/transmitting data from any client for storage [Ophir, ¶¶13-14]).
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to also apply cryptographic methods for protecting data-in-transit for additional protection. As disclosed in [Ophir, ¶15], encryption for data being transmitted is based on transient keys that do not survive the session, whereas keys used to encrypt stored data live longer. This would have required attackers to penetrate through two layers of protection to obtain the original data within a limited period of time. Therefore, by having additional encryption on the data during transmission from one point to another would have enhanced the security of the data.

As per claim 16: Vault in view of Fuller discloses all limitations of claim 14. Vault in view of Fuller do not disclose the features of claim 16. However, Ophir discloses: further comprising a data module that encrypts the data using a cryptographic protocol while the data is in transit between the encryption engine, the data repository, and the member server (a client may encrypt data-in-transit to a mediator, wherein the mediator is capable of 
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to also apply cryptographic methods for protecting data-in-transit for additional protection. As disclosed in [Ophir, ¶15], encryption for data being transmitted is based on transient keys that do not survive the session, whereas keys used to encrypt stored data live longer. This would have required attackers to penetrate through two layers of protection to obtain the original data within a limited period of time. Therefore, by having additional encryption on the data during transmission from one point to another would have enhanced the security of the data.

Claims 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Vault in view of Fuller and in further view of Bhat et al. (hereinafter, “Bhat”), US 2015/0012443.
As per claim 5: Vault in view of Fuller disclose all limitations of claim 1. Vault in view of Fuller do not disclose the features of claim 5. However, Vault is not strictly limited what type of data is encrypted or decrypted by Vault [Vault, pg. 5, Data Encryption]. Financial user data is a common form of data that requires security. For example, Bhat discloses: wherein the encrypted data that is stored in the data repository comprises a plurality of records, each record storing information associated with one or more users (aggregating encrypted login information to a financial institution [Bhat, ¶5]; therefore, the data in Vault can refer to a user’s login information to financial accounts/institutions).


As per claim 6: Vault in view of Fuller and Bhat disclose all limitations of claim 5. The same motivation for incorporating Bhat is also applicable herein. Therefore, Vault in view of Fuller and Bhat disclose: wherein the encrypted data comprises sensitive data for each of the one or more users, the sensitive data comprising electronic user credentials for logging the one or more users into one or more user accounts at a financial institution (encrypting login information to a financial institution and provided said encrypted information [Bhat, ¶5]).

Claims 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Vault in view of Fuller and in further view of Hird (hereinafter, “Hird”), US 2016/0212109.
As per claim 11: Vault in view of Fuller disclose all limitations of claim 1. Vault in view of Fuller do not disclose the features of claim 11. Hird is directed to obtaining a security (cryptographic) key, dividing the key into fragments and distributing the key fragments to different proxy storage devices [Hird, ¶4]. Therefore, Hird discloses: wherein the lock module requests the keys from the plurality of key holders for generating the master key using an electronic request, the electronic request selected from group consisting of a text message, a push notification, an email, and a chat message (a security key is divided into fragments and distributed among proxy storage devices that are identifiable by email accounts, social media accounts, text message addresses, or any storage media [Hird, ¶14]; the key fragments are retrieved from the proxy storage device when requested, such as through an email message or text message [Hird, ¶32]).
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to implement any means of communication of the key shares from the key holders in Vault. The manner of how each key share is obtained is a design choice based on the limitations and requirements of the developer. By having multiple options of communicating key shares, such as in Hird, the key shares would have been distributed to a greater range of key holders (e.g. mobile users limited to SMS communications, PC users that can use all forms of communications, etc.).

As per claim 12: Vault in view of Fuller and Hird disclose all limitations of claim 11. The same motivation for incorporating Hird is also applicable herein. Furthermore, Vault in view of Fuller and Hird disclose: wherein the lock module is further configured to lock the encryption engine in response to one or more of detecting changes in a configuration of the encryption engine and receiving a manual request to lock the encryption engine, the detected configuration changes comprising one or more of a change in network ports and a change in available backends used by the encryption engine (a threat model for Vault includes securing Vault from eavesdropping as well as communication from Vault to its storage backend, detecting tampering of data-at-rest or data-in-transit [Vault, pg. 24, Threat Model]; .

Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Vault in view of Fuller, Ophir, and Mattsson.
As per claim 17: Vault in view of Fuller and Ophir disclose all limitations of claim 16. The reasons for incorporating Mattsson and Ophir in claims 3 and 16, respectively, are also applicable herein. Therefore, Vault in view of Fuller, Ophir, and Mattsson disclose: wherein the data repository comprises a database, the member server iterating over each row of the database and sending each row over a secure connection using the cryptographic protocol to the encryption engine as a continuous stream of data to be re-encrypted (the “continuous stream” of data are the rows/records from a database that is requested to be re-encrypted as discussed in Mattsson in claim 3; furthermore, any data-in-transit would be encrypted as an added layer of protection, which is discussed in Ophir in claim 16).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT B LEUNG whose telephone number is (571)270-1453. The examiner can normally be reached Mon - Thurs: 10am-7pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        11-10-2021