DETAILED ACTION
This office action is in response to applicant’s amendment filed on 08/30/2021.  Claims 2 and 17 have been canceled and claims 21-22 have been added. Claims 1, 9-10, 12, 16, and 20 have been amended.  Claims 1, 3-16, and 18-22 are pending and are directed towards system, method, and computer product for Automated Key and Encryption.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
1.	Applicant’s arguments filed 08/30/2021 have been fully considered.
A) Applicant’s arguments, with respect to the amended limitations of claims 1, 9, and 16, that Agarwal fails to teach “identifying an exception to the second key policy; in response to the second application being non-compliant and based on the exception, suppressing a second request to update the second key; and Page 2 of 15Application No. 16/065,415Attorney Docket No. IP-P3407US1/41038.337957Response Filed: 08/30/2021Reply to Office Action of: 05/28/2021receiving a first response at the encryption system, the first response including a result of the request to deploy the third key and a suppression of the second request” (page 10-12 of the present response) have been fully considered but they are moot in view of the new grounds of 35 U.S.C. 103 rejections.
Claim Objections
2.	Claim 9  is objected to because of the following informalities:  
A.	Claim 9, line 20, recites “second key” when it should recite “second request”.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which 
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
4.	Claims 1, 3-5, 7-12, 14-16, and 18-22 are rejected under 35 U.S.C. 103 as being unpatentable over Agarwal et al. (US Pub. 2017/0004312), hereinafter Agarwal, filed on Jun. 29, 2016 in view of Reilly et al. (US Pub. 2011/0293096), hereinafter Reilly, filed on May 27, 2010.
Regarding claim 1, Agarwal teaches a method comprising: 
storing, by an encryption system, a first key policy in association with a first key and a second key policy in association with a second key (para 34, line 1-10 and para 47, line 1-12; data encryption service manages and stores data 
determining a remote machine stores a first application affected by the first key policy and a second application affected by the second key policy, the first application utilizing the first key to encrypt first data, and the second application utilizing the second key to encrypt second data (Fig. 1 and para 47, line 1-12 and para 51, line 1-10; application hosting systems 110 may be a computing device such as a laptop or wearable computer and includes cryptographic policies that specify a particular cryptographic algorithm or key to secure portions of the application for multiple applications); 
determining the first key of the first application is non-compliant with the first key policy (para 131, line 1-23; data encryption service determine that an encryption key is not renewed and/or updated appropriately using the encryption key policies applicable to each application); 
in response to the determining that the first key of the first application is non-compliant with the first key policy, sending a request to deploy a third key (para 131, line 1-23 and para 150, line 1-14; data encryption service includes a monitoring and alert service that sends a request to issue a renewed encryption key for the encryption key not renewed or updated appropriately);

Agarwal does not teach identifying an exception to the second key policy;
Reilly teaches identifying an exception to the second key policy (para 53, line 1-18 and para 86, line 1-19; determine if the key 256 no longer conforms to the current application domain policies and throw an exception);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Agarwal to incorporate the teachings of Reilly to provide determine if the key no longer conforms to the current application domain policies and throw an exception.  Doing so would allow for managing encryption keys for computer software applications, as recognized by Reilly.
Agarwal teaches in response to the second application being non-compliant (para 131, line 1-23; data encryption service determine that an encryption key is not renewed and/or updated appropriately using the encryption key policies applicable to each application)

Reilly teaches based on the exception, suppressing a second request to update the second key (para 53, line 1-18 and para 86, line 1-19; throw an exception for key update request and maintain the old key); and
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Agarwal to incorporate the teachings of Reilly to provide throw an exception for key update request and maintain the old key.  Doing so would allow for managing encryption keys for computer software applications, as recognized by Reilly.
Agarwal teaches receiving a first response at the encryption system, the first response including a result of the request to deploy the third key (para 142, line 1-12 and 144, line 1-19; the monitoring and alert service of the data encryption service provides the key updates and stores the identified encryption key for use with the application in the encryption object metadata extraction engine 1738).
Agarwal does not teach the first response including a suppression of the second request

It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Agarwal to incorporate the teachings of Reilly to provide throw an exception for key update and maintain the old key.  Doing so would allow for managing encryption keys for computer software applications, as recognized by Reilly.
Regarding claim 3, Agarwal and Reilly teach method of claim 1.
Agarwal teaches receiving a change to an attribute of a key defined by the first key policy (para 161, line 1-12; generate a set of rules, specifying a set of conditions for the encryption key policies applicable to an application, to be applied to an identified attribute); 
determining the remote machine that stores the first application affected by the first key policy, in response to the change to the attribute of the key defined by the first key policy (para 51, line 1-10 and para 161, line 1-12; generate a set of rules, specifying a set of conditions for the encryption key policies applicable to an application of a computing device, to be applied to an identified attribute); and 29WO 2019/232692PCT/CN2018/089928 

Regarding claim 4, Agarwal and Reilly teach method of claim 3.
Agarwal teaches the attribute of the key is any one of: key length, symmetry or asymmetry of the key, or an algorithm to generate the key (para 144, line 1-17; encryption key may have multiple attributes, such as size of the encryption key).
Regarding claim 5, Agarwal and Reilly teach method of claim 1.
Agarwal teaches in response to the determining that the first key of the first application is non-compliant with the first key policy (para 131, line 1-23 and para 150, line 1-14; data encryption service includes a monitoring and alert service that sends a request to issue a renewed encryption key for the encryption key not renewed or updated appropriately): 
generating the third key at the encryption system (para 142, line 1-12 and 144, line 1-19; the monitoring and alert service of the data encryption service performs and provides the key updates); and 

Regarding claim 7, Agarwal and Reilly teach method of claim 1.
Agarwal teaches the determining the first key of the first application is non-compliant with the first key policy includes: detecting an expiration event associated with the first key (para 131, line 1-23; data encryption service determine that an encryption key is not periodically renewed and/or updated appropriately using the encryption key policies applicable to each application).
Regarding claim 8, Agarwal and Reilly teach method of claim 1.
Agarwal teaches the expiration event includes an expiration of a temporal period associated with the first key (para 131, line 1-23; data encryption service determine that an encryption key is not periodically renewed and/or updated appropriately by monitoring the encryption key lifecycle).
Regarding claim 9, Agarwal teaches a system comprising: 
one or more processors (para 43, line 14-17; a processor); and 
a non-transitory memory storing instructions that configure the one or more processors to perform operations (para 43, line 14-17; non-transitory 
storing, by an encryption system, a first key policy in association with a first key and a second key policy in association with a second key (para 34, line 1-10 and para 47, line 1-12; data encryption service manages and stores data encryption of resources including encryption key policies specifying the encryption keys to be used in encrypting application data); 
identifying first data stored on a remote machine encrypted by the first key; 30WO 2019/232692PCT/CN2018/089928identifying second data stored on the remote machine encrypted by the second key, the first key different than the second key (para 47, line 1-12 and para 51, line 1-10 and para 54, line 1-10; application hosting systems 110 may be a computing device such as a laptop or wearable computer and includes cryptographic policies that specify a particular cryptographic algorithm or key to secure portions of the application for multiple applications, where the encryption key may be different for certain applications); 
determining the first key is not compliant with the first key policy (para 131, line 1-23; data encryption service determine that an encryption key is not renewed and/or updated appropriately using the encryption key policies applicable to each application); 

determining that the second key of the second application is non-compliant with the second key policy (para 131, line 1-23; data encryption service determine that an encryption key is not renewed and/or updated appropriately using the encryption key policies applicable to each application); 
Agarwal does not teach identifying an exception to the second key policy;
Reilly teaches identifying an exception to the second key policy (para 53, line 1-18 and para 86, line 1-19; determine if the key 256 no longer conforms to the current application domain policies and throw an exception);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Agarwal to incorporate the teachings of Reilly to provide determine if the key no longer conforms to the current application domain policies and throw an exception.  Doing so would allow for managing encryption keys for computer software applications, as recognized by Reilly.

Agarwal does not teach in response to the exception, suppressing a second request to update the second key; and
Reilly teaches in response to the exception, suppressing a second request to update the second key (para 53, line 1-18 and para 86, line 1-19; throw an exception for key update and maintain the old key); and
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Agarwal to incorporate the teachings of Reilly to provide throw an exception for key update and maintain the old key.  Doing so would allow for managing encryption keys for computer software applications, as recognized by Reilly.
Agarwal teaches receiving a first response at the encryption system, the first response including a result of the request to deploy the third key (para 142, line 1-12 and 144, line 1-19; the monitoring and alert service of the data encryption service provides the key updates and stores the identified encryption 
Agarwal does not teach the first response including a result of the suppression of the second key
Reilly teaches the first response including a result of the suppression of the second request (para 53, line 1-18 and para 86, line 1-19; throw an exception for key update and maintain the old key); and
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Agarwal to incorporate the teachings of Reilly to provide throw an exception for key update and maintain the old key.  Doing so would allow for managing encryption keys for computer software applications, as recognized by Reilly.
Regarding claim 10, Agarwal and Reilly teach system of claim 9.
Agarwal teaches receiving a change to an attribute of a key defined by the first key policy (para 161, line 1-12; generate a set of rules, specifying a set of conditions for the encryption key policies applicable to an application, to be applied to an identified attribute); 
determining the remote machine that stores a first application affected by the first key policy, in response to the change to the attribute of the key defined 
updating the first key utilized by the first application based on the change to the attribute of the key defined by the first key policy (para 155, line 1-11 and para 161, line 1-12; updating an encryption key based on the generated a set of rules, specifying a set of conditions for the encryption key policies applicable to an application, to be applied to an identified attribute).
Regarding claim 11, Agarwal and Reilly teach system of claim 10.
Agarwal teaches the attribute of the key is any one of: key length, symmetry or asymmetry of the key, or an algorithm to generate the key (para 144, line 1-17; encryption key may have multiple attributes, such as size of the encryption key).
Regarding claim 12, Agarwal and Reilly teach system of claim 9.
Agarwal teaches in response to the determining that the first key of the first application is non-compliant with the first key policy (para 131, line 1-23 and para 150, line 1-14; data encryption service includes a monitoring and alert service that sends a request to issue a renewed encryption key for the encryption key not renewed or updated appropriately): 

deploying the third key to the remote machine (para 51, line 1-10 and para 142, line 1-12 and 144, line 1-19; the monitoring and alert service of the data encryption service provides the key updates to application hosting systems 110, which may be a computing device such as a laptop or wearable computer).
Regarding claim 14, Agarwal and Reilly teach system of claim 9.
Agarwal teaches the determining the first key of the first application is non-compliant with the first key policy includes: detecting an expiration event associated with the first key (para 131, line 1-23; data encryption service determine that an encryption key is not periodically renewed and/or updated appropriately using the encryption key policies applicable to each application).
Regarding claim 15, Agarwal and Reilly teach system of claim 14.
Agarwal teaches the expiration event includes an expiration of a temporal period associated with the first key (para 131, line 1-23; data encryption service determine that an encryption key is not periodically renewed and/or updated appropriately by monitoring the encryption key lifecycle).
Regarding claim 16, Agarwal teaches a non-transitory machine-readable storage medium including instructions that, when executed by a machine, cause the machine to perform operations comprising (para 43, line 14-17; non-transitory computer-readable medium may store instructions executed by one or more processing units):
storing, by an encryption system, a first key policy in association with a first key and a second key policy in association with a second key (para 34, line 1-10 and para 47, line 1-12; data encryption service manages and stores data encryption of resources including encryption key policies specifying the encryption keys to be used in encrypting application data); 
determining a remote machine stores a first application affected by the first key policy and a second application affected by the second key policy, the first application utilizing the first key to encrypt first data, and the second application utilizing the second key to encrypt second data (Fig. 1 and para 47, line 1-12 and para 51, line 1-10; application hosting systems 110 may be a computing device such as a laptop or wearable computer and includes cryptographic policies that specify a particular cryptographic algorithm or key to secure portions of the application for multiple applications); 

in response to the determining that the first key of the first application is non-compliant with the first key policy, sending a request to deploy a third key (para 131, line 1-23 and para 150, line 1-14; data encryption service includes a monitoring and alert service that sends a request to issue a renewed encryption key for the encryption key not renewed or updated appropriately);
determining that the second key of the second application is non-compliant with the second key policy (para 131, line 1-23; data encryption service determine that an encryption key is not renewed and/or updated appropriately using the encryption key policies applicable to each application); 
Agarwal does not teach identifying an exception to the second key policy;
Reilly teaches identifying an exception to the second key policy (para 53, line 1-18 and para 86, line 1-19; determine if the key 256 no longer conforms to the current application domain policies and throw an exception);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Agarwal 
Agarwal teaches in response to the second application being non-compliant (para 131, line 1-23; data encryption service determine that an encryption key is not renewed and/or updated appropriately using the encryption key policies applicable to each application)
Agarwal does not teach based on the exception, suppressing a second request to update the second key; and
Reilly teaches based on the exception, suppressing a second request to update the second key (para 53, line 1-18 and para 86, line 1-19; throw an exception for key update and maintain the old key); and
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Agarwal to incorporate the teachings of Reilly to provide throw an exception for key update and maintain the old key.  Doing so would allow for managing encryption keys for computer software applications, as recognized by Reilly.

Agarwal does not teach the first response including a suppression of the second request
Reilly teaches the first response including a suppression of the second request (para 53, line 1-18 and para 86, line 1-19; throw an exception for key update and maintain the old key); and
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Agarwal to incorporate the teachings of Reilly to provide throw an exception for key update and maintain the old key.  Doing so would allow for managing encryption keys for computer software applications, as recognized by Reilly.
Regarding claim 18, Agarwal and Reilly teach computer product of claim 16.

determining the remote machine that stores the first application affected by the first key policy, in response to the change to the attribute of the key defined by the first key policy (para 51, line 1-10 and para 161, line 1-12; generate a set of rules, specifying a set of conditions for the encryption key policies applicable to an application of a computing device, to be applied to an identified attribute); and 29WO 2019/232692PCT/CN2018/089928 
updating the first key utilized by the first application based on the change to the attribute of the key defined by the first key policy (para 155, line 1-11 and para 161, line 1-12; updating an encryption key based on the generated a set of rules, specifying a set of conditions for the encryption key policies applicable to an application, to be applied to an identified attribute).
Regarding claim 19, Agarwal and Reilly teach computer product of claim 18.
Agarwal teaches the attribute of the key is any one of: key length, symmetry or asymmetry of the key, or an algorithm to generate the key (para 
Regarding claim 20, Agarwal and Reilly teach computer product of claim 16.
Agarwal teaches in response to the determining that the first key of the first application is non-compliant with the first key policy (para 131, line 1-23 and para 150, line 1-14; data encryption service includes a monitoring and alert service that sends a request to issue a renewed encryption key for the encryption key not renewed or updated appropriately): 
generating the third key at the encryption system (para 142, line 1-12 and 144, line 1-19; the monitoring and alert service of the data encryption service performs and provides the key updates); and 
deploying the third key to the remote machine (para 51, line 1-10 and para 142, line 1-12 and 144, line 1-19; the monitoring and alert service of the data encryption service provides the key updates to application hosting systems 110, which may be a computing device such as a laptop or wearable computer).
Regarding claim 21, Agarwal and Reilly teach computer product of claim 16.

identifying and flagging the first application and a third application affected by the first key policy (para 131, line 1-25; may lead to security warnings that encryption objects are out of compliance for different applications); and 
updating the first key policy (para 37, line 1-12 and para 135, line 1-13; data encryption service may receive an application policy and determine the appropriate encryption to be applied to data in the application).  
Regarding claim 22, Agarwal and Reilly teach computer product of claim 16.
Agarwal teaches the request further comprises a time to deploy the third key and a definition for an event at which to deploy the third key (para 54, line 1-17 and para 131, line 1-23; data encryption service determine that an encryption key is not renewed and/or updated appropriately using the encryption key .
5.	Claims 6 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Agarwal in view of Reilly and White et al. (US Pub. 2016/0269364), hereinafter White, filed on Mar. 11, 2016.
Regarding claim 6, Agarwal and Reilly teach method of claim 5.
Agarwal and Reilly do not teach the first response further comprises failure information associated with the deploying of the third key to the remote machine.
White teaches the first response further comprises failure information associated with the deploying of the third key to the remote machine (para 55, line 1-9 and para 59, line 1-10; encryption key management involving an applied key management device 110 and a target device 150b may result in a failure message and/or cause of unsuccessful encryption key transaction).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Agarwal and Reilly to incorporate the teachings of White to provide a result in a failure message and/or cause of unsuccessful encryption key transaction.  Doing so 
Regarding claim 13, Agarwal and Reilly teach system of claim 12.
Agarwal and Reilly do not teach the first response further comprises failure information associated with the deploying of the third key to the remote machine.
White teaches the first response further comprises failure information associated with the deploying of the third key to the remote machine (para 55, line 1-9 and para 59, line 1-10; encryption key management involving an applied key management device 110 and a target device 150b may result in a failure message and/or cause of unsuccessful encryption key transaction).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Agarwal and Reilly to incorporate the teachings of White to provide a result in a failure message and/or cause of unsuccessful encryption key transaction.  Doing so would allow for generation, management, and distribution of applied key management of security objects, as recognized by White.
Conclusion
6.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following are relevant prior arts: Lietz et al. (US Pub. 2015/0310221) discloses policy manager may direct key distribution service to distribute new encryption keys to users as new encryption keys are generated and used to encrypt the database and the key distribution service may be configured to transmit new encryption keys to one or more user applications that are authorized to access one or more of the computing environments and the database; Poiesz et al. (US Pub. 2016/0350561) discloses a computing device executes one or more trusted execution environment (TEE) processes in a TEE of a processor, the one or more TEE processes cryptographically protect a secret and a policy, and the policy specifies a plurality of conditions on usage of the secret; Walker (US Pub. 2015/0373023) discloses secured mobile application may be a managed mobile application that both complies with enterprise application policies and has also been secured with an encryption key; Weiss et al. (US Patent 10,511,630) discloses policy-based separation of data and applications on computer, especially personal computers that operate in different environments, .
7.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
8.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to NHAN H NGUYEN whose telephone number is (571)272-6443.  The examiner can normally be reached on Monday-Friday 8:30am - 4:00pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NHAN HUU NGUYEN/Examiner, Art Unit 2492

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492