ALLOWABILITY NOTICE
The following claims are pending in this office action: 1-15
The following claims are amended: 1-2, 5-7, 10-12 and 15
The following claims are new: -
The following claims are cancelled: - 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Reasons for Allowance
Claims 1-15 are allowed.  
The following is an examiner’s statement of reasons for allowance:  The cited prior art references, do not alone or in combination teach the recited features of independent claims 1, 6, and 11.  The prior art of record fails to disclose the combination of features as claimed and arranged by applicant when read in light of the specification.  In this case, the allowance is based on the combination of the limitations in each independent claim and not on any single limitation.  For example, the claim requires 1) transmitting… to a key management service (KMS)… a customer master key… for an instance of a (remote customer) computer program as part of a request for a key encryption key (KEK) by a (customer) computer; 2) receiving, from the key management service by the (customer) computer … both an unencrypted form of the KEK and an encrypted form of the KEK; 3) the unencrypted KEK is recoverable by the (customer) computer decrypting the encrypted KEK using the customer master key; 4) storing the unencrypted form of the key encryption key in the memory of the (customer) computer, and; 5) generating and encrypting a data sent from the (remote customer) computer program using a generated data key and encrypting the data key with the unencrypted KEK.  In particular, none of the searched art describes an approach to provide a customer a cloud service provider unencrypted and encrypted KEK, derived from a customer 
The closest reference, Hamel et al. (US Pub. 2018/0062835) teaches a key release system (KRS) where an encrypted tenant service key and an encrypted tenant master key are received by a user.  The key release system is in a “customer datacenter” separate from the cloud service provider key management system.  The encrypted tenant master key is encrypted by a customer master key and the encrypted tenant service key is encrypted by a tenant service key.  The tenant service key is generated and encrypts data, while being encrypted by the tenant master key.  Although in the broadest reasonable interpretation, the tenant master key is a KEK, the reference does not teach receiving both an unencrypted form of the KEK and an encrypted form of the KEK.   In fact, the reference teaches that the KRS module receives an unlock request received from the KMS system to unlock the tenant master key which would defeat the purpose of the inventive quality of the instant application, which is to provide KEKs independent of a KMS.  Conversely, the purpose of the KRS system would be defeated by providing an unencrypted KEK as doing so would make the KRS system obsolete.
Kinoshita et al. (US Pub. 2009/0214044) teaches a key management service program managed by a host computer, and a file encryption program managed by a client computer.  The file encryption program sends a request for a KEK to the key management service program, which responds by sending the KEK and the identification information of the KEK.  The identification information of the KEK corresponds to an encrypted form the KEK in the broadest reasonable interpretation, as the identification information acts as a look up table to obtain/decrypt the KEK from the key ID.  However, Kinoshita does not teach that the unencrypted KEK is recoverable from the encrypted KEK by the customer using the customer master key.  Kinoshita discloses that the host computer and client computer are on the same network 90 and connected by an Ethernet interface, and the framework is for key organization, and not 
Mehr et al. (US Patent No. 9,973,481) generally discloses use of an envelope in a KMS system so that a recipient customer receives encrypted data in an envelope in the same way that an envelope is used in the instant application, but fails to disclose the sender customer having access direct access to the unencrypted or encrypted KEK.  
Freeman et al. (US Pub. 2009/0006851) generally discloses use of an encrypted data envelope with a hash authentication code, but does not disclose a KMS, and so fails to disclose a customer/client obtaining the unencrypted and encrypted KEK from the cloud KMS.  
Some references discloses a KMS system that includes an encrypted and/or unencrypted KEK but does not provide the KEK to the user.  For example, Zhijun et al. (US Pub. 2019/0340393) discloses a rich execution environment (REE) and a trusted execution environment (TEE) where the REE KMS receives an encrypted KEK from the TEE KMS that is decrypted using a user secret.  However, like Hamel, the process is done at the cloud KMS, and so does not provide the customer computer system with the encrypted KEK or a decrypted KEK.  
Other references discloses a user device with unencrypted and encrypted KEK, but such keys are generated by the user device.  For example, Martel et al. (US Patent No. 10,872,152) discloses a secure enclave where derived encryption keys based on a user key where the derived encryption key is used to decrypt to key encryption key.  However, an entropy generator generates the first encrypted key, as well as the system KEK, without any cloud service provider.   Richards et al. (US Pub. 2020/0057859) discloses managing a secure object store where a Node KEK decrypts data keys.  Similarly no third party in Richards provides the KEK to the client device, which derives the KEK from unlock KEKs that are randomly generated, split, and distributed within the user computer system.  

These along with the other recited features of independent claims 1, 6, and 11 and their dependent claims make the claimed inventions allowable over the prior arts of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000. 
/Z.L./Examiner, Art Unit 2493                                                                                                                                                                                                        
/Jeremy S Duffield/Primary Examiner, Art Unit 2498