DETAILED ACTION
 The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. Authorization for this examiner’s amendment was given by email on 01/13/2022, and over of the phone on 01/28/2022 from Russell M. Steinbrenner, Reg. No. 73,461. 

3.
Information Disclosure Statement
The Information Disclosure Statement (IDS) submitted on 09/27/2021 are in compliance with the provisions of 37 CFR 1.97, 1.98, and MPEP § 609. they have been placed in the application file, and the information referred to therein has been considered as to the merits.


4.

Examiner’s Amendments

1.	(Currently Amended) A system for providing a hardware security module extension having support for custom cryptographic operations, the system comprising:
	an application execution server providing an application execution environment and part of a hardware security module extension (HSM-E) network that is operating as a cloud service, the application execution server configured to
receive a cryptographic request associated with a custom cryptographic operation,
access key data from a hardware security module in response to receiving the cryptographic request, 
execute, within the application execution environment, the custom cryptographic operation against the key data from the hardware security module, wherein the custom cryptographic operation is not a supported operation of the hardware security module, and
transmit a response to the cryptographic request.

2.	(Previously Presented) The system of claim 1, wherein the application execution server is configured to receive the cryptographic request from a private network.

3.	(Previously Presented) The system of claim 1, wherein the custom cryptographic operation includes at least one selected from a group consisting of padding plaintext 

4.	(Previously Presented) The system of claim 1, further comprising:
	an event stream server providing an event stream, the event stream server configured to
receive an event associated with the cryptographic request,
store the event in a secure event storage, and
trigger a notification associated with the event to an event queue.

5.	(Previously Presented) The system of claim 1, further comprising:
a data process execution server providing a data process execution environment, the data process execution server configured to
		access an event associated with the cryptographic request from an event queue,
perform an action based on the cryptographic request, and
output a result from performing the action.

6.	(Previously Presented) The system of claim 5, wherein the action includes at least one selected from a group consisting of creation of key data, rotation of key data, deletion of key data, and specification of a key permission.



8.	(Previously Presented) The system of claim 5, wherein the data process execution server is configured to output the result to a secure data storage, the result including an update to a cryptographic request log.

9.	(Previously Presented) The system of claim 5, wherein the data process execution server does not have access to the key data of the hardware security module. 

10.	(Previously Presented) The system of claim 1, wherein the application execution server is configured to receive the cryptographic request from a customer server through an application programming interface gateway.

11.	(Previously Presented) The system of claim 1, further comprising:
	an application programming interface gateway configured to 
receive the cryptographic request, 
validate the cryptographic request, and 
route the cryptographic request to the application execution server. 

12.	(Canceled).


	receiving, at a server providing an application execution environment that is part of a hardware security module extension (HSM-E) network operating as a cloud service, a cryptographic request associated with a custom cryptographic operation;
	accessing key data from a hardware security module;
executing, within the application execution environment, the custom cryptographic operation against the key data from the hardware security module, wherein the custom cryptographic operation is not a supported operation of the hardware security module; and
transmitting a response to the cryptographic request.

14.	(Currently Amended) The method of claim 13, wherein receiving the cryptographic request includes receiving the cryptographic request at an application programming interface gateway and routing, with the application programming interface gateway, the cryptographic request to the server.

15.	(Currently Amended) The method of claim 14, further comprising: 
validating, with the application programming interface gateway, the cryptographic request prior to routing the cryptographic request to the 

16.	(Previously Presented) The method of claim 13, further comprising:

wherein enabling access to the secure data storage includes at least one selected from a group consisting of reading data from the secure data storage and writing data to the secure data storage.

17.	(Previously Presented) The method of claim 13, further comprising:
	restricting access to a secure data storage based on the execution of the custom cryptographic operation against the key data from the hardware security module.

18.	(Currently Amended) A non-transitory, computer-readable medium storing instructions that, when executed by an electronic processor of a server, perform a set of functions, the set of functions comprising:
	receiving, at an application execution environment that is part of a hardware security module extension (HSM-E) network operating as a cloud service, a plurality of cryptographic requests;
	accessing key data from a hardware security module; 
executing, within the application execution environment, at least one custom cryptographic operation against the key data from the hardware security module, wherein that at least one custom cryptographic operation is associated with one or more of the plurality of cryptographic requests and wherein the at least one custom cryptographic operation is not a supported operation of the hardware security module; and


19.	(Previously Presented) The computer-readable medium of claim 18, wherein the set of functions further comprises:
writing a plurality of events to a secure event storage of an event stream, wherein each of the plurality of events is associated with one of the plurality of cryptographic requests; 
accessing, from the event stream, two or more events included in the plurality of events;
for each of the two or more events, performing, within a data process execution environment, an action associated with each of the two or more events using the hardware security module; and
outputting a result from performing the action for each of the two or more events.

20.	(Previously Presented) The computer-readable medium of claim 18, wherein receiving the plurality of cryptographic requests includes receiving the plurality of cryptographic requests from different private networks.


5.
Allowable Subject Matter



According to MPEP 1302.14 (I): “In most cases, the examiner’s actions and the applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (c) and 37 CFR 1.133(b). Thus, where the examiner’s actions clearly point out the reasons for rejection and the applicant’s reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary.”
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYOUB ALATA whose telephone number is (313)446-6541.  The examiner can normally be reached on Monday - Friday 7:30 - 5:00 Est.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571)272-3804.  The fax phone number for the organization where this application or proceeding is assigned is (571)273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/AYOUB ALATA/Primary Examiner, Art Unit 2494