DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Allowable Subject Matter
Claims 21-40 are allowed.

Reasons for Allowance
Examiner’s statement of reasons for allowance for claims 21-40 are stated below.
Regarding independent Claims 21, 25 and 33, the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of said prior art that teaches “obtaining a request to change a lifetime of a cryptographic key, the cryptographic key encrypted in a first key token by a first domain key of a plurality of domain keys, the first key token including an identifier of the cryptographic key and an identifier of the first domain key; authenticating the request based at least in part on a verification of a policy applicable to the request, the policy being associated with the cryptographic key based at least in part on the identifier of the cryptographic key; determining that the first domain key is available as a result of the request being obtained before a first expiration of the cryptographic key encrypted in the first key token; selecting the first domain key indicated by the identifier of the first domain key; decrypting the cryptographic key using the first domain key; selecting, from the plurality of domain keys, a second domain key with a second expiration that matches a specified lifetime included in the request; encrypting, by using the second domain key, the cryptographic key to produce an encrypted cryptographic key; generating a second token comprising the encrypted cryptographic key and an identifier of the encrypted cryptographic key; and providing the second token in response to the request” in combination with all the elements of the respective independent claims. 
The dependent claims 22-24, 26-32, and 34-40 are allowable due to its dependence on independent claims 21, 25 and 33 respectively.


Youn et al. US2008/0019527 teaches a method and system for managing keys.  A system authenticates a client at a key manager.  Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator.  This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key.  Next, the system decrypts the token using a master key.  The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key.  If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data.  Finally, the client deletes the customer key.
Perlman US2005/0066175 teaches a method and system for utilizing an ephemeral encryption or decryption agent so as to preclude access by the ephemeral encryption agent or decryption agent, respectively, to the information being ephemerally encrypted or decrypted.  To preclude access by the ephemeral encryption agent, a blinding function is applied to the information prior to forwarding such information to the encryption agent for encryption.  To preclude access to the information by the ephemeral decryption agent, a blinding function is applied to the encrypted information prior to forwarding the encrypted information to the decryption agent for decryption.  Once the information has been returned, the information is unblinded, leaving an encrypted or decrypted message respectively.
Lee et al. US2012/0140923 teaches systems and methods for encryption key versioning and rotation in a multi-tenant environment. A key splitting process securely stores a master key used to encrypt tenant-level encryption keys, a key versioning process is used to securely track updated encryption keys, and a key rotation process is used to rotate encrypted data to an updated version of a tenant-level encryption key. 


Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959.  The examiner can normally be reached on M-F 8am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HENRY TSANG/
Primary Examiner, Art Unit 2495