DETAILED ACTION
This action is response to communication:  response to election filed on 02/18/2022.
Claims 1-15 and 21-25 are currently pending in this application.  Claims 16-20 are cancelled and claims 21-25 are new. 
The IDS filed on 06/01/2020 and 02/10/2021 has been accepted. 

Election/Restrictions
Applicant’s election without traverse of the restriction requirement in the reply filed on 02/18/2022 is acknowledged.  Applicants have elected claims 1-15 without traverse and have cancelled claims 16-20.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 7, 9, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Higgins et al. US Patent No. 11,240,007 (Higgins), in view of Hersans et al. US Patent Application Publication 2019/0097791 (Hersans).
	As per claim 1, Higgins teaches a non-transitory computer-readable medium having instructions stored thereon that are capable of causing a computing system to implement operations comprising: receiving, from an application, a request, wherein the request is associated with a particular account (see Figure 5 with receiving session key and key identifier; see col. 13 line 35 -65 wherein request is from a web server, client device, or application); accessing, using an identifier associated with the particular account, a key cache stored in a secure enclave of a memory of the computing system to determine at least one private key associated with the request (see Figure 4 with secure enclave with private key cache; further see col. 11 line 65 to col. 12 line 18 with private key cache which holds private keys  for a number of accounts; see col. 9 line 39-55 wherein key identifier may be associated with account/device; see Figure 5 and col. 13 lines 48-67 determining whether private key is stored in cache based on identifier), wherein the key cache stores private keys of a key management system for a plurality of accounts (col. 11 line 65 to col. 12 line 18 with private key cache which holds private keys for a number of accounts; see also col. 13 liens 20-35 with cache storing private keys from popular webservers); performing a cryptopgrahic operation with the secure enclave using the at least one private kye (col. 14 lines 44-56 wherein private key may be used to decrypt a session key; session key is used for communications between webserver and client).

	At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Higgins with Hersans.  One of ordinary skill in the art would have been motivated to perform such an addition to increase security (paragraph 14 of Hersans).

	As per claim 7, the Higgins combination teaches wherein the request specifies an account identifier of the particular account, and wherein the accessing the key cache to determine the at least one private key associated with the request is performed based on the account identifier (see Figure 5 with request which includes session key and key identifier; see col. 9 lines 40-55 wherein private key identifier may be a certificate, device, etc. identifier that may be used by the key server to identify and determine the correct private key that is to be used to decrypt the session key).
 	As per claim 9, the Higgins combination teaches wherein accessing the key cache includes decrypting the key cache using an ephemeral key (paragraph 32 with key encrypting 
	Claim 21 is rejected using the same basis of arguments used to reject claim 1 above.

Claims 2 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over the Higgins combination as applied above, and further in view of O’Connor et al. US Patent Application Publication 2010/0257351 (O’Connor).
	As per claim 2, the Higgins combination teaches wherein performing the cryptographic operatio includes accessing the key cache to obtain one or more private keys associated with one or more fragments of data stored in the database (see throughout Higgins and in the rejection above of private keys associated with different entities; Hersans throughout the reference teaches data/fragments within database associated with tenants - for example, see abtract with multi-tenant database).  However, the Higgins combination does not explicitly teach where the fragments of the data are associated with a plurality of tenants.  This would have been obvious though.  For example, see O’Connor (paragarph 34 wherein data in a database may be shared amongst tenants).
	At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of O’Connor with the Higgins combination.  One of ordinary skill in the art would have been motivated to perform such an addition to provide security in the storage of confidential data (paragraph 6 of O’Connor).	
Claim 22 is rejected using the same basis of arguments used to reject claim 2 above.

Claims 3, 10, 11, 14, 15, and 23 are rejected under 35 U.S.C. 103 as being unpatentable over the Higgins combination as applied above, and further in view of Wilson US Patent Application Publicaton 2002/0166053 (Wilson). 

As per claim 3, the Higgins combination teaches wherein the key cache includes a second portion that stores both active and inactive private keys of the KMS for the plurality of accounts (obvious over Higgins as Higgins teaches storing popular private keys - see col. 13 lines 20-35; these keys are popular, which may be active or inactive).  However, Higgins does not explicitly teach mapping active private keys to the plurality accounts.  This would have been obvious.  For example, see Wilson (paragraph 37 with private key index and private keys of users with active sessions).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the Higgins combination with Wilson.  One of ordinary skill in the art would have been motivated to perform such an addition to provide an improved technique for protecting information on a computer system against unauthorized access (Wilson paragraph 8).
Claim 10 is rejected using the same basis of arguments used to reject claim 3 above.
As per claim 11, the Higgins combination teaches wherein private keys stored by the key cache are usable to access fragmetns of data stored in the database for a plurality of tenants  (see throughout Higgins and in the rejection above of private keys associated with different entities; See Hersans abstract and throughout with tenant specific keys to access data in multi-tenant database;).  

As per claim 15, it would have been obvious over the Higgins combination to further comprise requesting, by a portion of the computing system that is stored externally tot eh secure enclave, to access at least one of the first and second portions of the key cache within the secure enclave; and receiving, by the portion of the computing system, a notification indicating that the request is blocked (Higgins col. 3 line 55 to col. 4 line 40 wherein secure enclave  is a secure and protected portion, and thus everything outside the secure enclave is external; see col. 4 lines 5-15 wherein access to secure enclave is protected; see also col. 2 lines 55-65 wherein secure enclave is protected from other components of the server as well as remote systems; see also col. 9 lines 55-67; it is inherent, if not obvious to one of ordinary skill in the art to send/receive notifications indicating a request is blocked as the accessing system will know if it cannot access the information; obvious to one of ordinary skill in the art to send a notification as it provides an alert).  
Claim 23 is rejected using the same basis of arguments used to reject claim 3 above.

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over the Higgins combination as applied above, and further in view of Navar et al. US Patent Application Publication 2004/0148344 (Navar).

	As per claim 6, the Higgins combination does not explicitly teach wherein the identifier associated with the particular account is determined by: locating, based on a pointer specified in the request, an encrypted fragment of data associated with the particular account; and 
	At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Higgins combination with Navar.  One of ordinary skill in the art would have been motivated to perform such an addition to provide an efficient way to search content and to increase security (Navar paragraphs 8-10).

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over the Higgins combination as applied above, and further in view of Audebert et al. US Patent Application Publication 2003/0204732 (Audebert).
	As per claim 8, the Higgins combination teaches prior to caching a plurality of priate keys in the key cache, obfuscating at least one of the plurality of private keys (col. 4 lines 35-40 with encrypting private keys before storage).  However, the Higgins combination does not explicitly teach wherein the obfuscation is performed via a binary operation.  Obfuscation using binary operations is well known in the art.  FOr example, see Audebert (paragraph 14 wherein secret information is obfuscated using binary operations).
	At the time the invention as filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Higgins combination with Audebert.  One of ordinary .  

Allowable Subject Matter
Claims 4, 5, 12, 13, 24, and 25 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter: As per claims 4, 5, 12, 13, 24, and 25, the claims are directed toward different features of the different portions of the key cache.  Although the references applied teach related limitations, such limitations would not have been obvious over the prior art of record.



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON KAI YIN GEE whose telephone number is (571)272-6431.  The examiner can normally be reached on Monday-Friday 8:30-5:00 PST Pacific.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/JASON K GEE/Primary Examiner, Art Unit 2495