DETAILED ACTION
1. 	This is in response to a divisional application No. 16/887,092 filed on May 29, 2020. Claims 1-10 have been submitted for examination. Claim 3 is canceled and new claims 11-21 are added as a result of examiner’s amendment. Thus claims 1-2, 4-21 are pending and claims 1 and 12 are independent.  
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
	3.	This application filed on 05/29/2020 is a division of application No.15605512, filed 05/25/2017, now U.S. Patent #10673623. Application No. 15605512 is a continuation in part of application No. 15604856, filed 05/25/2017, now U.S. Patent #10846411 and application No. 15604856 claims Priority from Provisional Application 62341453, filed 05/25/2016.
				Information Disclosure Statement
4.	The information disclosure statements (IDS) submitted on 12/01/2020; 05/04/2021; 08/27/2021 and 03/09/2022 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.

Drawings
5.	The drawings filed on May 29, 2020 are accepted. 
Specification


7.	On March 9, 2022, examiner and applicant's representative Matthew H. Grady, Reg. No. 52,957 conducted examiner initiated telephone interview. The summary of the interview is attached. 

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Matthew H. Grady, Reg. No. 52,957, on March 9, 2022.

	The application has been amended as follows:
In the claims:

1.	(Currently Amended) A method for modifying an encryption scheme of a database system, comprising acts of:
selecting a first secondary node of a replica set, the replica set comprising at least a primary node and a plurality of secondary nodes, and disabling read and write access to at least one database instance hosted on the first secondary node of the replica set;

obtaining a second master key via a key management interface;
for the at least one database on the first secondary node of the replica set, encrypting the internal database key using the second master key;
restoring read and write access to the first secondary node of the replica set;
triggering key rotation for  the other nodes of the replica set responsive to validating proper encryption of a prior node of the replica set ; and
wherein the act of triggering key rotation for the other nodes of the replica set includes executing key rotation on at least one secondary node of the replica set prior to executing key rotation on a respective primary node.

2.	(Original) The method of claim 1, further comprising an act of limiting key rotation operations to a node and an associated database within a respective replica set.  

3.	(Cancelled) 

4.	(Currently Amended) The method of claim 1, wherein responsive to validating proper execution of key rotation on the secondary nodes of the replica set, triggering key rotation on the primary node.

at least one primary node includes: 
demoting the primary node to a secondary node:
automatically electing a new primary from the secondary nodes on which key rotation has been executed; and  
	disabling read write access to the demoted primary node.

6.	(Original) The method of claim 1, further comprising an act of automatically obtaining the second master key from a key management server.

7. 	(Original) The method of claim 6, wherein the act of automatically obtaining the second master key includes receiving the second master key via a key management interoperability protocol (KMIP) or via an Application Programming Interface (API), in communication with the key management server external to the database system.

8.	(Original) The method of claim 1, further comprising an act of automatically determining a key rotation operation should be executed. 

9.	(Original) The method of claim 1, wherein the act of obtaining a second master key via a key management interface includes an act of obtaining at least one new internal key for the at least one database instance; and 


10.	(Original) The method of claim 9, further comprising an act of generating a duplicate secondary node responsive scheduling an internal key rotation operation.

11. 	(New) The method of claim 10, further comprising an act of executing key rotation on the duplicate secondary node.

12.	(New) A system for modifying an encryption scheme of a database system, the system comprising: 
at least one processor operatively connected to a memory, the at least one processor when executing configured to: 
select a first secondary node of a replica set, the replica set comprising at least a primary node and a plurality of secondary nodes, and disable read and write access to at least one database instance hosted on the first secondary node of the replica set;
decrypt an internal database key using a first master key for the at least one database instance on the node of a replica set;
obtain a second master key via a key management interface;
for the at least one database on the first secondary node of the replica set, encrypt the internal database key using the second master key;

trigger key rotation for the other nodes of the replica set responsive to validating proper encryption of a prior node of the replica set, 
wherein the act of triggering key rotation for the other nodes of the replica set includes executing key rotation on at least one secondary node of the replica set prior to executing key rotation on a respective primary node.

13.	(New) The system of claim 12, wherein the at least one processor is configured to limit key rotation operations to a node and an associated database within a respective replica set.  

14.	(New) The system of claim 13, wherein the at least one processor is configured to trigger key rotation on the primary node responsive to validation of proper execution of key rotation on the secondary nodes of the replica set.

15.	(New) The system of claim 14, wherein the operation to trigger key rotation on the primary node includes operations to: 
demote the primary node to a secondary node:
automatically elect a new primary from the secondary nodes on which key rotation has been executed; and  
	disable read write access to the demoted primary node.



17. 	(New) The system of claim 16, wherein the operation to automatically obtain the second master key includes operations to receive the second master key via a key management interoperability protocol (KMIP) or via an Application Programming Interface (API), in communication with the key management server external to the database system.

18.	(New) The system of claim 12, wherein the at least one processor is configured to  automatically determine a key rotation operation should be executed. 

19.	(New) The system of claim 12, wherein the at least one processor is configured to obtain a second master key via a key management interface which includes an operation to obtain at least one new internal key for the at least one database instance; and 
wherein the operation to encrypt the internal database key using the second master key is executed responsive to validating an act of re-encrypting the at least one database instance with the at least one new internal key.

20.	(New) The system of claim 19, wherein the at least one processor is configured to generate a duplicate secondary node responsive scheduling an internal key rotation operation.




Allowable Subject Matter
8.	Claims 1-2 and 4-21 are allowed. 
9.	The following is an examiner’s statements of reasons for allowance:
10. 	 The following references/prior arts disclose the general subject matter recited in independent claims 1 and 12. 


A.	    US Patent No. 8,572,031 B2 discloses Merriman discloses systems and methods for managing asynchronous replication in a distributed database environment, wherein a cluster of nodes are assigned roles for processing database requests. In one embodiment, the system provides a node with a primary role to process write operations against its database, generate an operation log reflecting the processed operations, and permit asynchronous replication of the operations to at least one secondary node. In another embodiment, the primary node is the only node configured to accept write operations. Both primary and secondary nodes can process read operations. Although in some to settings read requests can be restricted to secondary nodes or the primary node. In one embodiment, the systems and methods provide for automatic failover of the primary node role, can include a consensus election protocol for identifying the next primary node. Further, the systems and methods can be configured to automatically reintegrate a failed primary node.

US Patent No. 10/372,926 B1 to Leshinsky discloses a distributed data store may implement passive distribution encryption keys to enable access to encrypted data stored in the distributed data store. Keys to encrypt a data volume stored in the distributed data store may be encrypted according to a distribution key and provided to a client of the distributed data store wherein a key hierarchy may be implemented to encrypt the keys that provide access to the encrypted data. The key hierarchy may include a user key.[See abstract]. Furthermore Leshinsky discloses how the received key(s) may be common to group of storage nodes providing a protection group to store the same portion of a data volume at the member nodes of the protection group (e.g., PG key 720 in FIG. 7). Once received, the encrypted keys may be decrypted at the storage node according to another key maintained at the storage node, as indicated at 1140. For example, the storage node may maintain a distribution key which is used by the control plane to encrypt keys sent to clients. In some embodiments, this distribution key may be impermanent, and be rotated at different times. A new distribution key may be obtained by the storage node to decrypt subsequently received encrypted keys. In at least some embodiments, storage nodes may purge all keys decrypted using a previous master key so that clients may have to resend the key(s) for the data volume again encrypted using the new master key. 


C.  	US Patent No. 6,240,514 B1 to Inoue discloses a mobile computer database 41, a master key database 42, an encapsulation unit 43, an encryption unit 44, a decryption unit 45, a packet key embedding unit 46, a packet key extraction unit 47, a data input/output unit 48, and a computer location recognition unit 49. The key information header contains information for specifying a key encryption algorithm, a packet encryption algorithm, and an authentication as well as a packet processing key Kp encrypted by a master key Kij to be shared between two data packet encryption gateways (or between the data packet encryption gateway and the mobile computer). Here, the packet processing key Kp is a key which is randomly generated at the sender side, which will be used in calculating a packet authentication key A_Kp and a packet encryption key E_Kp. Note that the master key may be provided in a form of a function Kijn if a time information (indicated by a counter n).

D.	US Patent No. 9,141,814 B1 to Murray discloses computer systems and methods ensuring high availability of cryptographic keys using a shared file system. The keys are encrypted with at least one shareable master key to generate corresponding encrypted cryptographic keys, which are stored in a key database in the shared file system. A master key manager with access to the key database is elected from among master key manager candidates and is assigned a common virtual address. All master key manager candidates have the shareable master key such that during a failover event the availability of the encrypted cryptographic keys is not interrupted as a new master key manager takes over the common virtual address from the previous master key manager. Additionally, a message authentication code (MAC) is deployed for testing the integrity of keys during their retrieval.


E.	US Patent No. 7,657,578 to Karr (cited in the IDS) discloses a system for volume replication in a distributed block virtualization environment includes a first and a second set of one or more physical block devices, a first and a second volume server, one or more volume clients, and a replication manager. The first volume server may be configured to aggregate storage in the first set of one or more physical block devices into one or more logical volumes, 

F.	US Patent No. 9,959,308 B1 to Carman (cited in the IDS) discloses a Non-blocking processing of federated transactions may be implemented for distributed data partitions. A transaction may be received that specifies keys at data nodes to lock in order to perform the transaction. Lock requests are generated and sent to the data nodes which identify sibling keys to be locked at other data nodes for the transaction. In response to receiving the lock requests, data nodes may send to lock queues indicating other lock requests for the keys at the data node. An evaluation of the lock queues based, at least in part, on an ordering of the lock requests in the lock queues may be performed to identify a particular transaction to commit. Once identified, a request to commit the identified transaction may be sent to the particular data nodes indicated by the sibling keys in a lock request for the identified transaction.

G.	US Patent No. 10,430,433 B2 to Stearn (cited in the IDS)discloses a translation component is configured to operate on document encoded data to translate the document encoded data into a canonical format comprising a plurality of canonical types that fold together into a byte stream. The translation component is configured to accept any storage format of data (e.g., column store, row store, LSM tree, etc. and/or data from any storage engine, WIREDTIGER, MMAP, AR tree, Radix tree, etc.) and translate that data into a byte stream to 

H. 	US 10,489,357 B2 to Horowitz (cited in the IDS) discloses an automation system is provided to automate any administrative task in a distributed database, such that the end user can input a goal state (e.g., create database with a five node architecture) and the automation system generates and executes a plan to achieve the goal state without further user input. According to another aspect, bringing existing database systems into automated management can be as complex as designing the database itself. According to some embodiments, the automation system is configured to analyze existing database systems, capture and/or install monitoring components within the existing database, and generate execution pathways to integrate existing database systems into automation control systems. Based on the current state information, the automation system is configured to generate an installation pathway of one or more intermediate states to transition the existing system from no automation to a goal state having active automation agents distributed throughout the database.

I.	US Patent No. 10,496,669 B2 to Merriman (cited in the IDS) discloses a distributed database system is configured to manage write operations received from database clients and execute the write operations at primary nodes. The system then replicates received operations across a plurality of secondary nodes. Write operation can include safe write requests such that the database guaranties the operation against data loss once acknowledged. In some 

J.	US Publication No. 2013/0346,366 A1 cited in the IDS to Ananthanarayanan discloses a front end and backend replicated storage in which an existing primary data copy can be maintained on an existing primary front end server node. One or more existing secondary data copies can be maintained on one or more existing secondary front end server nodes to minor the existing primary data copy (such as by making synchronous changes to the secondary data copies). One or more existing backup data copies can be maintained on an existing backend server node to mirror the existing primary data copy (such as by making asynchronous changes to the one or more backup data copies). The existing backend server node can be accessible by one or more of the front end nodes. In response to detecting a failure of the existing primary data copy, one of the one or more secondary data copies can be designated as a new primary data copy in place of the existing primary data copy.

K.  	US Publication No. 2016/0323378 A1 to Coskun cited in the IDS discloses a method includes executing a software application at a computing device of a computing fabric, and thus resulting in a change to a portion of a copy of state information associated with the software application stored in the computing device. The method also includes automatically replicating the change to the portion of the copy of state information stored on the computing device to 

L. 	US Publication No. 2019/0303382 A1 cited in the submitted IDS to Bostic discloses a distributed database systems and methods with pluggable storage engines in which systems are provided for selectively employing storage engines in a distributed database environment. The methods and systems can include a processor configured to execute a plurality of system components, wherein the system components comprise an operation prediction component configured to determine an expected set of operations to be performed on a portion of the database; a data format selection component configured to select, based on at least one characteristic of the expected set of operations, a data format for the portion of the database; and at least one storage engine for writing the portion of the database in the selected data format.
M. 	See the other cited prior arts

However, the above prior arts of record including the rest of the cited prior arts including the prior arts cited in the parent applications IDS either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application that is taken as a whole including the functional limitation recited in independent claims 1 and 12. For this reason, the specific claim limitations recited in independent claims 1 and 12 taken as whole are found to be allowable.



13.	Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees. Such submission should be clearly labeled "Comments on Statement of Reasons for Allowance". In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if any questions at (703) 305-8497. 

Conclusion

14.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMSON B LEMMA whose telephone number is 571-272-3806.  The examiner can normally be reached on M-F 8am-10pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shaw Yin Chen can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.	
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SAMSON B LEMMA/
Primary Examiner, Art Unit 2498