DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted by applicant dated 10/11/2021 has been considered by the examiner.

Allowable Subject Matter
Claims 1-20 are allowed.

Reasons for Allowance
Examiner’s statement of reasons for allowance for claims 1-20 are stated below.
Regarding independent Claim 1, the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of said prior art that teaches “obtain a first web service application programming interface (API) request to perform an automatic key rotation, wherein the first web service API request includes a key name associated with a first cryptographic key, further wherein: the first cryptographic key is associated with a first key version to indicate whether the first cryptographic key is usable for encryption; the first cryptographic key is associated with a key type that indicates a key length or a cryptographic algorithm; and the first cryptographic key is associated with a first key state indicating whether the first cryptographic key can be used for cryptographic operations; use a rotation schedule to determine when to perform a key rotation; perform the key rotation by at least causing the first cryptographic key to be un- usable for future encryption requests by associating, in lieu of the first cryptographic key, a second cryptographic key to the key name, wherein the second cryptographic key, with a second key type and a second key state, is associated with a second key version to indicate whether the second cryptographic key is usable for encryption; obtain a second web service API request to decrypt a ciphertext, the second web service API request including the key name; determine whether the second web service API request is for performance of a decryption operation using the first cryptographic key; determine, based at least in part on the first key state being in an enabled state, whether the first cryptographic key is usable for the decryption operation; as a result of determining that the first cryptographic key is usable for the decryption operation, decrypt the ciphertext using the first cryptographic key, thereby generating a plaintext; and provide a response to the second web service API request that includes the plaintext” in combination with all the elements of the claim. 
The dependent claims 2-6 are allowable due to its dependence on independent claim 1.

Regarding independent Claim 7, the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of said prior art that teaches “obtaining a request to perform an automatic key rotation on a rotation schedule, wherein the request encodes a key identifier associated with a first cryptographic key, further wherein: the first cryptographic key is associated with a first key version to indicate whether the first cryptographic key is usable for encryption; the first cryptographic key is associated with a key type that indicates a length and a cryptographic algorithm; and the first cryptographic key is associated with a first key state indicating whether the first cryptographic key can be used; performing a key rotation based on the rotation schedule by at least causing the first cryptographic key to be unusable for subsequent encryption requests by associating a second cryptographic key to the key identifier, wherein the second cryptographic key, with a second key type and a second key state, is associated with a second key version to indicate whether the second cryptographic key is usable for encryption; and wherein the first cryptographic key continues to be usable for future decryption requests after the second cryptographic key is associated with the key identifier” in combination with all the elements of the claim. 
The dependent claims 8-15 are allowable due to its dependence on independent claim 7.

Regarding independent Claim 16, the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of said prior art that teaches “
obtaining a web service application programming interface (API) request to decrypt a ciphertext, the web service API request encoding a key identifier, wherein: the key identifier is associated with a first cryptographic key, the first cryptographic key associated with a first key version, wherein the first cryptographic key is usable for a first set of cryptographic operations and unusable for a second set of cryptographic operations; and the key identifier is associated with a second cryptographic key, the second cryptographic key associated with a second key version, wherein the second cryptographic key is usable for both the first and second sets of cryptographic operations; determining that the web service API request is for performance of a cryptographic operation using the first cryptographic key; determining that the first cryptographic key is in an enabled key state; as a result of the cryptographic operation being of the first set of cryptographic operations and the first cryptographic key being in the enabled state, using the first cryptographic key to perform the cryptographic operation; and providing a response to the web service API request based at least in part on a result of performing the cryptographic operation” in combination with all the elements of the claim. 
The dependent claims 17-20 are allowable due to its dependence on independent claim 16.

The closest prior art made of record are:
Lee et al. US2012/0140923 teaches a method and system for encryption key versioning and rotation in a multi-tenant environment are presented here. Managing encrypted data and their associated encryption keys. A key splitting process securely stores a master key used to encrypt tenant-level encryption keys, a key versioning process is used to securely track updated encryption keys, and a key rotation process is used to rotate encrypted data to an updated version of a tenant-level encryption key.
Chambers et al. US2012/0321078 teaches a method and system for maintaining data security through encryption key retirement and selective re-encryption. Selectively re-encrypting a subset of encrypted values includes storing each encrypted value together with the key profile number for the encryption key that was used to generate that encrypted value. When a key is compromised, its associated key profile number allows the efficient identification of all the encrypted values that were created using the now-compromised key. Once identified, the encrypted values may be decrypted using the compromised key and re-encrypted using a new key, without changing other related data such as the token associated with the encrypted value.
Fu et al. US2005/0018842 teaches a method and system for windowed backward key rotation. A user is provided information that allows determining a limited number of previous keys in a series of keys from a later key in the series. A key in the series is generated, based at least in part on the information provided to the user. The key in the series is provided to the user. The user determines at least one key in the limited number of previous keys in the series by applying the information to the key in the series.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959.  The examiner can normally be reached on M-F 8am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HENRY TSANG/
Primary Examiner, Art Unit 2495