Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
1.	This action is responsive to communication filed on: 9 May 2022 with acknowledgement of an original application filed on 29 November 2021 and that this application is a continuation of application 17/228,379 now patent 11,188,674 which is a continuation of application 15/286,112 filed on 5 October 2016 now patent 10,977,383.
2.	Claims 1-20 are currently pending.  Claims 1, 12, and 20, are independent claims. Claims 1, 12, and 20, have been amended.  
Response to Arguments

3.	Applicant's arguments filed 9 May 2022 have been fully considered however they are not persuasive where noted below.  The Double Patenting rejection is withdrawn due to the filing of an approved terminal disclaimer.
I)	In response to Applicant’s argument beginning on page 8, “First, Browning and O’Connor, alone or in any combination, do not teach or suggest at least, “wherein the first encrypted file and the second encrypted file remains accessible to one or more queries for a predefined period of time,” as required by claim 1.  Indeed, the Office action does not even cite to any portion of Browning, O’Connor, or any other reference with regard to the above-recited subject matter claim 1.  According, Applicant respectfully submits that the Examiner may not make the next Office action final if a new rejection is made”.
The Examiner disagrees with arguments for multiple reasons.   First the claim was amended to recite the above limitation, therefore this Office Action is Final.  Second, the amended claim limitation raises 112 rejection which are made in the below rejection.  Third, as stated in the previous rejection O’Connor teaches/suggests preventing a query from accessing the first encrypted filed by “immediate retirement.  In this scenario, the administrator may lock all records and fields encrypted with the retired key” in paragraphs 73-74.  Note the lazy retirement allows for the files encrypted with first key to be accessible for longer periods of time.  As stated in the previous Office Action stated “note by locking all records and fields encrypted with the retired key a query is prevented from access the first encrypted file”.  The combination of references Browning and O’Connor teach and/or suggest, the amended limitations.  In addition, as stated with the previous applications Browning discloses though their disclosure performing key rotation on encrypted data within a database without requiring the database to be taken offline or otherwise unavailable during key rotations, see the Abstract, paragraphs 7, 32-33, 38, and 43.  Therefore, the Applicant’s arguments are not persuasive.  
II)	In response to applicant’s argument beginning on page 9, “However, O’Connor does not teach or suggests at least, “allowing a second query to access the first encrypted file even though the first encrypted file is inaccessible to the first query”.
The Examiner disagrees with argument.  The combination of references teaches/suggests key rotations without taking the database offline.  This would allow queries even when another query is inaccessible.  In addition, the Applicant’s own disclosure does not support this new limitation.
Claim Rejections - 35 USC § 112
4.	The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

5.	Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.  The independent claims have been amended to include the phrase “allowing a second query to access the first encrypted file even though the first encrypted file is inaccessible to the first query”.  Nowhere in the disclosure is this feature disclosed.  The logic presented allows queries to a first encrypted file for a period of time, even after a second encrypted file has been generated.  Appropriate Correction is required.

6.	The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


7.	Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  The independent claims have been amended to state the following limitations:
	“generating a mapping for a plurality of encrypted files, wherein the mapping associates each of the plurality of encrypted files with a first encryption key or a second encryption key;
generating a second encrypted file by re-encrypting, data in the first encrypted file using a second encryption key, wherein the first encrypted file and the second encrypted file remains accessible to one or more queries for a predefined period of time…
preventing a first query from accessing the first encrypted file after the second encrypted file has been generated and the predefined period of time expires; and
allowing a second query to access the first encrypted file even though the first encrypted file is inaccessible to the first query”

The wording of the claim is indefinite because it is confusing.  If the logic prevents queries from accessing a first encrypted file after the second encrypted file has been generated why would a second query be allowed?  

The Examiner recommends the claims be amended to delete the last limitation or the claim be amended as indicated below.
“A method, comprising:…


allowing a first query to access the first encrypted file even though the second encrypted file is generated; 
preventing a second query from accessing the first encrypted file after the second encrypted file has been generated and the predefined period of time has expired.”
Appropriate correction is required.

8.	To expedite a complete examination of the instant application the claims rejected under 35 U.S.C. 112 above are further rejected as set forth below in anticipation of applicant amending these claims to overcome the above rejections.
Claim Rejections – 35 USC § 103
9.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


10.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Browning U.S. Patent Application No. 2010/0161995 (hereinafter ‘995) in view of O’Connor et al. U.S. Patent Application Publication No. 2014/0237234 (hereinafter ‘234).
As to independent claim 1, “A method, comprising: generating a mapping for a plurality of encrypted files” is taught in ‘995 Abstract and paragraph 7, note the generation identifiers are interpreted equivalent to the mapping;
	“wherein the mapping associates each of the plurality of encrypted files with a first encryption key or a second encryption key” is shown in ‘995 paragraph 33;
	“updating the mapping to associate the second encrypted file with the first encrypted file, wherein the mapping is updated after the second encrypted file has been generated” is disclosed in ‘995 Abstract, paragraphs 5 and 7, note the key rotation process includes decrypting then re-encrypting the decrypted data with a second key (i.e. the most recent encryption key) the cipher text is then written to the encryption column in association with the generation identifier (i.e. therefore the mapping has been updated);the following is not explicitly taught in ‘995:
	“preventing a first query from accessing the first encrypted file after the second encrypted file has been generated and the predefined period of time expires; and allowing a second query to access the first encrypted file even though the first encrypted file is inaccessible to the first query” however ‘234 teaches and administrator may decide to update and replace a key…The Retire Key, function allows the administrator to decrypt data associated with a selected key and re-encrypt the data with a new key… Note the lazy retirement allows for the files encrypted with first key to be accessible for longer periods of time …Another instance may be immediate retirement.  In this scenario, the administrator may lock all records and fields encrypted with the retired key” in paragraphs 73-74, note by locking all records and fields encrypted with the retired key a query is prevented from access the first encrypted file.
	It would have been obvious to one of ordinary skill in the art before the effective filing data of the claimed invention of a system and method for cryptographic key rotation in a database system taught in ‘995 to prevent a query from accessing the first encrypted file after the second encrypted file has been generated.  One of ordinary skill in the art would have been motivated to perform such a modification to overcome the issues related to storage and security of confidential data on an external server see ‘234 paragraphs 4-6 and 71.
	As to dependent claim 2, “The method of claim 1, removing the first encrypted file after the second encrypted file has been generated” is taught in ‘234 paragraph 74.
	As to dependent claim 3, “The method of claim 1, wherein generating the second encrypted file comprises: generating the second encryption key; and decrypting the first encrypted file using the first encryption key to obtain the data in the first encrypted file” is shown in ‘995 Abstract, paragraphs 5, 7, 33, 38, and 43.
	As to dependent claim 4, “The method of claim 1, further comprising: marking the first encrypted file as expired after the second encrypted file has been generated” however ‘234 teaches metadata may also include additional information such as expiration of encrypted data in paragraph 56.
	It would have been obvious to one of ordinary skill in the art before the effective filing data of the claimed invention of a system and method for cryptographic key rotation in a database system taught in ‘995 to indicate when a first encrypted file is expired.  One of ordinary skill in the art would have been motivated to perform such a modification to overcome the issues related to storage and security of confidential data on an external server see ‘234 paragraphs 4-6 and 71.	As to dependent claim 5, “The method of claim 1, wherein the mapping is stored in a metadata store and the plurality of encrypted keys are stored in a separate storage” is disclosed in ‘995 paragraphs 4 and 30.
	As to dependent claim 6, “The method of claim 5, further comprising: storing one or more of the first encryption key or the second encryption key in the separate key store” is taught in 995 paragraphs 4 and 30.
	As to dependent claim 7, “The method of claim 1, further comprising: permitting read access to the first encrypted file prior to the updating of the mapping being completed” is shown in ‘995 Abstract, paragraphs 7, 33, 38, and 43.
	As to dependent claim 8, “The method of claim 7, wherein permitting the read access to the first encrypted file comprises: permitting the read access after one or more of: generation of the second encryption key or beginning generation of the second encrypted file” is disclosed in ‘995 Abstract, paragraphs 7, 33, 38, and 43.
	As to dependent claim 9, “The method of claim 1, further comprising: receiving a query with write access for one or more tables corresponding to the first encrypted file; determining whether the second encryption key has been generated for the first encrypted file; and generating, in response to determining that the second encryption key has been generated, the second encrypted file by: modifying the first encrypted file based on the query with write access and encrypting the second encrypted file based on the second encryption key” is taught in ‘995 Abstract, paragraphs 7, 22, 30-33, 38, and 43.
	As to dependent claim 10, “The method of claim 1, further comprising: generating additional encrypted files based on the second encryption key; and updating the mapping to include the additional encrypted files, wherein the mapping is updated after the additional encrypted files have been generated” is shown in ‘995 paragraphs 5-7, 37-38, and 43, note during key rotation database access to queries is still available in addition multiple generations of cryptographic keys and associated materials are maintained.
	As to dependent claim 11, “The method of claim 1, wherein one or more of: generating the second encryption key is performed without locking the database; generating the second  encrypted is performed without locking the database; and updating the mapping is performed without locking the database” is disclosed in ‘995 Abstract, paragraphs 7, 33, 38, and 43.
	As to independent claim 12, this claim is directed to an apparatus executing the method of claim 1; therefore, it is rejected along similar rationale.
	As to dependent claims 13-19, these claims contain substantially similar subject matter as claims 2-4, and 6-11; therefore, they are rejected along similar rationale.
	As to independent claim 20, this claim is directed to a computer-readable medium storing instructions that executed the method of claim 1; therefore it is rejected along similar rationale.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
11.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELLEN C TRAN whose telephone number is (571) 272-3842.  The examiner can normally be reached from M-F 9 AM to 6PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
		If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ELLEN TRAN/Primary Examiner, Art Unit 2433                                                                                                                                                                                                        24 May 2022