Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as obvious over Albertson US 2018/0241561  in view of Mujumdar US 20130031051 and further in view of Shiramshetti US 10,922,132  (hereinafter Shir). 
With respect to claim 1, Albertson (US 2018/0241561) teaches “1. A computer-implemented method for replicating data changes through distributed invalidation, the method comprising: receiving, by a distributed database system, an instruction to change a data element in a. table the distributed database system comprising a first server and a second server” in ¶ 54 (nodes (i.e. at least a first and second server) are part of distributed database system); in ¶ 61 (“. . .the generating may occur to modify the set of replicated data. . .”; Examiner finds modified data is a data element in a table—see e.g.. ¶ 70 (“row and column”) is inherently part of a database table); 
“a first copy of the table is stored on the first server, and a second copy of the table is stored on the second server” in ¶ 54 (“. . . set of replicated data may be shared between the set of member nodes . . .” (servers));
“and performing, in response to the receiving: determining that the data element is secured by a replication key that is stored on a shared key management system that is accessible by the first server and by the second server” in ¶ 56 
[0056] In embodiments, the determinings, the generatings, the updating, and the other steps described herein may each be executed in an automated fashion at block 406.  The steps described herein may be executed in an automated fashion without user intervention.  In embodiments, the determinings, the generatings, the updating, and the other steps described herein may be carried out by a local encryption management module maintained in a persistent storage device of a local computing device (e.g., network node).  In embodiments, the determinings, the generatings, the updating, and the other steps described wherein may be carried out by an external local encryption management module hosted by a remote computing device or server (e.g., server accessible via subscription, usage-based, or other service model).  As such, aspects of local encryption management may be performed using automated computing machinery  without manual action.  Other methods of performing the steps described herein  are also possible.

(Examiner finds “remote server” is accessible by first and second nodes because they perform the “determinings, the generatings, the updating”; thus, Examiner finds “remove server” is “a shared key management system that is accessible by the first server and by the second server”); \
[0057] At block 410, a first local encryption key for the first node of the set of member nodes may be determined. The first local encryption key may be determined with respect to a first copy of the set of replicated data. The first node of the set of member nodes may perform the determining. Generally, determining can include formulating, calculating, resolving, computing, identifying, or otherwise ascertaining the first local encryption key for the first node of the set of member nodes. The first local encryption key may include a string of numbers, letters, characters, or bits used to encrypt and decrypt (e.g., encode and decode) sets of data. The first local encryption key may correspond to (e.g., be paired, coupled, linked, or uniquely associated with) the first node of the set of member nodes. As an example, the first local encryption key may include a string of bits such as "3048 0241 00C9 18FA CF8D." In embodiments, the first local encryption key may be used to encrypt a first copy of the set of replicated data. The first copy of the set of replicated data may include a duplicate or reproduction of the set of replicated data that is maintained on the first node of the set of member nodes. As an example, the first copy of the set of replicated data may include a database file stored on the first node that indicates financial transactions for a group of user accounts. In embodiments, determining the first local encryption key may include ascertaining an encryption key for the first node of the set of member nodes based on a unique hardware identifier (e.g., media access control address, hardware configuration element) for the first node. In embodiments, the first local encryption key may be generated for the first node independent from other nodes in the set of member nodes (e.g., at a different time, without communicating with). Other methods of determining the first local encryption key for the first node of the set of member nodes are also possible. 

(Examiner finds the first local encryption key is the replication key); 
“wherein the replication key is unique to the data element” in ¶ 62 (“. . .replicated data may be updated using the first location encryption key, the temporary key, and the second local encryption key”; Examiner finds the first location encryption key is unique to the “modified data”—i.e. data element); 
“invalidating the replication key” in ¶ 99 (new temporary key is generated in response to the invalidating of the local encryption key);
0099] In embodiments, the first local encryption key may be deactivated for the first node of the set of member nodes. The deactivating may occur with respect to the first copy of the set of replicated data by the first node of the set of member nodes. Generally, deactivating can include voiding, expiring, nullifying, decommissioning, revoking, deleting, removing, or otherwise invalidating the first local encryption key for the first node of the set of member nodes. Deactivating the first local encryption key may include invalidating the first local encryption key such that it may longer be used for encryption and decryption operations with respect to the set of replicated data on the first node. In embodiments, deactivating can include modifying an encryption key permission log to tag, flag, mark, or otherwise indicate that the first local encryption key is invalid, and revoke cryptographic operation privileges with respect to the first local encryption key. In embodiments, a new temporary key may be generated for utilization by both the first and second nodes of the set of member nodes. The generating may occur to modify the set of replicated data. Generally, generating can include producing, computing, formulating, calculating, assembling, structuring, assigning, establishing, or otherwise creating the new temporary key for utilization by both the first and second nodes of the set of member nodes. The new temporary key may include a transitory or provisional encryption key that differs from a previous temporary key (e.g., such that a second data transfer of the set of replicated data between the set of member nodes may be carried out using a different temporary key than the first data transfer). In embodiments, generating may include using the key exchange technique of the key replication management engine to formulate the new temporary key (e.g., using a Diffie-Hellman key exchange technique).
 
“and modifying the first copy of the table on the first server according to the instruction that is received” in ¶ 99 
0099] In embodiments, the first local encryption key may be deactivated for the first node of the set of member nodes. The deactivating may occur with respect to the first copy of the set of replicated data by the first node of the set of member nodes. Generally, deactivating can include voiding, expiring, nullifying, decommissioning, revoking, deleting, removing, or otherwise invalidating the first local encryption key for the first node of the set of member nodes. Deactivating the first local encryption key may include invalidating the first local encryption key such that it may longer be used for encryption and decryption operations with respect to the set of replicated data on the first node. In embodiments, deactivating can include modifying an encryption key permission log to tag, flag, mark, or otherwise indicate that the first local encryption key is invalid, and revoke cryptographic operation privileges with respect to the first local encryption key. In embodiments, a new temporary key may be generated for utilization by both the first and second nodes of the set of member nodes. The generating may occur to modify the set of replicated data. Generally, generating can include producing, computing, formulating, calculating, assembling, structuring, assigning, establishing, or otherwise creating the new temporary key for utilization by both the first and second nodes of the set of member nodes. The new temporary key may include a transitory or provisional encryption key that differs from a previous temporary key (e.g., such that a second data transfer of the set of replicated data between the set of member nodes may be carried out using a different temporary key than the first data transfer). In embodiments, generating may include using the key exchange technique of the key replication management engine to formulate the new temporary key (e.g., using a Diffie-Hellman key exchange technique).

In the alternative, even if Albertson failed to explicitly teach a database “table”, Examiner takes official notice that database tables were well known in the art before the effective filing date of the invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the data element in Albertson to include a “database table.” The motivation would have been to organize data in such a way that is makes it easily and quickly accessible. 
It appears Albertson fails to explicitly teach “the data element representing a record in the table.” 
However, Mujumdar US 20130031051 A1 teaches “data element representing a record in the table” in at least ¶ 40 (emphasis added): 
[0040] Similarly, the key value for the record representing Bob Smith may be generated by concatenating the server node identifier of "5", the table identifier of "123", the page number of "15", and the slot number of "2" together into a single bitstring. The single bitstring may be given by the hexadecimal value of 00000005 0000007B 00001502. Key values for other existing records may also be generated in a similar manner. Accordingly, key values that are unique across the replication domain may be generated for existing records. In particular, using the server node identifier in generating the key values allows replicated copies of each record to have a distinct key value, because each replicated copy is stored on a respective server with a distinct server node identifier. For example, if the record representing Adam White is replicated to a database server having a server node identifier of "12" (0.times.0C), the key value for the replicated record on that database server may begin with the hexadecimal value of 0000000C rather than 00000005. Further, at least in some embodiments, the first algorithm also specifies that the key value for a record is to remain unchanged, even if the record is moved to a new physical location (e.g., as a result of an update). Doing so avoids increasing complexity and reducing performance associated with performing updates to the table.

Mujumdar and Albertson are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the data element in Albertson to include “the data element representing a record in the table.” The motivation would have been to “avoid[] increasing complexity and reducing performance associated with performing updates to the table.” Id.  
Albertson et al. teaches invalidating the replication key on the shared key management system in at least ¶ 99. 
It appears Albertson et al. fails to explicitly teach “which makes the data element in the second copy of the table inaccessible.” 
However, Shir teaches “invalidating the replication key on the shared key management system, which makes the data element in the second copy of the table inaccessible” in col. 2:45-col. 3:3 (encrypted key is shared by user via key management service—see col. col. 2:17-37). 
Shir and Albertson et al. are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the invalidating of the replication key in Albertson to include “invalidating the replication key on the shared key management system, which makes the data element in the second copy of the table inaccessible” as taught by Shir. The motivation would have been to allow a user to secure their data upon discovery of a security issue. See Shir col. 2:63-col. 3:3. 
Claims 9 and 17 are rejected for the same reasons. 
	With respect to claim 2, Albertson (US 2018/0241561) teaches “2. The method of claim 1, wherein the data element is a row in the table” in ¶ 70 
[0070] In embodiments, the package may be established at block 561. The package may include a keystore identifier. The keystore identifier may indicate a location of one or more encryption keys for a cryptographic operation (e.g., to allow different keys to be used for different files, such as, for example, different products could use different keys). The package may include a data size. The package may include the set of modified replicated data. Generally, establishing can include instantiating, creating, setting-up, organizing, introducing, providing, assembling, arranging, generating, or otherwise structuring the package to include the keystore identifier, the data size, and the set of modified replicated data. As described herein, the set of modified replicated data may include a set of replicated data that has been edited, revised, adjusted, or otherwise changed with respect to a previous version (e.g., a database, index, or repository to which additional rows/columns have been added). In embodiments, the keystore identifier may include an indication of a virtual location (e.g., memory address, network file path) at which one or more encryption keys are saved. As an example, the keystore identifier may include a network path of "\\Server3\Users\User1\KeystoreRepository\Keys\Key34" that designates where a particular encryption key is located (e.g., such that the key may be accessed and used to decrypt an encrypted file). In embodiments, the keystore identifier may indicate a predetermined identifier for a particular encryption key. For instance, the keystore identifier may include an identifier of "Encryption Key 293" that instructs a node of a specific encryption key (e.g., local encryption key) to use for a particular cryptographic operation. In embodiments, the package may include a data size. The data size may include an indication of the volume, extent, or amount of information included in the set of modified replicated data. For example, the data size may indicate the file size of the set of modified replicated data (e.g., 32 megabytes), the length (e.g., number of words, characters, columns, rows, data cells), or other characteristics of the set of modified replicated data. In embodiments, establishing may include formatting the package to include the keystore identifier, the data size, and the set of modified replicated data. For instance, the package may be partitioned into a header portion configured to maintain the keystore identifier and the data size, and a body portion configured to maintain the set of modified replicated data. Other methods of establishing the package are also possible. 

Claim 10 is rejected for the same reason. 
With respect to claim 3, it appears Albertson fails to explicitly teach “The method of claim 1, wherein the data element is a data field in the table.” However, Examiner takes official notice that this element was well known in the art before the effective filing date of the invention. It would have been obvious to one skilled in the art before the effective date of the invention to modify the data element in Albertson to include a data field in the table. The motivation would have been to organize data in such a way that is makes it easily and quickly accessible. Claim 11 is rejected for same reason. 
With respect to claim 4, Albertson teaches “4. The method of claim 1, wherein the instruction is to delete the data element” in ¶ 62 (deleting entries part of instruction); ¶ 70 (“As described herein, the set of modified replicated data may include a set of replicated data that has been edited, revised, adjusted, or otherwise changed with respect to a previous version (e.g., a database, index, or repository to which additional rows/columns have been added).”). Claims 12 and 18 are rejected for the same reason. 
With respect to claim 5, Albertson teaches “5. The method of claim 1, wherein the instruction is to update content of the data element to an updated content” in ¶ 62 and ¶ 70 (“additional rows/columns” is an instruction to update content of the data element to an updated content). Claims 13 and 19 are rejected for the same reason. 
With respect to claim 6, Albertson teaches “6. The method of claim 5, wherein the replication key associated with the data element is a first replication key, and the method further comprises” in ¶ 57 (first encryption key is first replication key); 
“generating a second replication key for the data element” in ¶ 59 (second local encryption key is second replication key): 
“securing the updated content with the second replication key” in ¶ 59 (updated content secured via encryption); and ¶ 62 
“and storing a reference to the second replication key in association with the data element” in ¶ 59 and ¶ 62 (“EA97. . . F577” is a reference in association with data element). Claims 14 and 20 are rejected for the same reason. 
With respect to claim 7, Albertson teaches “7. The method of claim 1, wherein a handle to the replication key that is associated with the data element is stored in metadata associated with the data element” ¶ 105 (header is handle to replication key that is associated with data element being changed). 
With respect to claim 8, Albertson teaches “8. The method of claim 1, wherein a handle to the replication key that is associated with the data element is stored in the data element” in ¶ 105 (header stored in the data element in that it is part of one ciphertext with the data element). 
Alternatively, Examiner takes official notice that “a handle to the replication key that is associated with the data element is stored in the data element” was well known in the art before the effective filing date. It would have been obvious to one skilled in the art before the effective filing date to modify the handle in Albertson to include “a handle to the replication key that is associated with the data element is stored in the data element.” The motivation would have been to save memory or disk space. 
Response to Arguments 

Applicant argues 

Applicant respectfully disagrees and asserts that the pending claims are directed to the patent-eligible subject matter and that they provide technical solutions to technical challenges and further provide practical applications and improvements to a particular technological field, specifically a distributed database system. MPEP §2106.04 notes that "[if] [t]he claim as a whole integrates the judicial exception into a practical application, in which case the claim is not directed to a judicial exception (Step 2A: NO) and is eligible at Pathway B. This concludes the eligibility analysis." The pending claims provide a practical application to address technical challenges "with . . . change capture techniques when applied to a distributed database system 100 when the data elements are to be secured, such as by encryption, masking, or any other technique to secure the data. For example, when the data elements are to be securely changed at the site A, any downstream replicas of the secured data, for example, in site B, C, and/or D, can continue to have the non-updated, and more importantly, non-secured data as part of the data stores in that/those sites. Accordingly, invalidating such downstream copies of the data can be a technical challenge." (specification at para. 28 as filed). To this end, for example, claim 1 recites, "determining that the data element is secured by a replication key that is stored on a shared key management system that is accessible by the first server and by the second server, wherein the replication key is unique to the data element, the data element representing a record in the table; invalidating the replication key on the shared key management system, which makes the data element in the second copy of the table inaccessible; and modifying the first copy of the table on the first server according to the instruction that is received." Accordingly, based on Step 2A of the flowchart in MPEP § 2106, the pending claims are eligible per Pathway B. 

This argument is persuasive.  As such, the rejections under 35 USC 101 are withdrawn. 
Applicant’s remaining arguments have been considered but are rendered moot by the new grounds of rejection above.  
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALBERT M PHILLIPS, III whose telephone number is (571)270-3256. The examiner can normally be reached 10a-6:30pm EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mariela D. Reyes can be reached on (571)270-1006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ALBERT M PHILLIPS, III/Primary Examiner, Art Unit 2159