Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/16/2022 has been entered.

Examiner’s Note
Examiner contacted applicant's representative James Olsen (Reg. No. 75,750) on May 25, 2022 and proposed an examiner's amendment to put the claims in condition for allowance. Applicant's representative agreed and emailed a copy of a Word document with the proposed examiner's amendment to examiner on May 25, 2022. See Examiner's Amendment below.

Examiner’s Amendment
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner's amendment was given via telephone conversation and email from Attorney James Olsen (Reg. No. 75,750) on May 25, 2022.

The application has been amended as follows:

Amendments to the Claims:
This listing of claims will replace prior versions, and listings, of claims in the application:
Listing of Claims: 
1. (Currently Amended)	A method for automatic provisioning of key material rotation information to services, the method comprising: 
	creating, by a key management service, a key upon user request;
receiving, by the key management service and from a cloud object storage service, a request for a first cryptographic operation;
performing, by the key management service, the first cryptographic operation using the key;
returning, by the key management service, results of the first cryptographic operation to the cloud object storage service;
receiving, by the key management service, a notification of key rotation;
after receiving the notification of key rotation, receiving, by the key management service and from the cloud object storage service, a request for a second cryptographic operation;
performing, by the key management service, the second cryptographic operation using the key by referencing archived metadata directed to the key;
returning, by the key management service, results of the second cryptographic operation to the cloud object storage service including an indication that the key includes old key material as a result of the key rotation; and
returning, by the key management service, updated key metadata including new key material generated during the key rotation directed to an updated version of the key to be used for future cryptographic operations to the cloud object storage service.

8. (Currently Amended)	A system for automatic provisioning of key material rotation information to services, the system comprising:
one or more processors; and
a memory communicatively coupled to the one or more processors,
wherein the memory comprises instructions which, when executed by the one or more processors, cause the one or more processors to perform a method comprising:
receiving, by a key management service and from a cloud object storage service, a request for a cryptographic operation;
determining, based on the request, that a key involved in the request has been rotated;
after determining that the key involved in the request has been rotated, performing, by the key management service, the cryptographic operation using the key by referencing archived metadata directed to the key;
returning, by the key management service, results of the cryptographic operation including an indication that the key includes old key material as a result of the key rotation to the cloud object storage service; 
generating, in response to the determining the key has been rotated, updated key metadata including new key material directed to the key; and
returning, by the key management service, the updated key metadata including the new key material generated during the key rotation directed to an updated version of the key to be used for future cryptographic operations to the cloud object storage service.



15. (Currently Amended)	A computer program product for automatic provisioning of key material rotation information to services, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to perform a method comprising: 
	creating, by a key management service, a key upon user request;
receiving, by the key management service and from a cloud object storage service, a request for a first cryptographic operation;
performing, by the key management service, the first cryptographic operation using the key;
returning, by the key management service, results of the first cryptographic operation to the cloud object storage service;
receiving, by the key management service, a notification of key rotation;
after receiving the notification of key rotation, receiving, by the key management service and from the cloud object storage service, a request for a second cryptographic operation;
performing, by the key management service, the second cryptographic operation using the key by referencing archived metadata directed to the key;
returning, by the key management service, results of the second cryptographic operation to the cloud object storage service including an indication that the key includes old key material as a result of the key rotation; and
returning, by the key management service, updated key metadata including new key material generated during the key rotation directed to an updated version of the key to be used for future cryptographic operations to the cloud object storage service.



Response to Amendment
This communication is in response to the amendment filed on 3/4/2022. The Examiner acknowledges amended claims 1-3, 5-10, 12-17, and 19-20. Claims 4, 11, and 18 have been canceled. Claims 1-3, 5-10, 12-17, and 19-20 are pending and claims 1-3, 5-10, 12-17, and 19-20 are allowed.  Claims 1, 8, and 15 is/are independent. 

Claims 1, 8, and 15 have been amended with this Examiner’s amendment.
Applicant's arguments/amendments (Remarks, page 7, bottom paragraph to page 11, top paragraph) have been fully considered and are persuasive.
	
		
Response to Arguments
Applicant's arguments (Remarks, page 7, bottom paragraph to page 11, top paragraph)  filed 3/4/2022 have been fully considered and are persuasive. The rejection to the claims 1-3, 5-10, 12-17, and 19-20 have been withdrawn in view of the applicant’s amendment and persuasive arguments.

Allowable Subject Matter
Claims 1-3, 5-10, 12-17, and 19-20 are allowed.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:

The prior art of record (in particular, Fuller U.S. Patent 9172532 (hereinafter "Fuller") in view of Miguel U.S. Patent 10546141 (hereinafter "Miguel"), in view of Witt U.S. Patent 7818586 (hereinafter "Witt"), in view of Lopez U.S. Patent 10140185 (hereinafter "Lopez")) does not expressly disclose all the limitations recited in independent claim(s) and the combination of their features thereon. With respect to independent claim(s) 1, 8, and 15 the closest prior art does not disclose at least the following limitations in the recited context:
CLAIM 1
after receiving the notification of key rotation, receiving, by the key management service and from the cloud object storage service, a request for a second cryptographic operation;
performing, by the key management service, the second cryptographic operation using the key by referencing archived metadata directed to the key;
returning, by the key management service, results of the second cryptographic operation to the cloud object storage service including an indication that the key includes old key material as a result of the key rotation; and
returning, by the key management service, updated key metadata including new key material generated during the key rotation directed to an updated version of the key to be used for future cryptographic operations to the cloud object storage service.

CLAIM 8
after determining that the key involved in the request has been rotated, performing, by the key management service, the cryptographic operation using the key by referencing archived metadata directed to the key;
returning, by the key management service, results of the cryptographic operation including an indication that the key includes old key material as a result of the key rotation to the cloud object storage service; 
generating, in response to the determining the key has been rotated, updated key metadata including new key material directed to the key; and
returning, by the key management service, the updated key metadata including the new key material generated during the key rotation directed to an updated version of the key to be used for future cryptographic operations to the cloud object storage service.


Rather, Fuller discloses an electronic device can request an encryption system perform an encryption operation. The encryption system may create a new encryption key to fulfill an encryption request, and create a new encryption key every M encrypt operations. An encryption tier of the encryption system may only contact the next lowest encryption tier when a new literal encryption key is generated. The encryption system may return encrypted data and a reference to the literal encryption key used to encrypt the data. As the number of encryption requests increases or decreases, the multi-tiered encryption system may expand or contract dynamically [Fuller 3:9-14; 3:30-50; 3:63-4:12; 4:13-20; 4:29-30]. 
However, Fuller does not disclose at least the features of claim 1 quoted above.  
To this, Miguel adds generating a control key based on a homomorphically encrypted associated private key, a homomorphically encrypted and attribute based encrypted control key, and a corresponding private key of a homomorphic key pair. Using a symmetric encryption algorithm (such as AES-256 symmetric encryption algorithm), a data key may be encrypted using a control key. A trusted network may send the homomorphically encrypted keys, e.g. through a secure communications channel, to a CAKM Broker of a public cloud for storage and distribution [Miguel, figure 4, element 402; 8:19-23; 8:41-49, 8:59-60]. Witt adds key metadata including a key name, a unique key ID number, and the date the key was created [Witt, 10:9-10:15]. Lopez adds sending file metadata to cloud storage to update the cloud storage [Lopez, 3:43-53; 7:46-51]. 
However, the combination of Fuller, Miguel, Witt, and Lopez does not teach at least the features of claim 1 quoted above.  
None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.
Claim 15 recites features analogous to the features of claim 1 and is allowable for the same reasons as claim 1.
.


	
	
	
	
	
For the reasons described above, the prior art of record does not disclose, with respect to independent claim(s) 1, 8, and 15, features corresponding to those of independent claim(s) 1, 8, and 15 in their respective contexts. Therefore, the independent claim(s) 1, 8, and 15 is/are allowed.

Dependent claims 2-3, 5-7, 9-10, 12-14, 16-17, and 19-20 are allowed in view of their respective dependence from independent claim(s) 1, 8, and 15.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for
Allowance.”

Conclusion
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is 571-272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                     
	
/THEODORE C PARSONS/Primary Examiner, Art Unit 2494