Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 1-20 are pending of which claims 1, 9 and 17 are independent.

Drawings
3.	Applicant’s drawings filed on 12/20/2019 has been inspected and it is compliance with MPEP 608.02.

Specification
4.	The specification filed on 12/20/2019 is acceptable for examination proceedings.

Internet Communications
5. 	Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439,
http://www.uspto.gov/sites/defauit/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only. (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03. 

Claim Rejections – 35 USC §103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

6.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Beier (US Pub. No. US 2019/0121887 A1, hereinafter refer as to Beier) in view of Shaposhnik et al. (2018/0041477 A1, hereinafter refer as to Shaposhnik). 
Beier provides “Data is stored in a DBMS” means that the DBMS controls access and can access to said data, where said data is stored in a storage device of the computer system that comprises or implements the DBMS.

Shaposhnik provides a pristine machine having a bifurcated host operating system; a secured storage having a shared partition and a quarantine partition; a multi-function guest operating system storing data to the quarantine partition; a secure guest operating system downloading the data from the quarantine partition and in read-write communication with the shared partition.

As per claims 1,9 and 17, Beier discloses a computer-implemented method (para. Abstract, 0003, 0019, 0099, for example) comprising: 
executing, by one or more computing devices (see, fig. 1 disclose data processing system 100, e.g., database management system DBMS1 109 and   database management system DBMS1 119)
a procedure by a database management system (DBMS) attempting to access a database storing encrypted data (para. 0016 discloses “Data is stored in a DBMS” means that the DBMS controls access and can access to said data, where said data is stored in a storage device of the computer system that comprises or implements the DBMS, for example),     
wherein the database resides in a first partition of a bifurcated computing system (fig. 3 depicted e.g., encryptor 234 using the encryption information as stored in the catalog 207, for example and furthermore para. 0014 disclose the database engine and the further database engine may be part of a database system which may be a hybrid database management system (DBMS), for example); 
querying, by the one or more computing devices, a configuration database in the LSS to retrieve a key encryption key for accessing a payload database storing the data encryption key (para. 0056 discloses the he untrusted DBMS2 119 comprises a query engine 217 that is configured to receive queries from the rewriter 205. The received queries by the query engine 217 may be rewritten queries by the rewriter 205 of the trusted DBMS 109. The untrusted DBMS2 119 further comprises a table loader 219. The table loader 219 of the untrusted DBMS2 119 may be configured to receive data to be stored on the untrusted DBMS 119 from the table loader 209 of the trusted DBMS1 109. The received data by the table loader 219 of the untrusted DBMS2 119 may be in an encrypted format as indicated in fig. 2 and may be stored in tables 223 whose columns correspond to at least part of the columns of the tables 213 that are encrypted, for example);
 accessing, by the one or more computing devices, the payload database using the key encryption key (fig. 3A depicted first table 330 may be encrypted using encryption methods and keys that are provided in the table metadata stored in catalog 207 in association with the table T 330, and para. 0067 discloses the encryption IDs of column 309 may be used to access the encryption info table 303 using column 314 of the encryption info table 303. Column 314 comprises values indicating the encryption IDs which may comprise at least encryption IDs of column 30 for example); retrieving, by the one or more computing devices, the data encryption key from the payload database (fig. 2 and furthermore para. 0055 discloses the table loader 209 may for example be configured for generating encryption keys using the table metadata retrieved from the catalog 207, if the keys don't exist yet, or it retrieves encryption keys if the keys have been generated before, for example); transmitting, by the one or more computing devices, the data encryption key to the DBMS (fig. 1, DBMS1 and DBMS2, for example); decrypting, by the one or more computing devices, the encrypted data in the database using the data encryption key; and providing, by the one or more computing devices, the procedure with access to the decrypted data (para. 0057 discloses the table data of table 213 accessed by the trusted DBMS1 109 may be stored in the unencrypted form storage 250 (e.g., in in file systems and/or memory) as indicated in fig. 2. Whereas the table data in tables 223 of the untrusted DBMS2 119 may be stored in an encrypted form in storage 251 (e.g., in file systems and/or memory) as indicated in FIG. 2. The decrypted form of the loaded table data in storage 132 accessible by the untrusted DBMS2 119., for example).  
Beire discloses see fig. 2 illustrating the components of the two database management systems DBMS1 and DBMS2 for processing data such as datasets 112 and 132... The trusted DBMS 109 comprises a query optimizer 201. The query optimizer 110 may for example be configured for generating or defining query plans for executing queries, e.g., on first dataset 112, for example). However, Beire failed to explicitly discloses a call to a local secure store (LSS), wherein the LSS resides in a second partition of the bifurcated computing system and wherein the first and second partition are visually isolated from each other. 

However, Shaposhnik discloses a call to a local secure store (LSS), wherein the LSS resides in a second partition of the bifurcated computing system and wherein the first and second partition are visually isolated from each other (fig. 2 depicted pristine machine 29 operates with a bifurcated OS has two types of guest OS: secure guest OS and multi-function guest OS (MF) 16, where only a MF 16 has network access via a non-secured mode 24, and the secured OS 20 does not have any network access. The MF Guest 16 may operate with a network in secured mode 20 and non-secured modes 24, for example). 

Beire and Shaposhnik are analogues art because they both are directed to secure and efficient computing and data transfer and one ordinary skill in the art would have had a reasonable expectation of success to modify Beire with Shaposhnik because they are from the same field of endeavor. 

Therefore, it would have been obvious to one ordinary skilled in the art before the effective filling date of applicant’s claimed invention to combine the teachings of Shaposhnik with the teachings of Beire in order for secure and efficient computing and data transfer and in particular to bifurcating a function into two layers such that the combined result is the same as conventional operation expect without the reduction in speed [Shaposhnik: para. 0002].   

As per claim 2 as applied above, in response to executing the call to the LSS to access the data encryption key, the method further comprising: accessing, by the one or more computing systems, a file in the LSS to retrieve a private key (fig. 2 of Beier illustrating the components of the two database management systems DBMS1 and DBMS2 for processing data such as datasets 112 and 132. DBMS1 109 is referred to as a trusted DBMS1 and DBMS2 119 may be referred to as an untrusted DBMS2. The trusted DBMS 109 comprises a query optimizer 201. The query optimizer 110 may for example be configured for generating or defining query plans for executing queries, e.g., on first dataset 112, for example); identifying, by the one or more computing systems, the configuration database corresponds with a tenant indicated in the procedure; and accessing, by the one or more computing systems, the configuration database using the private key to retrieve the key encryption key (fig. 2 of Beier illiterate the encrypted log writer 232 may look up the metadata from catalog 207 and retrieve the column encryption keys of the table T 213 (and columns ID and Name) such as K1, K2 from the catalog using the encryption info table 303, for example).  

As per claim 3 as applied above, wherein the configuration database stores the key encryption key (para. 0020 of Beier discloses the data of the trusted DBMS may constantly be updated and stored in the unencrypted form in file systems and in memory. In contrast, the data of the untrusted DBMS may be stored in the encrypted form in file systems and in memory, for example). 

As per claim 4 as applied above, wherein the configuration database stores a configuration for connecting to an external system storing the key encryption key (para. 0103 of Beier discloses the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider), for example). 

As per claim 5 as applied above, transmitting, by the one or more computing devices, header information of the payload database to the external system (para. 0010 of Shaposhnik discloses identifying communication partners, the application layer determines the identity and availability of communication partners for an application with data to transmit, for example); receiving, by the one or more computing devices, a body encryption key from the external system accessed by decrypting using the header information using the key encryption key (para.0046 of Shaposhnik); and accessing, by the one or more computing devices, the payload database using the body encryption key to retrieve the data encryption key (fig. 9 of Shaposhnik illustrates a packet header that is clean and the corresponding encrypted header with a modified L4 encrypted payload, for example). 
Examiner applied the same rational as set forth above in claim 1.  

As per claim 6 as applied above, in response to the external system being inaccessible the method further comprising: requesting, by the one or more computing devices (para. 0103 of Beier), a client device for a second access key; decrypting, by the one or more computing devices, a body encryption key using the second access key; and accessing, by the one or more computing devices, the payload database using the body encryption key to retrieve the data encryption key (para. 0126 of Shaposhnik discloses encrypted data level—L2 and L4—all L2 payload has to be encrypted in the packet for L2 encryption level and L4 payload has to be encrypted in the packet for L4 encryption level, for example). 
Examiner applied the same rational as set forth above in claim 1.  
 
As per claim 7 as applied above, wherein a first system administrator is associated with the database and a second system administrator is associated with the LSS (fig. 4 of Beier depicted the encryption information may for example indicate the encryption keys and encryption algorithms that are used for encrypting the content of the first table that is stored in the second instances of the first table. If there are multiple second instances of the first table, step 405 may be repeated for encrypting the data changes using the encryption information associated with each second instance of the first table, for example). 

As per claim 8 as applied above, preventing, by the one or more computing devices, the fist system administrator visibility into the LSS (para. 0025 of Beier disclose of locking the first table for preventing changes to the first table before creating the temporary table and unlocking the first table after loading the encrypted data into the further database engine. Locking the first table may prevent changes to the first table while the temporary table is loaded to the second instance, for example); and preventing, by the one or more computing devices, the second system administrator visibility into the database (see figs. 2 and 3B of Beier, for example).  
As per claim 10 as applied above, in response to executing the call to the LSS to access the data encryption key, the processor further configured to: access a file in the LSS to retrieve a private key (fig. 2 of Beier illustrating the components of the two database management systems DBMS1 and DBMS2 for processing data such as datasets 112 and 132. DBMS1 109 is referred to as a trusted DBMS1 and DBMS2 119 may be referred to as an untrusted DBMS2. The trusted DBMS 109 comprises a query optimizer 201. The query optimizer 110 may for example be configured for generating or defining query plans for executing queries, e.g., on first dataset 112, for example); identify the configuration database corresponds with a tenant indicated in the procedure; and access the configuration database using the private key to retrieve the key encryption key (fig. 2 of Beier illiterate the encrypted log writer 232 may look up the metadata from catalog 207 and retrieve the column encryption keys of the table T 213 (and columns ID and Name) such as K1, K2 from the catalog using the encryption info table 303, for example).  

As per claim 11 as applied above, wherein the configuration database stores the key encryption key (para. 0020 of Beier discloses the data of the trusted DBMS may constantly be updated and stored in the unencrypted form in file systems and in memory. In contrast, the data of the untrusted DBMS may be stored in the encrypted form in file systems and in memory, for example). 

As per claim 12 as applied above, wherein the configuration database stores a configuration for connecting to an external system storing the key encryption key (para. 0103 of Beier discloses the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider), for example).
 
As per claim 13 as applied above, the processor further configured to: transmit header information of the payload database to the external system; receive a body encryption key from the external system accessed by decrypting the header information using the key encryption key (para. 0010 of Shaposhnik discloses identifying communication partners, the application layer determines the identity and availability of communication partners for an application with data to transmit, for example); and access the payload database using the body encryption key to retrieve the data encryption key (para. 0126 of Shaposhnik discloses encrypted data level—L2 and L4—all L2 payload has to be encrypted in the packet for L2 encryption level and L4 payload has to be encrypted in the packet for L4 encryption level, for example). 
Examiner applied the same rational as set forth above in claim 9.  

As per claim 14 as applied above, in response to the external system being inaccessible the processor further configured to: request a client device for a second access key; decrypt a body encryption key using the second access key; and access the payload database using the body encryption key to retrieve the data encryption key (fig. 9 of Shaposhnik illustrates a packet header that is clean and the corresponding encrypted header with a modified L4 encrypted payload, for example).
Examiner applied the same rational as set forth above in claim 9.  

As per claim 15 as applied above, wherein a first system administrator is associated with the database and a second system administrator is associated with the LSS (fig. 4 of Beier depicted the encryption information may for example indicate the encryption keys and encryption algorithms that are used for encrypting the content of the first table that is stored in the second instances of the first table. If there are multiple second instances of the first table, step 405 may be repeated for encrypting the data changes using the encryption information associated with each second instance of the first table, for example).

As per claim 16 as applied above, the processor further configured to: prevent the first system administrator visibility into the LSS (para. 0025 of Beier disclose of locking the first table for preventing changes to the first table before creating the temporary table and unlocking the first table after loading the encrypted data into the further database engine. Locking the first table may prevent changes to the first table while the temporary table is loaded to the second instance, for example); and prevent the second system administrator visibility into the database (see figs. 2 and 3B of Beier, for example).  

As per claim 18 as applied above, in response to executing the call to the LSS to access the data encryption key, the instructions cause the processor to: access a file in the LSS to retrieve a private key (fig. 2 of Beier illustrating the components of the two database management systems DBMS1 and DBMS2 for processing data such as datasets 112 and 132. DBMS1 109 is referred to as a trusted DBMS1 and DBMS2 119 may be referred to as an untrusted DBMS2. The trusted DBMS 109 comprises a query optimizer 201. The query optimizer 110 may for example be configured for generating or defining query plans for executing queries, e.g., on first dataset 112, for example);  identify the configuration database corresponds with a tenant indicated in the procedure; and access the configuration database using the private key to retrieve the key encryption key (fig. 2 of Beier illiterate the encrypted log writer 232 may look up the metadata from catalog 207 and retrieve the column encryption keys of the table T 213 (and columns ID and Name) such as K1, K2 from the catalog using the encryption info table 303, for example).   

As per claim 19, as applied above, wherein the configuration database stores a configuration for connecting to an external system storing the key encryption key (para. 0103 of Beier discloses the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider), for example).

As per claim 20 as applied above, in response to the external system being inaccessible the processor the instructions cause the processor to (fig. 7 of Shaposhnik and furthermore para. 0018, 0067 and 0097 of Shaposhnik, for example): request a client device for a second access key; decrypt a body encryption key using the second access key; and access the payload database using the body encryption key to retrieve the data encryption key (fig. 9 of Shaposhnik illustrates a packet header that is clean and the corresponding encrypted header with a modified L4 encrypted payload, for example).
Examiner applied the same rational as set forth above in claim 17.  
Pertinent Art
7.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Al-Mousa Pub. No.: US 2021/0042437 A1) provide a method and system for performing secure database backups with a globally unique identifier to prevent unauthorized access to or restoration of backup data are provided, wherein a first database management system (DBMS) generates an instance of a database and a corresponding globally unique identifier (GUID) to uniquely identify and secure the database instance. The first DBMS uses a hash function to generate a hash of the GUID, which is then stored in association with the database instance. Encrypted backup sets of the database instance are generated by the first DBMS, wherein the GUID is encrypted and stored in association with each backup set. The first DBMS encodes each encrypted backup set to require that a second or subsequent DBMS possess the identical GUID associated with the database instance before any attempt to access or restore the backup set is permitted. 

Sion et al. Pub. No.: US 2019/0087600 A1) provide a Database management systems (DBMS) are computer software applications that interact with the user, other applications, and a database itself to capture and analyze data. A general-purpose DBMS is designed to allow the definition, creation, querying, update, and administration of databases. Well-known DBMSs include MySQL, PostgreSQL, Microsoft SQL Server, Oracle, Sybase and IBM DB2. A database is not generally portable across different DBMSs, but different DBMS can interoperate by using standards such as SQL and ODBC or JDBC to allow a single application to work with more than one DBMS. Database management systems are often classified according to the database model that they support; the most popular database systems since the 1980s have all supported the relational model as represented by the SQL language. Because of the close relationship between them, the term “database” is often used casually to refer to both a database and the DBMS used to manipulate it. 
Conclusion

8.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932. The examiner can normally be reached Mon.-Fri. 9:00 AM - 5:30 PM.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





A.G.
June 14, 2022
/ABIY GETACHEW/Primary Examiner, Art Unit 2434