DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/01/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Griffin et al. (US Patent No. 11,212,264) in view of Reddy (US Patent No. 10,917,440).
Regarding independent claim 1, Griffin teaches a system for enhanced data security using versioned encryption, the system comprising: at least one non-transitory storage device; and at least one processing device coupled to the at least one non-transitory storage device, wherein the at least one processing device is configured to: electronically receive, from a computing device of a user, a confidential data entry at a first server (Griffin, column 5, lines 3-6 and column 20, line 61-column 21, line 9; user data enters by data entity); encrypt the confidential data entry using a public key at the first server to generate an encrypted confidential data entry (Griffin, column 5, lines 5-15 and column 21, line 10-14; generate encrypted user data); transmit the encrypted confidential data entry to a second server (Griffin, column 21, lines 28-36; transmit encrypted user data to database server), and store the encrypted confidential data entry in a database associated with the second server (Griffin, column 21, lines 45-47; database server saves encrypted user data in memory).
	Griffin teaches tagging the encrypted user data readable by the database server (Griffin, column 5, lines 15-30 and column 21, lines 21-28) but does not explicitly teach wherein the encrypted confidential data entry comprises a hash value, wherein the hash value indicates a numbered version of the public key used to encrypt the confidential data entry.
	Reddy teaches wherein the encrypted confidential data entry comprises a hash value, wherein the hash value indicates a numbered version of the public key used to encrypt the confidential data entry (Reddy, column 8, lines 5-30; hash of public key).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Griffin with the teachings of Reddy to transmit hash values of the keys to provide the advantage of enabling secure transmission of messages which the message content or keys is not visible to any entity in the communication chain (Reddy, column 2, lines 37-41).
Regarding independent claim 10, Griffin teaches a computer program product for enhanced data security using versioned encryption, the computer program product comprising a non-transitory computer-readable medium comprising code causing a first apparatus to: electronically receive, from a computing device of a user, a confidential data entry at a first server (Griffin, column 5, lines 3-6 and column 20, line 61-column 21, line 9; user data enters by data entity); encrypt the confidential data entry using a public key at the first server to generate an encrypted confidential data entry (Griffin, column 5, lines 5-15 and column 21, line 10-14; generate encrypted user data); transmit the encrypted confidential data entry to a second server (Griffin, column 21, lines 28-36; transmit encrypted user data to database server), and store the encrypted confidential data entry in a database associated with the second server (Griffin, column 21, lines 45-47; database server saves encrypted user data in memory).
	Griffin teaches tagging the encrypted user data readable by the database server (Griffin, column 5, lines 15-30 and column 21, lines 21-28) but does not explicitly teach wherein the encrypted confidential data entry comprises a hash value, wherein the hash value indicates a numbered version of the public key used to encrypt the confidential data entry.
	Reddy teaches wherein the encrypted confidential data entry comprises a hash value, wherein the hash value indicates a numbered version of the public key used to encrypt the confidential data entry (Reddy, column 8, lines 5-30; hash of public key).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Griffin with the teachings of Reddy to transmit hash values of the keys to provide the advantage of enabling secure transmission of messages which the message content or keys is not visible to any entity in the communication chain (Reddy, column 2, lines 37-41).
Regarding independent claim 19, Griffin teaches a method for enhanced data security using versioned encryption, the method comprising: electronically receive, from a computing device of a user, a confidential data entry at a first server (Griffin, column 5, lines 3-6 and column 20, line 61-column 21, line 9; user data enters by data entity); encrypting the confidential data entry using a public key at the first server to generate an encrypted confidential data entry (Griffin, column 5, lines 5-15 and column 21, line 10-14; generate encrypted user data); transmitting the encrypted confidential data entry to a second server (Griffin, column 21, lines 28-36; transmit encrypted user data to database server), and storing the encrypted confidential data entry in a database associated with the second server (Griffin, column 21, lines 45-47; database server saves encrypted user data in memory).
	Griffin teaches tagging the encrypted user data readable by the database server (Griffin, column 5, lines 15-30 and column 21, lines 21-28) but does not explicitly teach wherein the encrypted confidential data entry comprises a hash value, wherein the hash value indicates a numbered version of the public key used to encrypt the confidential data entry.
	Reddy teaches wherein the encrypted confidential data entry comprises a hash value, wherein the hash value indicates a numbered version of the public key used to encrypt the confidential data entry (Reddy, column 8, lines 5-30; hash of public key).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Griffin with the teachings of Reddy to transmit hash values of the keys to provide the advantage of enabling secure transmission of messages which the message content or keys is not visible to any entity in the communication chain (Reddy, column 2, lines 37-41).

Claim(s) 2, 11 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Griffin et al. (US Patent No. 11,212,264) in view of Reddy (US Patent No. 10,917,440) as applied to claims 1, 10 and 19 above, and further in view of QI et al. (US Pub No. 2018/0124023).
Regarding claim 2, Griffin in view of Reddy teaches each and every claim limitation of claim 1. 
Griffin in view of Reddy does not explicitly teach the system wherein the at least one processing device is further configured to: generate, using a regeneration algorithm, the public key, a private key, and a regeneration key; store the public key in a first server; and store the private key in a second server.
QI teaches wherein the at least one processing device is further configured to: generate, using a regeneration algorithm, the public key, a private key, and a regeneration key (QI, page 2, paragraph 0018 and page 5, paragraph 0074; regenerate key pair); store the public key in a first server (QI, page 2, paragraph 0018 and page 5, paragraph 0074; public key to server); and store the private key in a second server (QI, page 5, paragraph 0059; store private key).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Griffin in view of Reddy with the teachings of QI to regenerate keys to provide the advantage of improving user’s privacy, passwords and properties from being seriously threatened (QI, page 1, paragraph 0004).
Regarding claim 11, Griffin in view of Reddy teaches each and every claim limitation of claim 10. 
Griffin in view of Reddy does not explicitly teach the wherein the first apparatus is further configured to: generate, using a regeneration algorithm, the public key, a private key, and a regeneration key; store the public key in a first server; and store the private key in a second server.
QI teaches wherein the first apparatus is further configured to: generate, using a regeneration algorithm, the public key, a private key, and a regeneration key (QI, page 2, paragraph 0018 and page 5, paragraph 0074; regenerate key pair); store the public key in a first server (QI, page 2, paragraph 0018 and page 5, paragraph 0074; public key to server); and store the private key in a second server (QI, page 5, paragraph 0059; store private key).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Griffin in view of Reddy with the teachings of QI to regenerate keys to provide the advantage of improving user’s privacy, passwords and properties from being seriously threatened (QI, page 1, paragraph 0004).
Regarding claim 20, Griffin in view of Reddy teaches each and every claim limitation of claim 19. 
Griffin in view of Reddy does not explicitly teach the method wherein further comprises generate, using a regeneration algorithm, the public key, a private key, and a regeneration key; store the public key in a first server; and store the private key in a second server.
QI teaches generate, using a regeneration algorithm, the public key, a private key, and a regeneration key (QI, page 2, paragraph 0018 and page 5, paragraph 0074; regenerate key pair); store the public key in a first server (QI, page 2, paragraph 0018 and page 5, paragraph 0074; public key to server); and store the private key in a second server (QI, page 5, paragraph 0059; store private key).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Griffin in view of Reddy with the teachings of QI to regenerate keys to provide the advantage of improving user’s privacy, passwords and properties from being seriously threatened (QI, page 1, paragraph 0004)





Allowable Subject Matter
Claims 3-9 and 12-18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Examiner’s Statement of Reasons for Allowance
The following is a statement of reasons for the indication of allowable subject matter: The prior art SHPUROV et al. (US Pub No. 2021/0184843) discloses securely manage and regenerate cryptographic keys using permissioned distributed ledgers. For example, a device may receive, from a first computing system, data indicative of a recordation of a first public key onto a distributed ledger. Based on an occurrence of a regeneration condition, the device may transmit, to a second computing system, a second public key and a first digital signature, and the second computing system may validate the first digital signature, apply a second digital signature to the second public key, and transmit the second public key and the digital signatures to the first computing system. The device also receives, from the first computing system, additional data indicative of a recordation of the second public key onto the distributed ledger, and based on the additional data, the device may invalidate the first private key. (SHPUROV, Abstract and page 29, paragraphs 0197-0198) and Tucker et al. (US Pub No. 2019/0132299) discloses  dynamic crypto key management for mobility in a cloud environment. A computing platform may receive a request to generate a new tenant master key and a new server recovery key. Subsequently, the computing platform may send to a cloud-based key vault server, the new tenant master key and the new server recovery key. The computing platform may send to a tenant database, the encrypted server recovery key. As a result, the computing platform may provision the enrollment servers with the encrypted server recovery key. In some embodiments, the enrollment servers are configured to manage enrollment of policy-managed devices in a policy enforcement scheme and to authenticate with the key update service based on the encrypted server recovery key. (Tucker, Abstract), however, the art taken alone or in combination does not teach or suggest “encrypt the regeneration key using the private key to generate a private regeneration key; and store the private regeneration key in the first server” (as recited in claims 3 & 12), (in combination with the remaining limitations.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAQUEAL D WADE whose telephone number is (571)270-0357. The examiner can normally be reached M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAQUEAL D WADE-WRIGHT/             Primary Examiner, Art Unit 2437