ALLOWABILITY NOTICE
Claims 1-3, 5-10 and 12-20 are pending in this action.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Todd Noah on 7/26/2022.

The claims are amended as follow:

1.	(Currently Amended)  A computer-implemented method for securing client data using a security server, the method comprising:
receiving, by a security server, a request to derive a symmetric key from an application server, the request comprising a public key, a salt value, and a key identifier associated with a private key, the public key and private key corresponding to different points on an elliptic curve;
deriving the symmetric key, by the security server, based on the received public key and the private key associated with the key identifier using a key derivation function, the deriving comprising:
retrieving the private key associated with the key identifier from a storage location that is not accessible by the application server;
applying a key agreement protocol to the received public key and the retrieved private key associated with the key identifier, the key agreement protocol outputting a key agreement key by combining the received public key and the retrieved private key to obtain a value on the same elliptic curve as the received public key and the retrieved private key; and
applying a key derivation function to the key agreement key to generate the symmetric key by using the obtained value on the same elliptic curve as an input to the key derivation function; and
transmitting, by the security server, the derived symmetric key to the requesting application server, the symmetric key being subsequently stored in an in-memory cache of the application server and being used by the application server to encrypt customer data.

2.	(Original)  The method of claim 1, the security server storing a list of symmetric key pairs for a plurality of tenants, each asymmetric key pair comprising a public key and a private key, each private key being associated with a corresponding key identifier.

	3.	(Original)  The method of claim 1, further comprising deleting, by the security server, the derived symmetric key after the transmitting the derived symmetric key to the requesting application server. 

	4.	(Canceled)

5.	(Original)  The method of claim 1, the key agreement protocol generating the key agreement key being based on an elliptic curve common to both the received public key and the retrieved private key associated with the key identifier.

6.	(Original)  The method of claim 1, wherein the key agreement protocol is a Diffie-Hellman key exchange.

7.	(Original)  The method of claim 1, wherein the private key is retrieved from a key management service in communication with the security server, the key management service storing a plurality of private keys accessible by the security server.

8.	(Currently Amended) An apparatus for securing customer data comprising:
one or more processors of a security server; and
a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to:
receive a request to derive a symmetric key from an application server, the request comprising a public key, a salt value, and a key identifier associated with a private key, the public key and private key corresponding to different points on an elliptic curve;
derive the symmetric key based on the received public key and the private key associated with the key identifier using a key derivation function, the plurality of instructions to derive the symmetric key comprising instructions to:
retrieve the private key associated with the key identifier from a storage location that is not accessible by the application server;
apply a key agreement protocol to the received public key and the retrieved private key associated with the key identifier, the key agreement protocol outputting a key agreement key by combining the received public key and the retrieved private key to obtain a value on the same elliptic curve as the received public key and the retrieved private key; and
apply a key derivation function to the key agreement key to generate the symmetric key by using the obtained value on the same elliptic curve as an input to the key derivation function; and
transmit the derived symmetric key to the requesting application server, the symmetric key being subsequently stored in an in-memory cache of the application server and being used by the application server to encrypt customer data.

9.	(Previously Presented)  The apparatus of claim 8, the plurality of instructions further comprising instructions that cause the one or more processors to store a list of asymmetric keys for a plurality of tenants, each asymmetric key pair comprising a public key and a private key, each private key being associated with a corresponding key identifier.

	10.	(Original)  he apparatus of claim 8, the plurality of instructions further comprising instructions that cause the one or more processors to delete, by the security server, the derived symmetric key after the transmitting the derived symmetric key to the requesting application server. 

	11.	(Canceled) 

12.	(Original)  The apparatus of claim 8, wherein the key agreement protocol generating the key agreement key is based on an elliptic curve common to both the received public key and the retrieved private key associated with the key identifier.

13.	(Original)  The apparatus of claim 8, wherein the key agreement protocol is a Diffie-Hellman key exchange.

14.	(Original)  The apparatus of claim 8, wherein the private key is retrieved from a key management service that stores a plurality of private keys accessible by the security server.

15.	(Currently Amended)  A computer program product comprising a non-transitory computer-readable medium having a computer-readable program code embodied therein to be executed by one or more processors, the program code including instructions to:
receive a request to derive a symmetric key from an application server, the request comprising a public key, a salt value, and a key identifier associated with a private key, the public key and private key corresponding to different points on an elliptic curve;
derive the symmetric key based on the received public key and the private key using a key derivation function, the instructions to derive the symmetric key comprising instructions to:
retrieve the private key from a storage location that is not accessible by the application server;
apply a key agreement protocol to the received public key and the retrieved private key, the key agreement protocol outputting a key agreement key by combining the received public key and the retrieved private key to obtain a value on the same elliptic curve as the received public key and the retrieved private key; and
apply a key derivation function to the key agreement key to generate the symmetric key by using the obtained value on the same elliptic curve as an input to the key derivation function; and
transmit the derived symmetric key to the requesting application server, the symmetric key being subsequently stored in an in-memory cache of the application server and being used by the application server to encrypt customer data stored on the application server. 

16.	(Original)  The computer program product of claim 15, further comprising instructions to store a list of asymmetric keys for a plurality of tenants, the application server being associated with one of the plurality of tenants, each symmetric key in the list being associated with a public key accessible to a tenant and a private key accessible by the security server and not accessible by the plurality of tenants.

	17.	(Original)  The computer program product of claim 15, further comprising instructions to delete the derived symmetric key after the transmitting the derived symmetric key to the requesting application server. 

18.	(Original)  The computer program product of claim 15, wherein the key agreement protocol generating the key agreement key is based on an elliptic curve common to both the received public key and the retrieved private key associated with the key identifier.

19.	(Original)  The computer program product of claim 15, wherein the key agreement protocol is a Diffie-Hellman key exchange.

20.	(Original)  The computer program product of claim 15, wherein the private key is retrieved from a key management service in communication with the security server, the key server comprising a hardware security module (HSM) that stores a plurality of private keys linked to a plurality of public keys provided to the security server.

Reasons for Allowance
Claims 1-3, 5-10 and 12-20 are allowed.

The following is an examiner’s statement of reasons for allowance:  The cited prior art references, Pahl et al. (US PGPUB No. 2015/0288514) [as previously cited], Cameron et al. (US PGPUB No. 2007/0220134) [as previously cited], Vanstone et al. (US PGPUB No. 2002/0090085) [as previously cited], Hird et al. (US PGPUB No. 2015/001942) [as previously cited], Obereide et al. (US PGPUB No. 2015/0304110) [as previously cited], Garcia (US PGPUB No. 2016/0350535) [as previously cited], Buchade et al. ("Key Management for Cloud Data Storage: Methods and Comparisons", IEEE, doi: 10.1109/ACCT.2014.78, 2014, pp. 263-270) [as previously cited], Fakhar et al. ("Management of Symmetric Cryptographic Keys in cloud based environment," 2013 15th International Conference on Advanced Communications Technology (ICACT), 2013, pp. 39-44) [as previously cited], Lei et al. ("Research on Key Management Infrastructure in Cloud Computing Environment", IEEE, doi: 10.1109/GCC.2010.84, 2010, pp. 404-407) [as previously cited], Schiefer et al. ("Security in a Distributed Key Management Approach", IEEE, doi: 10.1109/CBMS.2017.151, 2017, pp. 816-821) [as previously cited], Oli et al. ("A framework for key management for data confidentiality in cloud environment", IEEE, doi: 10.1109/ICC1.2015.7218116, 2015, pp. 1-4) [as previously cited], Hamann et al. (US PGPUB No. 2019/0215164) [as previously cited], Leibmann et al. (US PGPUB No. 2021/0377044) [as previously cited], Lekies et al. (US PGPUB No. 2014/0101447) [as previously cited], Nimbhorkar et al. ("Exploration of Schemes for Authenticated Key Agreement Protocol Based on Elliptic Curve Cryptosystem," 2013 6th International Conference on Emerging Trends in Engineering and Technology, 2013, pp. 134-135) [as previously cited], Schmid et al. ("Implementing identity-based key agreement in embedded devices," 2015 International Conference on Pervasive and Embedded Computing and Communication Systems (PECCS), 2015, pp. 1-7) [as previously cited], Lim et al. (US PGPUB No. 2018/0048464), Kahler et al. (US PGPUB No. 2011/0261964), Lagerway et al. (US PGPUB No. 2013/0080768),  Moridi (US PGPUB No. 2021/0320947), Sokolov et al. (US Patent No. 11/184,169), Lamba et al. ("An Efficient Elliptic Curve Digital Signature Algorithm (ECDSA)," 2013 International Conference on Machine Intelligence and Research Advancement, 2013, pp. 179-183, doi: 10.1109/ICMIRA.2013.41) and Koppl et al. ("Application of Cryptography Based on Elliptic Curves," 2021 2nd International Conference on Electronics, Communications and Information Technology (CECIT), 2021, pp. 268-272, doi: 10.1109/CECIT53797.2021.00054), do not alone or in combination teach the recited features of independent claims 1, 8 and 15. For example, the invention makes a request with a public key and a private key both corresponding to different points on the same elliptical curve. Furthermore, the invention applies a key agreement protocol to the received public key and the retrieved private key to obtain a key agreement key and also combines the received public key and retrieved private key to obtain a value on the same elliptic curve as the received public key and the retrieved private key. These features along with the other recited features of independent claims 1, 8 and 15 and its claims make the claimed inventions allowable over the prior arts of record.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PETER C SHAW whose telephone number is 571-270-7179.  Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/PETER C SHAW/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        August 2, 2022