DETAILED ACTION
 The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Objection to claim 1 is withdrawn. 

3. 	The 112(b) rejection to claim 1 is withdrawn.

4.	
Terminal Disclaimer
The terminal disclaimer, filed on 07/29/2022 for later Application No. 17/066,930 has been approved


5.

Examiner’s Amendments

1. (Currently Amended) A method of encrypting and decrypting data comprising: 
sending, by a server computer system, sensitive information to a first cryptographic processing system of a first cloud computing systemperforming encryption of the sensitive information with a first encryption key generated by and stored by the first cryptographic processing system; 
storing, by the server computer system, the first encrypted sensitive information received from the first cryptographic processing system in a first database; 
sending, by [[a]] the server computer system, the sensitive information to a second cryptographic processing system of a second cloud computing system, different from the first cloud computing system,
storing, by the server computer system, the second encrypted sensitive information received from the second cryptographic processing system in a second database, in response to receiving encrypted transaction data from a user device, sending, by the server computer system, the first encrypted sensitive information to the first cryptographic processing system, receiving, by the server computer system from the first cryptographic processing system, a decrypted version of the first sensitive information, and storing, in a volatile memory of the server computer system, 
[[a]] the decrypted version of the first sensitive information, wherein the server computer system decrypting the encrypted transaction data using the decrypted version of the first sensitive information. 
 
31. (Currently Amended) The method of claim 1, further comprising: 
in response to determining that the decrypted version of the first sensitive information is not received from the first cryptographic processing system within a first predetermined period of time, sending, by the encrypted sensitive information to the second cryptographic processing system; 
receiving, by the server computer system from the second cryptographic processing system, a decrypted version of the second sensitive information; and 
storing, in the volatile memory of the server computer system, [[a]] the decrypted version of the second sensitive information, wherein the server computer system decrypting the encrypted transaction data using the decrypted version of the second sensitive information. 
 
32. (Currently Amended) The method of claim 1, further comprising: 
generating, by the server computer system, a public key, private key pair for [[the]] a user of the server computer system; 
generating, by the server computer system, an identifier for the user; 
sending, by the server computer system, a public key of 
storing, by the server computer system, an encrypted version of a private key of 

33. (Currently Amended) The method of claim 32, wherein storing, by the server computer system, the encrypted version of the private key of 
sending, by the server computer system, the private key as the first sensitive information to the first cryptographic processing system of the first cloud computing system for encryption using the first encryption key generated by the first cryptographic processing system; 
sending, by the server computer system, the private key as the second sensitive information to the second cryptographic processing system of the second cloud computing system for encryption using the second encryption key generated by the second cryptographic processing system; 
storing a first encrypted version of the private key as the first encrypted sensitive information received from the first cryptographic processing system in the first database; and 
storing a second encrypted version of the private key as the second encrypted sensitive information received from the second cryptographic processing system in the second database.  

37. (Currently Amended) The method of claim 1, wherein the first database is a secure database and the second database is a secure database.  

39. (Currently Amended) A non-transitory computer readable storage medium, having instructions stored thereon, which when executed by a server computer system, cause the server computer system to perform operations, comprising: 
sending, by the server computer system, sensitive information to a first cryptographic processing system of a first cloud computing system
storing, by the server computer system, the first encrypted sensitive information received from the first cryptographic processing system in a first database; 
sending, by [[a]] the server computer system, the sensitive information to a second cryptographic processing system of a second cloud computing system, different from the first cloud computing system,
storing, by the server computer system, the second encrypted sensitive information received from the second cryptographic processing system in a second database; 
in response to receiving encrypted transaction data from a user device, sending, by the encrypted sensitive information to the first cryptographic processing system; 
receiving, by the server computer system from the first cryptographic processing system, a decrypted version of the first sensitive information; and storing, in a volatile memory of the server computer system, [[a]] the decrypted version of the first sensitive information, wherein the server computer system decrypting the encrypted transaction data using the decrypted version of the first sensitive information.  

40. (Currently Amended): The non-transitory computer readable storage medium of claim 39, further comprising: 
in response to determining that the decrypted version of the first sensitive information is not received from the first cryptographic processing system within a first predetermined period of time, sending, by the encrypted sensitive information to the second cryptographic processing system; 
receiving, by the server computer system from the second cryptographic processing system, a decrypted version of the second sensitive information; and 
storing, in the volatile memory of the server computer system, [[a]] the decrypted version of the second sensitive information, wherein the server computer system decrypting the encrypted transaction data using the decrypted version of the second sensitive information.  

41. (Currently Amended): The non-transitory computer readable storage medium of claim 39, further comprising: 
generating, by the server computer system, a public key, private key pair for [[the]] a user of the server computer system; Attorney Docket No.: 10142P047C2-6-generating, by the server computer system, an identifier for the user; 
sending, by the server computer system, a public key of 
storing, by the server computer system, an encrypted version of a private key of 

42. (Currently Amended): The non-transitory computer readable storage medium of claim 41, wherein storing, by the server computer system, the encrypted version of the private key of 
sending, by the server computer system, the private key as the first sensitive information to the first cryptographic processing system of the first cloud computing system for encryption using the first encryption key generated by the first cryptographic processing system; 
sending, by the server computer system, the private key as the second sensitive information to the second cryptographic processing system of the second cloud computing system for encryption using the second encryption key generated by the second cryptographic processing system; 
storing a first encrypted version of the private key as the first encrypted sensitive information received from the first cryptographic processing system in the first database; and 
storing a second encrypted version of the private key as the second encrypted sensitive information received from the second cryptographic processing system in the second database.  

 
46. (Currently Amended): The non-transitory computer readable storage medium of claim 39, wherein the first database is a secure database and the second database is a secure database.  

48. (Currently Amended): A server computer system, comprising: a non-volatile memory and a volatile memory; and a processor coupled with the volatile memory configured to: 
send sensitive information to a first cryptographic processing system of a first cloud computing system
store, in the non-volatile memory, the first encrypted sensitive information received from the first cryptographic processing system in a first database; 
send the sensitive information to a second cryptographic processing system of a second cloud computing system, different from the first cloud computing system,
store, in the non-volatile memory, the second encrypted sensitive information received from the second cryptographic processing system in a second database; 
in response to receipt of encrypted transaction data from a user device, send, by the server computer system, the first encrypted sensitive information to the first cryptographic processing system; 
receive, from the first cryptographic processing system, a decrypted version of the first sensitive information; and 
store, in the volatile memory of the server computer system, [[a]] the decrypted version of the first sensitive information, the server computer system decrypting the encrypted transaction data using the decrypted version of the first sensitive information.
  
49. (Currently Amended): The system of claim 48, wherein the processor is further configured to: 
when the decrypted version of the first sensitive information is determined not to have been received from the first cryptographic processing system within a first predetermined period of time, send the second encrypted sensitive information to the second cryptographic processing system; 
receive, from the second cryptographic processing system, a decrypted version of the second sensitive information; and 
Attorney Docket No.: 10142P047C2-9-store, in the volatile memory, [[a]] the decrypted version of the second sensitive information, wherein the server computer system decrypting the encrypted transaction data using the decrypted version of the second sensitive information.








6.
                                                                                                                                                                                                                Allowable Subject Matter
  Claims 1, 31-33, 37, 39-42, 46, and 48-49 are amended, and claims 1 and 31-49 are allowed. The following is an examiner’s statement of reasons for allowance: No reason for allowance is needed as the record is clear in light of amendments, and applicant's arguments filed on 07/13/2022.



According to MPEP 1302.14 (I): “In most cases, the examiner’s actions and the applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (c) and 37 CFR 1.133(b). Thus, where the examiner’s actions clearly point out the reasons for rejection and the applicant’s reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary.”
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYOUB ALATA whose telephone number is (313)446-6541.  The examiner can normally be reached on Monday - Friday 7:30 - 5:00 Est.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571)272-3804.  The fax phone number for the organization where this application or proceeding is assigned is (571)273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/AYOUB ALATA/            Primary Examiner, Art Unit 2494