DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office action is in response to the amendment and the communication filed on 06/28/2022. As per instant Examiner Amendment, Claims 1, 4, 7-8, 11, 14-15 and 18 have been amended. Claims 3, 6, 10, 13, 17 and 19 have been cancelled. Claims 1-2, 4-5, 7-9, 11-12, 14-16, 18 and 20 have been examined and are pending in this application. Claims 1-2, 4-5, 7-9, 11-12, 14-16, 18 and 20 are allowed

Examiner Amendments


An Examiner's Amendment to the record appears below. Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
In attempt to accelerate the prosecution process, the Examiner has contacted the Applicant’s representative, Mr. Robert Bolan (Reg No. 38831), and conducted a telephone interview on 08/17/2022. During the interview, the Examiner proposed an examiner amendment to rolling up Claim 3 and Claim 6 into Claim 1. Mirror other independent claims with amended claim 1 for better clarity of the claims’ scope, and for putting the application in condition for allowance. Authorization for this Examiner's Amendment was given by Mr. Robert Bolan (Reg No. 38831), on 08/17/2022. Mr. Robert Bolan (Reg No. 38831) has agreed and authorized the Examiner’s amendment. 


Amendments to the Claims:

Please replace claims 1-2, 4-5, 7-9, 11-12, 14-16, 18 and 20 as following:

Claim 1.	(Currently Amended) A method, comprising:
receiving by a processor unencrypted sensitive data, specified as a particular data type in application source code, with instructions compiled from the application source code for the particular data type to encrypt the sensitive data for writing to a live memory, the live memory including unencrypted nonsensitive data;
determining that the data comprises the sensitive data based on one or more tags included with the sensitive data comprising sensitive data type information;
requesting a different encryption key from a key manager for each instance of the sensitive data;
receiving the encryption key, the encryption key associated with the sensitive data; and
preventing an unencrypted form of the sensitive data from being stored in the live memory, wherein the preventing includes: 
encrypting the sensitive data using the encryption key; 
writing the encrypted sensitive data to the live memory;
storing the different encryption key in an encryption key database for each instance of sensitive data; and
storing a sensitive data type identifier associated with the different encryption key in the encryption key database.

Claim 2.	(Previously Presented) The method of claim 1, further comprising:
retrieving the encrypted sensitive data from the live memory;
requesting a decryption key from the key manager, the decryption key associated with an instance of the sensitive data of the particular type;
receiving the decryption key; 
decrypting the encrypted sensitive data using the decryption key; and
executing an operation using the decrypted sensitive data.

Claim 3.	(Canceled)

Claim 4.	(Currently Amended) The method of claim 1[[3]], further comprising:
determining, based on the one or more tags, a sensitive data type of the sensitive data; and
wherein:
the requesting comprises sending a request to the key manager, the request including the sensitive data type; and
the encryption key is associated with the sensitive data type.

Claim 5.	(Original) The method of claim 4, wherein the sensitive data type is one of a financial data type, personal information data type, and a medical data type.

Claim 6.	(Canceled)

Claim 7.	(Currently Amended) The method of claim 1[[6]], further comprising:
storing a timestamp in the encryption key database, the timestamp associated with a first use of the encryption key;
determining an age of the encryption key based on comparing a current time and current date to a time and to a date identified in the timestamp;
determining whether the age of the encryption key is greater than a threshold age; and
responsive to a determination that the age of the encryption key is greater than the threshold age:
generating a new encryption key;
generating a new timestamp based on a current date and time;
overwriting the encryption key with the new encryption key; and
overwriting the timestamp with the new timestamp. 

Claim 8.	(Currently Amended) A system, comprising:
a live memory, the live memory including unencrypted nonsensitive data;
a central processing unit (CPU), the CPU configured to:
receive unencrypted sensitive data, specified as a particular data type in application source code, with instructions compiled from the application source code for the particular data type to encrypt the sensitive data for writing to the live memory;
determine that the data comprises the sensitive data based on one or more tags included with the sensitive data comprising sensitive data type information;
determine a[[n]] different encryption key for each instance of the sensitive data, the encryption key associated with the sensitive data; and
prevent an unencrypted form of the sensitive data from being stored in the live memory, wherein the preventing includes:
encrypting the sensitive data based on the encryption key; 
writing the encrypted sensitive data to the live memory;
store the different encryption key in an encryption key database for each instance of sensitive data; and
store a sensitive data type identifier associated with the different encryption key in the encryption key database.

Claim 9.	(Original) The system of claim 8, wherein the CPU is further configured to:
retrieve the encrypted sensitive data from the live memory;
determine a decryption key, the decryption key associated with the sensitive data; and
decrypt the encrypted sensitive based on the decryption key.
Claim 10.	(Canceled) 

Claim 11.	(Currently Amended) The system of claim 8[[10]], wherein the CPU is further configured to determine, based on the one or more tags, a sensitive data type of the sensitive data, wherein the encryption key is associated with the sensitive data type.

Claim 12.	(Original) The system of claim 11, wherein the sensitive data type is one of a financial data type, personal information data type, and a medical data type.

Claim 13.	(Canceled) 

Claim 14.	(Currently Amended) The system of claim 8[[13]], wherein the CPU is further configured to:
store a timestamp in the encryption key database, the timestamp associated with a first use of the encryption key;
store a threshold age in the encryption key database;
determine an age of the encryption key based on comparing a current time and current date to a time and to a date identified in the timestamp;
determine whether the age of the encryption key is greater than the threshold age; and
responsive to a determination that the age of the encryption key is greater than the threshold age:
generate a new encryption key;
generate a new timestamp based on a current date and time;
overwrite the encryption key with the new encryption key; and
overwrite the timestamp with the new timestamp.

Claim 15.	(Currently Amended) A computer program product, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to:
receive unencrypted sensitive data, specified as a particular object type in application source code, with instructions compiled from the application source code for the particular object type to encrypt the sensitive data for writing to a live memory, the live memory including unencrypted nonsensitive data;
determine that the data comprises the sensitive data based on one or more tags included with the sensitive data comprising sensitive data type information;
determine a[[n]] different encryption key for each instance of the sensitive data, the encryption key associated with the sensitive data; and
prevent an unencrypted form of the sensitive data from being stored in the live memory, wherein the preventing includes:
encrypting the sensitive data based on the encryption key; 
writing the encrypted sensitive data to the live memory;
store the different encryption key in an encryption key database for each instance of sensitive data; and
store a sensitive data type identifier associated with the different encryption key in the encryption key database.

Claim 16.	(Original) The computer program product of claim 15, wherein the instructions further cause the computer to:
retrieve the encrypted sensitive data from the live memory;
determine a decryption key, the decryption key associated with the sensitive data; and
decrypt the encrypted sensitive based on the decryption key.

Claim 17.	(Canceled) 

Claim 18.	(Currently Amended) The computer program product of claim 15[[17]], wherein the instructions further cause the computer to determine, based on the one or more tags, a sensitive data type of the sensitive data, wherein the encryption key is associated with the sensitive data type.

Claim 19.	(Canceled) 

Claim 20.	(Previously Presented) The computer program product of claim 15[[19]], wherein the instructions further cause the computer to:
store a timestamp in the encryption key database, the timestamp associated with a first use of the encryption key;
store a threshold age in the encryption key database;
determine an age of the encryption key based on comparing a current time and current date to a time and to a date identified in the timestamp;
determine whether the age of the encryption key is greater than the threshold age; and
responsive to a determination that the age of the encryption key is greater than the threshold age:
generate a new encryption key;
generate a new timestamp based on a current date and time;
overwrite the encryption key with the new encryption key; and
overwrite the timestamp with the new timestamp.



Response to Arguments/Remarks
Claim 1-2, 4-5, 7-9, 11-12, 14-16, 18 and 20 are allowed

Examiner’s Statement of reason for Allowance
Claims 1-2, 4-5, 7-9, 11-12, 14-16, 18 and 20 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The present invention is an indication of processor a particular data type in application source code, encrypt the sensitive data for writing to a live memory; determining that the sensitive data based tags and preventing an unencrypted form of the sensitive data from being stored in the live memory.
The closest prior art, as previously recited, are Kouladjie (US 20120331284), Whelihan (US 10169251), McClintock (US 9576147), PAPAPANAGIOTOU (US 20170193031) in which, Kouladjie discloses the data protector limits access to sensitive data to the data consumers. A key manager provides a time-limited encryption key to the data protector. Responsive to collection of the time-limited encryption key from the key manager and sensitive data from a data provider, the data protector encrypts the sensitive data with the time-limited encryption key effective to produce encrypted sensitive data. Whelihan discloses execution of the first set of instructions causes the secure processor to read a first register value from the register of the secure processor, the register of the secure processor preventing repeated reads of a same value of the register, and determine whether the first register value belongs to the set of valid register values encoded in the encrypted computer program. Execution of further instructions of the encrypted computer program is prevented if the first register value does not belong to the set of valid register values encoded in the encrypted computer program. McClintock discloses A metadata tag may be applied to data to indicate a type of the data. In some cases, the tag may be applied to the data when the data is decrypted, and the tag may propagate with the data as the data is passed between processes. A software module may include control logic that is configured to apply data usage policies based on the type tag of data. PAPAPANAGIOTOU discloses the data reconciliation engine generates one or more recommendations designed to resolve inconsistencies between the data snapshots. The data reconciliation engine then transmits each recommendation to a different data store node. Because the data reconciliation engine performs many of the resource-intensive operations included in the data reconciliation process. 
		However, none of Kouladjie (US 20120331284), Whelihan (US 10169251), McClintock (US 9576147), PAPAPANAGIOTOU (US 20170193031), teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent Claim1 and similarly Claim 8 and Claim 15. For example, none of the cited prior teaches or suggest the steps of Claim 1 and similarly Claim 11 and Claim 20: receiving by a processor unencrypted sensitive data, specified as a particular data type in application source code, with instructions compiled from the application source code for the particular data type to encrypt the sensitive data for writing to a live memory, the live memory including unencrypted nonsensitive data; determining that the data comprises the sensitive data based on one or more tags included with the sensitive data comprising sensitive data type information; requesting a different encryption key from a key manager for each instance of the sensitive data; receiving the encryption key, the encryption key associated with the sensitive data; and preventing an unencrypted form of the sensitive data from being stored in the live memory, wherein the preventing includes: encrypting the sensitive data using the encryption key; encryption key in an encryption key database for each instance of sensitive data; and storing a sensitive data type identifier associated with the different encryption key in the encryption key database.

Therefore the claims are allowable over the cited prior art.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  
For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


	/C.W./Examiner, Art Unit 2439   



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439