Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
   
            DETAILED ACTION

1.	This action is responsive to:  an original application filed on 11 December 2019.	
2.	Claims 1-28 are currently pending and claims 1, 5, 15 and 19 are independent claims. 

Information Disclosure Statement

3.	No IDS filed.

        Priority

4.	No Priority claimed.

       Drawings

5.	The drawings filed on 11 December 2019 are accepted by the examiner. 

				  Specification Objection

6.	Applicant is reminded of the proper content of an abstract of the disclosure.
A patent abstract is a concise statement of the technical disclosure of the patent and should include that which is new in the art to which the invention pertains. The abstract should not refer to purported merits or speculative applications of the invention and should not compare the invention with the prior art.
If the patent is of a basic nature, the entire technical disclosure may be new in the art, and the abstract should be directed to the entire disclosure. If the patent is in the nature of an improvement in an old apparatus, process, product, or composition, the abstract should include the technical disclosure of the improvement. The abstract should also mention by way of example any preferred modifications or alternatives. 
Where applicable, the abstract should include the following: (1) if a machine or apparatus, its organization and operation; (2) if an article, its method of making; (3) if a chemical compound, its identity and use; (4) if a mixture, its ingredients; (5) if a process, the steps.
Extensive mechanical and design details of an apparatus should not be included in the abstract. The abstract should be in narrative form and generally limited to a single paragraph within the range of 50 to 150 words in length.
See MPEP § 608.01(b) for guidelines for the preparation of patent abstracts.

				
			           Examiner’s Note

7.	Claims 19-20 are Allowable.


	


Claim Rejections - 35 USC § 103
	
8.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-18 are rejected under 35 U.S.C §103 as being unpatentable over Lee et al. (US Publication No. 20120140923), hereinafter Lee and in view of Kulkarni et al. (CN Publication No. 102893265), hereinafter Kulkarni.  

Regarding claim 1: 
retrieving one or more encrypted data records that are stored at one or more encrypted-data locations of a plurality of encrypted-data locations (Lee, ¶8, 68, 70).
Lee does not explicitly suggest, wherein each encrypted data record of the one or more encrypted data records comprises a composite value that includes a key version; however, in a same field of endeavor Kulkarni discloses this limitation (Kulkarni, ¶45).
determining that the key version of a particular encrypted data record of the one or more encrypted data records matches a source key version (Lee, ¶70).
generating a particular decrypted data record by decrypting the particular encrypted data record of the one or more encrypted data records using an encryption key that corresponds to the source key version (Lee, ¶36, 67).
generating a particular re-encrypted data record by encrypting the particular decrypted data record using an encryption key that corresponds to a target key version (Lee, ¶18, 75).
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to include the method of “Key rotation” of Lee with the using composite value disclosed in Kulkarni to compress data to save space in the memory, stated by Kulkarni at para.47.

Regarding claim 2:
further comprising: storing, in one or more data repositories, a location-to-key-name mapping that maps a plurality of key names to the plurality of encrypted-data locations. receiving a key rotation request that specifies one or more one or more key names of the plurality of key names, the source key version, and the target key version (Lee, ¶70, 18, 29).
Regarding claim 3:
further comprising: using the location-to-key-name mapping, determining the one or more encrypted-data locations of the plurality of encrypted-data locations based on the one or more key names of the plurality of key names (Lee, ¶24).
Regarding claim 4:
Lee does not explicitly suggest, wherein each composite value includes payload data; wherein generating the particular decrypted data record comprises decrypting the payload data of the composite value of the particular encrypted data record using the encryption key that corresponds to the source key version; wherein generating the particular re-encrypted data record comprises encrypting the payload data of the composite value of the particular decrypted data record using the encryption key that corresponds to the target key version; however, in a same field of endeavor Kulkarni discloses this limitation (Kulkarni, ¶3, 45).
Same motivation for combining the respective features of Kulkarni and Lee applies herein, as discussed in the rejection of claim 1.

Regarding claim 5: 
generating a first set of messages, each message of the first set of messages identifying a table associated with one or more encrypted-data locations of a plurality of encrypted-data locations (Lee, ¶24, 35-36).
generating, by each worker process of a first plurality of worker processes, one or more messages of a second set of messages, each of the one or more messages of the second set of messages identifying a subset of encrypted data records included in a table identified in a message of the first set of messages (Lee, ¶6-7, 23)
generating, by each worker process of a second plurality of worker processes, decrypted data records by decrypting the subset of encrypted data records identified in a message of the second set of messages (Lee, ¶45, 35-36).
generating, by each worker process of the second plurality of worker processes, re-encrypted data records by encrypting the decrypted data records that were decrypted by the respective worker process of the second plurality of worker processes (Lee, ¶74-76, 44).
wherein the re-encrypted data records are generating using new encryption keys to encrypt the decrypted data records (Lee, ¶18).
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to include the method of “Key rotation” of Lee with the using composite value disclosed in Kulkarni to compress data to save space in the memory, stated by Kulkarni at para.47.

Regarding claim 6:
further comprising: storing, in one or more data repositories, a location-to-key-name mapping that maps a plurality of key names to the plurality of encrypted-data locations; receiving a key replacement request that specifies the one or more one or more key names of the plurality of key names (Lee, ¶70, 18, 29).
Regarding claim 7:
further comprising: using the location-to-key-name mapping, determining the one or more encrypted-data locations of the plurality of encrypted-data locations based on the one or more key names of the plurality of key names (Lee, ¶70).
Regarding claim 8:
further comprising: updating the location-to-key-name mapping with new key names that correspond to the new encryption keys used to encrypt the decrypted data records (Lee, ¶24).
Regarding claim 9:
further comprising: assigning each message of the first set of messages to a distinct worker process of the first plurality of worker processes; determining, by each worker process of the first plurality of worker processes, an amount of encrypted data records included in the table identified in the message assigned to the respective worker process of the first plurality of worker processes; wherein a size of the subset of encrypted data records identified in each of the second set of messages is based on the amount of encrypted data records included in the table identified in the message assigned to the respective worker process of the first plurality of worker processes (Lee, claim 9).
Regarding claim 10:
further comprising: assigning each message of the second set of messages to a distinct worker process of the second plurality of worker processes; wherein the decrypted data records generated by each worker process of the second plurality of worker processes are generated by decrypting the subset of encrypted data records identified in the message of the second set of messages that is assigned to the respective worker process of the second plurality of worker processes (Lee, ¶6-7, 23, 35-36).
Regarding claim 11:
further comprising: storing the re-encrypted data records at the one or more encrypted-data locations (Lee, ¶24, 35-36).
Regarding claim 12:
further comprising: detecting, by a particular worker process of the second plurality of worker processes, an error while generating the decrypted data records or re-encrypted data records; generating, by the particular worker process of the second plurality of worker processes, a retry message that identifies the error; assigning the retry message to a distinct worker process of the second plurality of worker processes for retry (Lee, ¶71).
Regarding claim 13:
further comprising: generating a retry count based on the retry message and storing the retry count in a database (Lee, ¶6).
Regarding claim 14:
further comprising: in response to determining that the retry count is greater than a threshold value, generating and storing a failure message in a database for manual review (Lee, ¶71-72).
Regarding claim 15:
retrieving one or more encrypted data records that are stored at one or more encrypted-data locations of a plurality of encrypted-data locations (Lee, ¶8, 68, 70). 
Lee does not explicitly suggest, wherein each encrypted data record of the one or more encrypted data records comprises a composite value that includes a key version; however, in a same field of endeavor Kulkarni discloses this limitation (Kulkarni, ¶45).
determining that the key version of a particular encrypted data record of the one or more encrypted data records matches a source key version (Lee, ¶70).
generating a particular decrypted data record by decrypting the particular encrypted data record of the one or more encrypted data records using an encryption key that corresponds to the source key version (Lee, ¶36, 67).
generating a particular re-encrypted data record by encrypting the particular decrypted data record using an encryption key that corresponds to a target key version (Lee, ¶18, 75).
Lee does not explicitly suggest, wherein each encrypted data record of the one or more encrypted data records comprises a composite value that includes a key version; however, in a same field of endeavor Kulkarni discloses this limitation (Kulkarni, ¶45).
Regarding claim 16:
further comprising instructions for: storing, in one or more data repositories, a location-to-key-name mapping that maps a plurality of key names to the plurality of encrypted-data locations. receiving a key rotation request that specifies one or more one or more key names of the plurality of key names, the source key version, and the target key version (Lee, ¶18, 75).

Regarding claim 17:
further comprising instructions for: using the location-to-key-name mapping, determining the one or more encrypted-data locations of the plurality of encrypted-data locations based on the one or more key names of the plurality of key names (Lee, ¶24).
Regarding claim 18:
Lee does not explicitly suggest, wherein each composite value includes payload data; wherein generating the particular decrypted data record comprises decrypting the payload data of the composite value of the particular encrypted data record using the encryption key that corresponds to the source key version; wherein generating the particular re-encrypted data record comprises encrypting the payload data of the composite value of the particular decrypted data record using the encryption key that corresponds to the target key version; however, in a same field of endeavor Kulkarni discloses this limitation (Kulkarni, ¶3, 45).
Same motivation for combining the respective features of Kulkarni and Lee applies herein, as discussed in the rejection of claim 15.

  Conclusion

9.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Monjour Rahim whose telephone number is (571)270-3890. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (in USA or CANANDA) or 571-272-1000.

/Monjur Rahim/
Patent Examiner
United States Patent and Trademark Office
Art Unit: 2436; Phone: 571.270.3890
E-mail: monjur.rahim@uspto.gov
Fax: 571.270.4890