DETAILED ACTION
This Non Final Office Action is in response to Application filed on 01/29/2021.
Claims 1-20 filed on 01/29/2021 are being considered on the merits.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 01/29/2021 are accepted.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 01/29/2021 have been considered. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly an initialed and dated copy of Applicant's IDS form 1449 filed 01/29/2021 are attached to the instant Office action. 

Claim Objections
Claims 5, 7, and 9 objected to because of the following informalities:  
claim 5 recites “wherein each tenant has data stored on the database system in distinct extents, the fragments of each extent being encrypted using the same symmetric key”, emphasis in italic, lacking antecedent basis for “the database system” and “the fragments”. Examiner recommends replacing the above excerpt with “wherein each tenant has data stored on the database  server in distinct extents,  fragments of each extent being encrypted using the same symmetric key”, …”, as described in [0064, 0067] of the specification of the instant application and consistent with the database server storing data as recited in independent claim 1. 
claim 7 recites “a request for a regenerated symmetric key to the security server via the network channel…the regenerated symmetric key being generated by the key server based on the public key and the private key, the duplicate symmetric key being derived using the key derivation function; and decrypting, by the security module, the encrypted data received from the client device using the duplicate symmetric key”, emphasis in italic, lacking antecedent basis for ” the security server” and “the duplicate symmetric key”, and lacking clarity for “generated by the key server based on the public key and the private key”, as it is not clear which private key is partaking in the generation of the symmetric key. Examiner recommends:
a. replacing ” the security server” with “the key server”, as described in [0074] of the specification of the instant application.
b. replacing  “the duplicate symmetric key” with “the  regenerated symmetric key”, consistent with the preceding limitations in claim 7.
c. replacing “…generated by the key server based on the public key and the private key” with “generated by the key server based on the public key and the private key managed by the key server” such that the private key the partake in the generation of the symmetric key is the private key managed by the key server, as opposed to the private key generated by the security module.
claim 9 recites “a security module”. Examiner recommends replacing “a security module” with “the security module” since the “security module” has previously been recited in claim 1. 
Appropriate correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-2, 10-11 and 15-16 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 8 and 15 of Application No. 17/931 226 hereinafter 226, in view of Pahl et. al. (US 20150288514 A1), hereinafter Pahl, Le Saint et. al. (US 20160065370 A1), hereinafter Saint, and further in view of Sinor (US 9369443 B1), hereinafter Sinor . This is a non-provisional nonstatutory double patenting rejection.
Instant Application 17/162, 766
Co-pending Application 17/931 226
A computer-implemented method for securing client data natively on a database using key agreement, the database being stored on a database server, the method comprising: receiving, by a security module running on the database server, a request over a network channel from a client application to store data from a client device, the client application being associated with a tenant identifier; 
generating, by the security module in response to receiving the request to store data, a private key-public key pair; transmitting, over the network channel by the security module, a request to derive a symmetric key from a key server, the request for the symmetric key comprising the public key, the public key being stored in a data store otherwise inaccessible by the key server and being associated by the security module with the tenant identifier; receiving, by the security module, the symmetric key from the key server via the network channel, the symmetric key being generated by the key server based on the public key and a private key managed by the key server, the private key managed by the key server being accessible by the key server and not accessible by the database server, the symmetric key being derived using a key derivation function; encrypting, by the security module, the data received from the client device using the symmetric key; and storing the public key associated with the tenant identifier and an identifier for the private key managed by the key server in metadata associated with the data encrypted using the symmetric key.

Claims 10 and 15
Claims 2, 11, 16
1. (Currently Amended) A computer-implemented method for securing client data using a security server, the method comprising: 
receiving, by a security server, a request to derive a symmetric key from an application server, the request comprising a public key, a salt value, and a key identifier associated with a private key, the public key and private key corresponding to different points on an elliptic curve; 
deriving the symmetric key, by the security server, based on the received public key and the private key associated with the key identifier using a key derivation function, the deriving comprising: retrieving the private key associated with the key identifier from a storage location that is not accessible by the application server;
applying a key agreement protocol to the received public key and the retrieved private key associated with the key identifier, the key agreement protocol outputting a key agreement key by combining the received public key and the retrieved private key to obtain a value on the same elliptic curve as the received public key and the retrieved private key; and
applying a key derivation function to the key agreement key to generate the symmetric key by using the obtained value on the same elliptic curve as an input to the key derivation function; and
transmitting, by the security server, the derived symmetric key to the
requesting application server, the symmetric key being subsequently stored in an in-memory cache of the application server and being used by the application server to encrypt customer data.
Claims 8 and 15


Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1, 10 and 15 of the 226 application contains every element of claims 1, 10 and 15 of the instant application except for the bolded limitations as seen in the above table.  However, 
Pahl discloses a computer-implemented method for securing client data natively on a database using key agreement, the database being stored on a database server, the method comprising: receiving, by a security module running on the database server, a request over a network channel from a client application to store data from a client device, the client application being associated with a tenant identifier (Pahl [0233] “While the secure session is in operation, the client device and secure session server may exchange data securely.”, [0237] “…the key server generates and transmits to the secure session server the set of session keys to be used during the secure session between the client device and the secure session server.”, where the master secret/pre-master secret  corresponds to key agreement, used to generate a session/symmetric key, e.g. see [0038-0039], illustrated in e.g. Figure 8 (850-860), session server 120 in Figure 1 corresponds to the database server, [0043] “ the Client Hello message is transmitted to the secure session server 120 as a result of a Domain Name System (DNS) request for the domain the client device 110 is attempting to connect to resolving to an IP address of the secure session server 120. The Client Hello message may include the following: an indication of the requested version of the SSL or TLS protocol, a requested session identifier used to identify the session connection, a list of cipher suites supported by the client device 110, a list of the compression methods supported by the client device 110, random data used for cryptographic purposes”, where session identifier corresponds to identifier, where the process performed by the session server corresponds to the security module, and the process performed by the client corresponds to the client application, [0037] “The traffic may be received at the secure session server as a result of a client network application of the client device (e.g., a web browser)”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 226 to incorporate the teaching of Pahl to utilize the above feature, with the motivation of establishing secure communication between client devices and session servers using a session key, as recognized by (Pahl Abstract and throughout).
226 in view of Pahl do not disclose the below.
Saint discloses a server utilizing a database for storing data (Saint [0034] “the server computer may be a database server coupled to a Web server. The server computer may be coupled to a database and may include any hardware, software, other logic, or combination of the preceding for servicing the requests from one or more client computers ”, [0132] “…the user device identifier may be used to retrieve corresponding identification data from a device database. ”),
Saint further discloses the public key being stored in a data store otherwise inaccessible by the key server (Saint [0007] “The user device can be configured to receive the provisioning response message including credentials and a blinded static server computer public key from the server computer, determine the second shared secret using the ephemeral private key and the blinded static server computer public key, and decrypt the encrypted credentials using the second shared secret to determine credentials.”, where the received blinded static server computer public key is inaccessible by the receiver since it is “blinded” as disclosed in [0041] “A “blinded key,” such as a “blinded public key” may include a key that has been obfuscated or otherwise modified from its original value”),
Saint further discloses tenant identifier (Saint discloses identifiers associated with user or device as disclosed in e.g. [0045]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 226 in view of Pahl to incorporate the teaching of Saint to utilize the above feature, with the motivation of using a blinded/obfuscated key in creating payment credentials, and establishing secure communication, as recognized by (Saint [0093]).
226 in view of Pahl and Saint do not disclose the below.
Sinor discloses generating, by the security module in response to receiving the request to store data, a private key-public key pair (Sinor Col. 11 line 9-22 “…the user may be authorized to access all of the requested data, only certain fields or records of the requested data, all but certain fields or records of the requested data, only data reflecting information between certain dates, etc. (step 414). If the user is authorized to access or view all or a portion of the requested data, then the server/platform generates a “key” pair and provides the platform public key to the client application (step 416). The server/platform then accesses the requested data (which may be a file, record, document, etc.) and prepares it for transmission to the user (step 418). This may involve decrypting previously encrypted data that was protected when stored in a database”, examiner notes that the purpose of the request is an intended use, e.g. utilized to store data or retrieved stored data).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 226 in view of Pahl and Saint to incorporate the teaching of Sinor to utilize the above feature, with the motivation of providing authorized users with previously encrypted data in a database, as recognized by (Sinor Col. 11 line 9-22).
Claims 1-3, 8, 10-11, 15-16 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-3, 8- 10 and 16-18 of Application No. 17/931 210 hereinafter 210, in view of Pahl et. al. (US 20150288514 A1), hereinafter Pahl, Le Saint et. al. (US 20160065370 A1), hereinafter Saint, and further in view of Sinor (US 9369443 B1), hereinafter Sinor . This is a non-provisional nonstatutory double patenting rejection.
Instant Application 17/162, 766
Co-pending Application 17/931 210
A computer-implemented method for securing client data natively on a database using key agreement, the database being stored on a database server, the method comprising: receiving, by a security module running on the database server, a request over a network channel from a client application to store data from a client device, the client application being associated with a tenant identifier; 
generating, by the security module in response to receiving the request to store data, a private key-public key pair; transmitting, over the network channel by the security module, a request to derive a symmetric key from a key server, the request for the symmetric key comprising the public key, the public key being stored in a data store otherwise inaccessible by the key server and being associated by the security module with the tenant identifier; receiving, by the security module, the symmetric key from the key server via the network channel, the symmetric key being generated by the key server based on the public key and a private key managed by the key server, the private key managed by the key server being accessible by the key server and not accessible by the database server, the symmetric key being derived using a key derivation function; encrypting, by the security module, the data received from the client device using the symmetric key; and storing the public key associated with the tenant identifier and an identifier for the private key managed by the key server in metadata associated with the data encrypted using the symmetric key.

Claims 10 and 15

1. (Currently Amended) A computer-implemented method for securing client data using an application server, the method comprising: storing, by an application server, a key identifier received from a security server over a network connection, the application server being a separate server than the security server and the key identifier being associated with a private key, the private key being accessible by the security server and not accessible by the application server, the application server also being in communication with a plurality of client devices over a network; transmitting, from the application server to the security server, a request to derive a symmetric key, the request being received after the storing the key identifier, the request comprising a public key generated by the application server, a salt value, and the key identifier; receiving, by the application server, the symmetric key from the security server, the symmetric key being derived based on the transmitted public key and the private key associated with the key identifier using a key derivation function, the symmetric key being stored in an in- memory cache of the application server; and encrypting, by the application server, data received from one of the plurality of client devices using the symmetric key, the encrypted data being stored on persistent storage in communication with the application server.








Claims 9 and 17
Clams 2, 11 and 16
Claims 2, 10 and 18
Claims 3
Claim 3
Claim 8
Claim 8

Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1-3, 8- 10 and 16-18 of the 210 application contains every element of claims 1-3, 8, 10-11, 15-16 of the instant application except for the bolded limitations as seen in the above table.  However, 
Pahl discloses A computer-implemented method for securing client data natively on a database using key agreement, the database being stored on a database server, the method comprising: receiving, by a security module running on the database server, a request over a network channel from a client application to store data from a client device, the client application being associated with a tenant identifier (Pahl [0233] “While the secure session is in operation, the client device and secure session server may exchange data securely.”, [0237] “…the key server generates and transmits to the secure session server the set of session keys to be used during the secure session between the client device and the secure session server.”, where the master secret/pre-master secret  corresponds to key agreement, used to generate a session/symmetric key, e.g. see [0038-0039], illustrated in e.g. Figure 8 (850-860), session server 120 in Figure 1 corresponds to the database server, [0043] “ the Client Hello message is transmitted to the secure session server 120 as a result of a Domain Name System (DNS) request for the domain the client device 110 is attempting to connect to resolving to an IP address of the secure session server 120. The Client Hello message may include the following: an indication of the requested version of the SSL or TLS protocol, a requested session identifier used to identify the session connection, a list of cipher suites supported by the client device 110, a list of the compression methods supported by the client device 110, random data used for cryptographic purposes”, where session identifier corresponds to identifier, where the process performed by the session server corresponds to the security module, and the process performed by the client corresponds to the client application, [0037] “The traffic may be received at the secure session server as a result of a client network application of the client device (e.g., a web browser)”, [0048] discloses various identifiers transmitted with the request, including a fingerprint of the public certificate, hash of the public key, etc., where the hash value is associated with private key as an identifier that may be looked up, where the information is transmitted in header, header holding metadata, where the header information is stored in order to perform the look up).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 210 to incorporate the teaching of Pahl to utilize the above feature, with the motivation of establishing secure communication between client devices and session servers using a session key, as recognized by (Pahl Abstract and throughout).
210 in view of Pahl do not disclose the below.
Saint discloses a server utilizing a database for storing data (Saint [0034] “the server computer may be a database server coupled to a Web server. The server computer may be coupled to a database and may include any hardware, software, other logic, or combination of the preceding for servicing the requests from one or more client computers ”, [0132] “…the user device identifier may be used to retrieve corresponding identification data from a device database. ”),
Saint further discloses the public key being stored in a data store otherwise inaccessible by the key server (Saint [0007] “The user device can be configured to receive the provisioning response message including credentials and a blinded static server computer public key from the server computer, determine the second shared secret using the ephemeral private key and the blinded static server computer public key, and decrypt the encrypted credentials using the second shared secret to determine credentials.”, where the received blinded static server computer public key is inaccessible by the receiver since it is “blinded” as disclosed in [0041] “A “blinded key,” such as a “blinded public key” may include a key that has been obfuscated or otherwise modified from its original value”),
Saint further discloses tenant identifier (Saint discloses identifiers associated with user or device as disclosed in e.g. [0045]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 210 in view of Pahl to incorporate the teaching of Saint to utilize the above feature, with the motivation of using a blinded/obfuscated key in creating payment credentials, and establishing secure communication, as recognized by (Saint [0093]).
210 in view of Pahl and Saint do not disclose the below.
Sinor discloses generating, by the security module in response to receiving the request to store data, a private key-public key pair (Sinor Col. 11 line 9-22 “…the user may be authorized to access all of the requested data, only certain fields or records of the requested data, all but certain fields or records of the requested data, only data reflecting information between certain dates, etc. (step 414). If the user is authorized to access or view all or a portion of the requested data, then the server/platform generates a “key” pair and provides the platform public key to the client application (step 416). The server/platform then accesses the requested data (which may be a file, record, document, etc.) and prepares it for transmission to the user (step 418). This may involve decrypting previously encrypted data that was protected when stored in a database”, examiner notes that the purpose of the request is an intended use, e.g. utilized to store data or retrieved stored data).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified 210 in view of Pahl and Saint to incorporate the teaching of Sinor to utilize the above feature, with the motivation of providing authorized users with previously encrypted data in a database, as recognized by (Sinor Col. 11 line 9-22).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3-5, 7, 10, 12-15 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Pahl et. al. (US 20150288514 A1), hereinafter Pahl, Le Saint et. al. (US 20160065370 A1), hereinafter Saint, and further in view of Sinor (US 9369443 B1), hereinafter Sinor.

Regarding claim 1, Pahl teaches a computer-implemented method for securing client data [natively on a database] using key agreement, [the database] being stored on a database server (Pahl [0233] “While the secure session is in operation, the client device and secure session server may exchange data securely.”, [0237] “…the key server generates and transmits to the secure session server the set of session keys to be used during the secure session between the client device and the secure session server.”, where the master secret/pre-master secret  corresponds to key agreement, used to generate a session/symmetric key, e.g. see [0038-0039], illustrated in e.g. Figure 8 (850-860), session server 120 in Figure 1 corresponds to the database server), the method comprising: 
receiving, by a security module running on the database server, a request over a network channel from a client application to store data from a client device, the client application being associated with a [tenant] identifier (Pahl [0043] “ the Client Hello message is transmitted to the secure session server 120 as a result of a Domain Name System (DNS) request for the domain the client device 110 is attempting to connect to resolving to an IP address of the secure session server 120. The Client Hello message may include the following: an indication of the requested version of the SSL or TLS protocol, a requested session identifier used to identify the session connection, a list of cipher suites supported by the client device 110, a list of the compression methods supported by the client device 110, random data used for cryptographic purposes”, where session identifier corresponds to client session identifier, where the process performed by the session server corresponds to the security module, and the process performed by the client corresponds to the client application, [0037] “The traffic may be received at the secure session server as a result of a client network application of the client device (e.g., a web browser)”, where the request is eventually used to exchange data securely, where the exchanged data has to be stored in order to be decrypted and read); 
[generating, by the security module in response to receiving the request to store data, a private key-public key pair]; 
transmitting, over the network channel by the security module, a request to derive a symmetric key from a key server (Pahl Abstract [0038-00039] “The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret and session keys for the secure session. The different server decrypts the encrypted premaster secret, generates the master secret, and generates session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server and transmits those session keys to that server.”, where the session key is as symmetric key as disclosed in [0007], [0039] “…the secure session server may request the key server to decrypt the premaster secret using the corresponding private key. The decrypted premaster secret is used by both the client device and secure session server to create a shared secret (referred to as a master secret) that is used when generating the session keys that are used to encrypt and decrypt data during the secure session. ”, Figure 13 (1355)), 
the request for the symmetric key comprising the public key, the public key being stored in a data store [otherwise inaccessible by the key server] and being associated by the security module with the [tenant] identifier (Pahl [0048] discloses various identifiers transmitted with the request, including a fingerprint of the public certificate, hash of the public key, etc., where the hash value is associated with private key as an identifier that may be looked up, [0209] “The secure session server 1320 may also transmit the session identifier included in the Client Hello message of operation 13.13 (if non-empty) to the key server 1330.”, where the request is sent along with the public key hash and session identifier associated with the client device requesting the session to be created); 
receiving, by the security module, the symmetric key from the key server via the network channel (Pahl Figure 15 (1535) [0024] “…operations performed by a key server in response to receiving an encrypted premaster secret and other information to generate a set of session keys for a secure session between a client device and a secure session server according to one embodiment”, [0232] “Flow then moves to operation 1535 where the key server transmits the generated session keys to the secure session server.”, Figure 13 (1355) secure connection), 
the symmetric key being generated by the key server based on the public key and a private key managed by the key server, the private key managed by the key server being accessible by the key server and not accessible by the database server, the symmetric key being derived using a key derivation function (Pahl [0048, 0228-0232], where the session key, corresponding to the symmetric key is generated, based on associating the hash of the public key as disclosed in [0048], with the private key stored at the key server, where the key server decrypts the encrypted premaster secret, generating a master secret, and generating the session key, as illustrated in Figure 15 (1515-1535), [0394] discloses the private key manageable and accessible by the key server, and not accessible to the session server unless it requests the private key from the key server for access only for a limited time, [0190] discloses utilizing an algorithm to generate the session key “(e.g., the information may specify the negotiated cipher suite that defines the cipher specification (the key server may look up the parameters of the cipher specification) or may specify parameters of the negotiated cipher suite for generating the session keys including information identifying the pseudorandom function (PRF) algorithm”); 
encrypting, by the security module, the data received from the client device using the symmetric key (Pahl [0233] “While the secure session is in operation, the client device and secure session server may exchange data securely.”, [0237] “…the key server generates and transmits to the secure session server the set of session keys to be used during the secure session between the client device and the secure session server.”, [0251] “At operation 16.18, the key server 1630 transmits to the secure session server 1620 the set of session keys that are used to encrypt and decrypt messages during the secure session between the client device 1610 and the secure session server 1620.”, [0253] “The session keys will be used by the secure session server 1620 when encrypting and decrypting information sent between the client device 1610 and the secure session server 1620. For example, the client write key is used by the client device to encrypt data and used by the secure session server to decrypt data received from the client device,”); and 
storing the public key associated with the [tenant] identifier and an identifier for the private key managed by the key server in metadata associated with the data encrypted using the symmetric key (Pahl [0048] discloses various identifiers transmitted with the request, including a fingerprint of the public certificate, hash of the public key, etc., where the hash value is associated with private key as an identifier that may be looked up, where the information is transmitted in header, header holding metadata, where the header information is stored in order to perform the look up).
Pahl discloses establishing secure communication between a server and client, where the secure communication includes encrypting/decrypting exchanged data between the client and server, indicating a mean of storage at both ends to encrypt/decrypt data, however Pahl does not disclose the server includes a database and further does not disclose a public key being inaccessible to one communicating entity and the further below limitations.
Saint discloses a server utilizing a database for storing data (Saint [0034] “the server computer may be a database server coupled to a Web server. The server computer may be coupled to a database and may include any hardware, software, other logic, or combination of the preceding for servicing the requests from one or more client computers ”, [0132] “…the user device identifier may be used to retrieve corresponding identification data from a device database. ”),
Saint further discloses the public key being stored in a data store otherwise inaccessible by the key server (Saint [0007] “The user device can be configured to receive the provisioning response message including credentials and a blinded static server computer public key from the server computer, determine the second shared secret using the ephemeral private key and the blinded static server computer public key, and decrypt the encrypted credentials using the second shared secret to determine credentials.”, where the received blinded static server computer public key is inaccessible by the receiver since it is “blinded” as disclosed in [0041] “A “blinded key,” such as a “blinded public key” may include a key that has been obfuscated or otherwise modified from its original value”),
Saint further discloses tenant identifier (Saint discloses identifiers associated with user or device as disclosed in e.g. [0045]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pahl to incorporate the teaching of Saint to utilize the above feature, with the motivation of using a blinded/obfuscated key in creating payment credentials, and establishing secure communication, as recognized by (Saint [0093]).
Pahl in view of Saint disclose the aforementioned limitations, where Saint further discloses generating session key from public key and private key, upon receiving the request. However, Pahl in view of Saint do not explicitly disclose the below limitation.
Sinor discloses generating, by the security module in response to receiving the request to store data, a private key-public key pair (Sinor Col. 11 line 9-22 “…the user may be authorized to access all of the requested data, only certain fields or records of the requested data, all but certain fields or records of the requested data, only data reflecting information between certain dates, etc. (step 414). If the user is authorized to access or view all or a portion of the requested data, then the server/platform generates a “key” pair and provides the platform public key to the client application (step 416). The server/platform then accesses the requested data (which may be a file, record, document, etc.) and prepares it for transmission to the user (step 418). This may involve decrypting previously encrypted data that was protected when stored in a database”, examiner notes that the purpose of the request is an intended use, e.g. utilized to store data or retrieved stored data).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pahl in view of Saint to incorporate the teaching of Sinor to utilize the above feature, with the motivation of providing authorized users with previously encrypted data in a database, as recognized by (Sinor Col. 11 line 9-22).

Claims 10 and 15 are directed to an apparatus and a computer program product, respectively, associated with the method claimed in claim 1. Claims 10 and 15 are similar in scope to claim 1, and are therefore rejected with the same rationale and motivation as claim 1. 

Regarding claim 3, Pahl in view of Saint and Sinor teaches the method of claim 1, wherein the public key associated with the identifier and the private key managed by the key server are components of an elliptic curve Diffie-Hellman key exchange (Pahl [0038] and [0073, 0075] discloses utilizing Elliptic Curve Diffie-Hellman (ECDHE)). Pahl does not explicitly disclose tenant identifier. Saint discloses tenant identifier. Rationale and motivation in claim 1 apply.

Regarding claim 4, Pahl in view of Saint and Sinor teaches the method of claim 1, the symmetric key being assigned to the client device, the database server encrypting and storing data for a plurality of different devices, the method further comprising encrypting, by the security module, subsequent data received from the client device using the symmetric key (Pahl [0037] “The secure session server is a computing device that transmits and receives Internet traffic to and from client devices indicating different client devices as further disclosed in [0042, 0365], [0024] “FIG. 15 is a flow diagram that illustrates exemplary operations performed by a key server in response to receiving an encrypted premaster secret and other information to generate a set of session keys for a secure session between a client device and a secure session server according” and further [0282] indicates the session key is used to encrypt/decrypt data and subsequent data, as long as the key has not expired).  
Pahl does not explicitly disclose different tenants. Saint discloses different tenants (Saint [0012] “The credentials may also include one or more additional shared secret and/or keys (such as a limited use key (LUK)) shared with server computers (e.g., provisioning server and/or validation server). Such shared secret and/or keys are preferably unique to a specific user device or a group of user devices.”,  [0057] “different devices may have different key derivation parameters, even if an attacker reverse-engineered the key derivation algorithm on a user device, that knowledge may not be helpful in compromising a server computer.”, [0114] “The key derivation parameters and/or the update parameters may be unique per user device or per group of user devices so as to prevent mass offline attacks.”, where each user device is associated with the server based on enrollment process as described in [0237-0247] in Figure 17.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pahl to incorporate the teaching of Saint to utilize the above feature, with the motivation of establishing secure communication between server and plurality of different user devices, as recognized by (Saint Abstract and throughout).

Claims 13 and 18 are directed to an apparatus and a computer program product, respectively, associated with the method claimed in claim 4. Claims 13 and 18 are similar in scope to claim 4, and are therefore rejected with the same rationale and motivation as claim 4. 

Regarding claim 5, Pahl in view of Saint and Sinor teaches the method of claim 4, wherein each tenant has data stored on the database system in distinct extents, the fragments of each extent being encrypted using the same symmetric key (Pahl [0037] “The secure session server is a computing device that transmits and receives Internet traffic to and from client devices indicating different client devices/tenants as further disclosed in [0042, 0365], [0024] “FIG. 15 is a flow diagram that illustrates exemplary operations performed by a key server in response to receiving an encrypted premaster secret and other information to generate a set of session keys for a secure session between a client device and a secure session server according” and further [0282] indicates the session key is used to encrypt/decrypt data and subsequent data, as long as the key has not expired, where the fragments corresponds to storage/register where the encrypted data, encrypted with the session key, is held, Saint discloses tenants as described, rationale and motivation in claim 4 above).  
Claims 14 and 19 are directed to an apparatus and a computer program product, respectively, associated with the method claimed in claim 5. Claims 14 and 19 are similar in scope to claim 5, and are therefore rejected with the same rationale and motivation as claim 5.
Regarding claim 7, Pahl in view of Saint and Sinor teaches the method of claim 1, further comprising decrypting, by the security module, the encrypted data received from the client device by (Pahl discloses [0237] “…the key server generates and transmits to the secure session server the set of session keys to be used during the secure session between the client device and the secure session server.”, [0251] “At operation 16.18, the key server 1630 transmits to the secure session server 1620 the set of session keys that are used to encrypt and decrypt messages during the secure session between the client device 1610 and the secure session server 1620.”): 
identifying, by the security module, the public key and the identifier for the private key from the metadata associated with the data encrypted using the symmetric key (Pahl discloses in [0048, 0219] discloses matching identifiers in order to resume a session, where the resumption of sessions by means of identifying the private key utilizing received header information); 
transmitting, by the security module, a request for a regenerated symmetric key to the security server via the network channel, the request for the [regenerated] symmetric key comprising the public key and the identifier for the private key; receiving, by the security module, the [regenerated] symmetric key from the key server via the network channel, the [regenerated] symmetric key being generated by the key server based on the public key and the private key, the [duplicate] symmetric key being derived using the key derivation function; and decrypting, by the security module, the encrypted data received from the client device using the [duplicate] symmetric key (Pahl discloses, as described above in the rationale of claim 1, the  generation of the symmetric keys based on a request, where the symmetric key is generated by the key server based on the public key and private key, where the deriving od the symmetric key is based on an algorithm, where the symmetric key is used for secure, encryption/decryption, communication between the client and the session server, please see detailed rationale of claim 1 above. Pahl further discloses in [0219, 0282, 0348] a lifetime of a session key, which indicates that the session key is renewed for subsequent sessions between the client and the session server).
Pahl does not explicitly disclose the regenerated/duplicated symmetric key.
Saint discloses regenerated/duplicated symmetric key (Saint [0146] “Upon receipt of the request message, the server computer may regenerate the first session key using the received ephemeral public key and a server computer private key.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pahl to incorporate the teaching of Saint to utilize the above feature, with the motivation of encrypting/decrypting data, as recognized by (Saint [0146]).
Claims 12 and 17 are directed to an apparatus and a computer program product, respectively, associated with the method claimed in claim 7. Claims 12 and 17 are similar in scope to claim 7, and are therefore rejected with the same rationale and motivation as claim 7.

Claims 2, 11 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Pahl et. al. (US 20150288514 A1), hereinafter Pahl, Le Saint et. al. (US 20160065370 A1), hereinafter Saint, Sinor (US 9369443 B1), hereinafter Sinor, and Doiron et. al. (US 20220337427 A1), hereinafter Doiron.
 
Regarding claim 2, Pahl in view of Saint and Sinor teaches the method of claim 1.
Pahl in view of Saint and Sinor teaches disclose the above limitations. Pahl further discloses [0073-0075] using elliptic curve for key pair included in Ephemeral Elliptic Curve Diffie-Helman protocol. Saint discloses tenant identifier. Rationale and motivation in claim 1 apply. However, Pahl in view of Saint and Sinor do not explicitly disclose different points.
 Doiron discloses wherein both the public key associated with the identifier and the private key managed by the key server correspond to different points on an elliptic curve (Doiron [0073] “A private key V takes the form of an integer, and the corresponding public key P is a point P on the elliptic curve derived from a “generator point” G, which is also a point on the elliptic curve, as:…”, [0083] “[0083] The following table illustrates the public and private keys owned by Alice 103a and Bob 103b. In this example, the public key is related to the private key by elliptic curve multiplication, P=S G, where G is an elliptic curve generator point.”, where the above mathematical relationship between public key and the private key results into both keys being on different points on the elliptic curve).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pahl in view of Saint and Sinor to incorporate the teaching of Doiron to utilize the above feature, with the motivation of computing public keys from private keys more efficiently, as recognized by (Doiron [0074]).

Claims 11 and 16 are directed to an apparatus and a computer program product, respectively, associated with the method claimed in claim 2. Claims 11 and 16 are similar in scope to claim 2, and are therefore rejected with the same rationale and motivation as claim 2. 

Claims 6 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Pahl et. al. (US 20150288514 A1), hereinafter Pahl, Le Saint et. al. (US 20160065370 A1), hereinafter Saint, Sinor (US 9369443 B1), hereinafter Sinor, and Pizi et. al. (US 20140122875 A1), hereinafter Pizi.

Regarding claim 6, Pahl in view of Saint and Sinor teaches the method of claim 1.
Pahl in view of Saint and Sinor do not disclose the below limitation.
Pizi discloses where the symmetric key is stored in an in-memory cache of the database server, and is destroyed after encryption is complete (Pizi [0050] “upon determining that the session has been terminated, the container 108 may delete the session keys from the memory cache such that any encrypted data (e.g., encrypted using the session keys) remaining on the user device 102 after the termination of the session may no longer be decrypted. In this way, even if the user device 102 is lost, stolen, and/or accessed by unauthorized personal/programs, any session-key-encrypted data remaining on the user device after the session will be useless to any unauthorized personnel/program since the data can no longer be decrypted.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pahl in view of Saint and Sinor to incorporate the teaching of Pizi to utilize the above feature, with the motivation of “if the user device 102 is lost, stolen, and/or accessed by unauthorized personal/programs, any session-key-encrypted data remaining on the user device after the session will be useless to any unauthorized personnel/program since the data can no longer be decrypted”, as recognized by (Pizi [0050]).
  
Claim 20 is directed to a computer program product, associated with the method claimed in claim 6. Claim 20 is similar in scope to claim 6, and are therefore rejected with the same rationale and motivation as claim 6. 


Claims 8 is rejected under 35 U.S.C. 103 as being unpatentable over Pahl et. al. (US 20150288514 A1), hereinafter Pahl, Le Saint et. al. (US 20160065370 A1), hereinafter Saint, Sinor (US 9369443 B1), hereinafter Sinor, and further in view of Hilliar (US 20160219055 A1), hereinafter Hilliar.

Regarding claim 8, Pahl in view of Saint and Sinor teaches the method of claim 1.
Pahl discloses the key agreement key being generated using a key agreement protocol applied to the public key and the private key associated with the identifier (Pahl illustrates in e.g. Figure 12, generating a premaster and master secret encrypted by the public key by decrypting the secrets using the private key associated and identified by the public key as described in the rationale in claim 1 above).
Pahl in view of Saint and Sinor do not tech the below limitations 
Hilliar discloses wherein the key derivation function applies a cryptographic hash function to a key agreement key and a salt value (Hilliar Figure 3 [0049] “KDF 332 can be a hash algorithm that is computed over authorization key 321 as the input data, and session ID 304 can be used as a salt value for the hash algorithm (or vice versa) to generate conversation key 333”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pahl in view of Saint and Sinor to incorporate the teaching of Hilliar to utilize the above feature, with the motivation of providing generating conversation keys using the conversation keys to encrypt the function call, as recognized by (Hilliar Abstract and throughout).
  
Claims 9 is rejected under 35 U.S.C. 103 as being unpatentable over Pahl et. al. (US 20150288514 A1), hereinafter Pahl, Le Saint et. al. (US 20160065370 A1), hereinafter Saint, Sinor (US 9369443 B1), hereinafter Sinor, and Martin et. al. (US 20180373741 A1), hereinafter Martin.

Regarding claim 9, Pahl in view of Saint and Sinor teaches the method of claim 1.
Pahl in view of Saint and Sinor do not explicitly disclose the below limitation.
Martin discloses further comprising creating, by a security module, the tenant identifier in response to receiving a request to utilize the database from the client application over the network channel (Martin [0015] “A request may be received at the database system to create a new tenant. Template tenant metadata of a template tenant may be selected at the database system to create the new tenant based on the received request. A new tenant identifier may be created at the database system based on the selected template tenant metadata. The new tenant may be created by associating the new tenant identifier with a snapshot of at least a portion of the template tenant metadata at a point in time when the template tenant metadata is made accessible to the new tenant.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pahl in view of Saint and Sinor to incorporate the teaching of Martin to utilize the above feature, with the motivation of having tenant data stored in an immutable storage of the database system associated with a tenant identifier, as recognized by (Martin Abstract and throughout).  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Liu (US 20210281408 A1) discloses that in response to a request, a system generates a first session key for a secure channel based on a first private key of a first key pair associated with an HCM and a second public key of a second key pair associated with a DP accelerator.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BASSAM A NOAMAN/Examiner, Art Unit 2497