SYSTEM AND METHOD FOR IMPLEMENTING DISTRIBUTED ENCRYPTED DATABASE ACROSS DATABASE NODES OF DISTRIBUTED SERVER NETWORK

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-15 are cancelled. Claims 16-30 have been examined. Drawings The drawings filed on 01/15/2024 are acceptable for examination proceedings. Specification The specification filed on 01/15/2024 is acceptable for examination proceedings. Information Disclosure Statement The information disclosure statement (IDS) submitted on 04/16/2025. Accordingly, the information disclosure statement is being considered by the examiner. Internet Communications Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, http://www.uspto.gov/sites/defauit/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only. (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of pre-AIA 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action: (a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. Claims 16-30 are rejected under 35 U.S.C. 103 as being unpatentable over Beckett, JR. (US Pub. No.: US 2020/0074059 A1, hereinafter refer as to Beckett, JR.) and in view of Horowitz et al. (US Patent No.: US 10,740,353 B2, hereinafter refer as to Horowitz). As per claim 16, Beckett, JR. discloses a system (fig. 1, a computer system 100, for example) for implementing a distributed encrypted database across database nodes of a distributed server network (fig. 1 service provider server 101 may be in communication over an identity network 125 with identity provider server 103, for example and furthermore, para. 0073 discloses network 125 may involve a blockchain type of distributed ledger database wherein the ledger transactions are stored in blocks that are cryptographically secured, for example), the system (figs. 1 and 2 depicted a computer system 100, for example) comprising at least one server configured to execute a database management system to (figs 1 and 2 depicted user 115 operating client device 102 may logon and access an application software 120 program offered by the service provider. Client device 102 may execute a native software program, for example an Internet browser 130 or other software program, to provide the user interface, for user 115, when accessing and interacting with application software 120, for example):- configure at least one database node of the distributed encrypted database (para. 0092 discloses service provider 101 may operate local nodes of a distributed database for authentication, for example) with a first software to provide automated failover and replication capabilities in the distributed encrypted database (fig. 1 and 6 and furthermore para. 0173 discloses Identity network 125 may be any distributed database where the networking facilities are capable of implementing the communication protocols, computational resources, data replication, and network bandwidth sufficient to support the authentication and identification functionality, for example); integrate a second software with the database management system (fig. 1 depicted Authentication software 110 may validate the authenticator belongs to user 115 by comparing the submitted version with the version stored on identity network 125, for example) and encrypt data at rest in distributed encrypted database by employing the second software (fig. 9 step 910 depicted 910, the method may include reconstructing the sequence of indexed records into a single file, for example); and - integrate a third software with a first platform that is capable of authenticating users of the distributed encrypted database for controlling access to the encrypted files (fig. 1 depicted a computer system 100 includes a service provider server 101 used generally for realizing browser accessible web-based applications (“app” for short) such as email, gaming, word processing, photo editing, social media, e-commerce, and the like. Service providers typically rely on an authentication process for controlling access to their site, for example). Beckett, JR. failed to expressly failed to discloses a first software to provide automated failover and replication capabilities in the distributed encrypted database. However, Horowitz discloses a first software to provide automated failover and replication capabilities in the distributed encrypted database (col. 2 lines 45-53 discloses an automation agent and/or monitor agent is included on every database component being instantiated, for example, as a cloud based service. Automation agents and/or monitor agents can be configured to monitor the database for performance optimizations, administrative tasks, updates, etc., and execute any of the preceding automatically, with little or no downtime to the distributed database, and col. 3 lines 17-21 discloses the cloud system is uniquely positioned to provide database as a service and, for example, to integrate with existing MongoDB services (e.g., tools, automation, all automation/back up services, etc.) for example). Beckett, JR. as modified and Horowitz are analogous art because they both are directed to implementation of a cloud service for running, monitoring, and maintaining cloud distributed database, and one of ordinary skill in the art would have had a reasonable expectation of success to modify the teachings of Beckett, JR. with the specified features of Horowitz because they are from the same field of endeavor. In view of the above, having system of Beckett, JR. and the well-established teaching of Horowitz, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was made to modify the teachings of Beckett, JR. with the teachings of Horowitz order to provide cloud based services to run, monitor and maintain deployments of the known MongoDB database [Horowitz: col. 2 lines 25-27]. Regarding claim 17, the combination of Beckett, JR. as modified by Horowitz discloses wherein the data at rest in a distributed encrypted database is encrypted using a transparent data encryption algorithm (fig. 9 of Beckett JR. step 910 depicted 910, the method may include reconstructing the sequence of indexed records into a single file, for example). Regarding claim 18, the combination of Beckett, JR. as modified by Horowitz discloses wherein the at least one server is configured to execute the database management system to further retrieve at least one encryption key that is employed to encrypt the data at rest, from a centralized repository (para. 0127 of Beckett, JR. discloses client software 112 may retrieve from authenticator store 650 a plurality of previously acquired avatars and present an icon, via GUI 204, for example). Regarding claim 19, the combination of Beckett, JR. as modified by Horowitz discloses wherein the at least one server is further configured to generate at least one customized policy for centralized key management at the centralized repository, wherein the at least one customized policy is employed when retrieving the at least one encryption key from the centralized repository (para. 0127 of Beckett, JR. discloses client software 112 may invoke fingerprint engine 301 for retrieving the appropriate fingerprint raw materials, linked to the avatar during issuing (e.g., when acquired), from internal storage 655. Fingerprint engine 301 may generate a fingerprint from the retrieved raw materials and generate the appropriate fingerprint, for example). Regarding claim 20, the combination of Beckett, JR. as modified by Horowitz discloses wherein the database management system applies a patch to the third software, prior to integrating the third software with the first platform (para. 0066 of Beckett, JR. discloses each computational facility or separate disperse server environment may be realized by a single platform or by a distributed processing computer platform, for example). Regarding claim 21, the combination of Beckett, JR. as modified by Horowitz discloses wherein the at least one server is configured to execute the database management system to (para. 0127 of Beckett, JR. discloses client software 112 may retrieve from authenticator store 650 a plurality of previously acquired avatars and present an icon, via GUI 204, for example) further: - receive an access request from a client device, wherein the access request comprises credentials of a user; - send an authentication request comprising the credentials, to the first platform that is capable of authenticating users of the distributed encrypted database (fig. 1 of Beckett, JR. an identity software 113 program may be used by identity provider service 103 for the creation and issuance of authenticators, for example); and - upon receiving a response indicative of successful authentication of the credentials from the first platform, grant the user with access to the encrypted files (fig. 1 of Beckett, JR. depicted service provider server 101 may configure authentication software 110 in an arrangement for registering, requesting, receiving and processing the present design avatar-totem pair memetic authentication credentials from a client software 112 program, for example). Regarding claim 22, the combination of Beckett, JR. as modified by Horowitz discloses wherein the credentials comprise at least one of: a client certificate, an authentication token, a user identification, information related to a service account, information related to a role-based access control (para. 0207 of Beckett JR. discloses user's client device 102 including, without limitation, the media access control (MAC) address of the client device 102, for example). Regarding claim 23, the combination of Beckett, JR. as modified by Horowitz discloses wherein the at least one server is configured to execute the database management system to further interact with a second platform to deploy and manage at least one containerized software application across a cluster of the at least one database node (col. 17 lines 59-64 discloses the proxy layer is configured to authenticate connections to each client cluster, preserve security between the clusters, enforce security (e.g., encryption) within respective clusters, and manage database operations (e.g., reads, writes, or other operation) for each cluster, for example). Regarding claim 24, the combination of Beckett, JR. as modified by Horowitz discloses wherein the second platform is the same as the first platform (fig. 14 of Beckett, JR. implemented on a Microsoft platform, for example). As per claim 25, Stefanich discloses a computer-implemented method for implementing a distributed encrypted database across database nodes of a distributed server network (fig. 1 service provider server 101 may be in communication over an identity network 125 with identity provider server 103, for example and furthermore, para. 0073 discloses network 125 may involve a blockchain type of distributed ledger database wherein the ledger transactions are stored in blocks that are cryptographically secured, for example), the method comprising executing a database management system for: (figs 1 and 2 depicted user 115 operating client device 102 may logon and access an application software 120 program offered by the service provider. Client device 102 may execute a native software program, for example an Internet browser 130 or other software program, to provide the user interface, for user 115, when accessing and interacting with application software 120, for example):- configuring at least one database node of the distributed encrypted database (para. 0092 discloses service provider 101 may operate local nodes of a distributed database for authentication, for example) with a first software for providing automated failover and replication capabilities in the distributed encrypted database (fig. 1 and 6 and furthermore para. 0173 discloses Identity network 125 may be any distributed database where the networking facilities are capable of implementing the communication protocols, computational resources, data replication, and network bandwidth sufficient to support the authentication and identification functionality, for example); - integrating a second software with the database management system and encrypting data at rest in distributed encrypted database by employing the second software (fig. 9 step 910 depicted 910, the method may include reconstructing the sequence of indexed records into a single file, for example); and- integrating a third software with a first platform that is capable of authenticating users of the distributed encrypted database for controlling access to the encrypted files (fig. 1 depicted a computer system 100 includes a service provider server 101 used generally for realizing browser accessible web-based applications (“app” for short) such as email, gaming, word processing, photo editing, social media, e-commerce, and the like. Service providers typically rely on an authentication process for controlling access to their site, for example). Beckett, JR. failed to expressly failed to discloses first software for providing automated failover and replication capabilities in the distributed encrypted database. However, Horowitz discloses first software for providing automated failover and replication capabilities in the distributed encrypted database (col. 2 lines 45-53 discloses an automation agent and/or monitor agent is included on every database component being instantiated, for example, as a cloud based service. Automation agents and/or monitor agents can be configured to monitor the database for performance optimizations, administrative tasks, updates, etc., and execute any of the preceding automatically, with little or no downtime to the distributed database, and col. 3 lines 17-21 discloses the cloud system is uniquely positioned to provide database as a service and, for example, to integrate with existing MongoDB services (e.g., tools, automation, all automation/back up services, etc.) for example). Beckett, JR. as modified and Horowitz are analogous art because they both are directed to implementation of a cloud service for running, monitoring, and maintaining cloud distributed database, and one of ordinary skill in the art would have had a reasonable expectation of success to modify the teachings of Beckett, JR. with the specified features of Horowitz because they are from the same field of endeavor. In view of the above, having system of Beckett, JR. and the well-established teaching of Horowitz, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was made to modify the teachings of Beckett, JR. with the teachings of Horowitz order to provide cloud based services to run, monitor and maintain deployments of the known MongoDB database [Horowitz: col. 2 lines 25-27]. Regarding claim 26, the combination of Beckett, JR. as modified by Horowitz discloses wherein further comprising executing the database management system for retrieving at least one encryption key that is employed to encrypt the data at rest, from a centralized repository (para. 0127 of Beckett, JR. discloses client software 112 may retrieve from authenticator store 650 a plurality of previously acquired avatars and present an icon, via GUI 204, for example). Regarding claim 27, the combination of Beckett, JR. as modified by Horowitz discloses wherein the method further comprises generating at least one customized policy for centralized key management at the centralized repository, wherein the at least one customized policy is employed when retrieving the at least one encryption key from the centralized repository (para. 0127 of Beckett, JR. discloses client software 112 may invoke fingerprint engine 301 for retrieving the appropriate fingerprint raw materials, linked to the avatar during issuing (e.g., when acquired), from internal storage 655. Fingerprint engine 301 may generate a fingerprint from the retrieved raw materials and generate the appropriate fingerprint, for example). Regarding claim 28, the combination of Beckett, JR. as modified by Horowitz discloses further comprising executing the database management system for:- receiving an access request from a client device, wherein the access request comprises credentials of a user (fig. 1 of Beckett, JR. an identity software 113 program may be used by identity provider service 103 for the creation and issuance of authenticators, for example); - sending an authentication request comprising the credentials, to the first platform that is capable of authenticating users of the distributed encrypted database (fig. 1 of Beckett, JR. discloses On authenticating, the client-supplied authenticator package is decrypted and compared to ownership records on an identity network for verification and granting or denying access, for example); and - upon receiving a response indicative of successful authentication of the credentials from the first platform, granting the user with access to the encrypted files (para. 0084 of Beckett, JR. discloses authentication software 110 may associate a user's assigned memetic authenticator to service provider server 101 for granting access, for example). Regarding claim 29, the combination of Beckett, JR. as modified by Horowitz discloses further comprising executing the database management system for interacting with a second platform for deploying and managing at least one containerized software application across a cluster of the at least one database node (col. 17 lines 59-64 of Horowitz discloses the proxy layer is configured to authenticate connections to each client cluster, preserve security between the clusters, enforce security (e.g., encryption) within respective clusters, and manage database operations (e.g., reads, writes, or other operation) for each cluster, for example). Examiner applied the same motivational statement as set forth above in claim 25. As per claim 30, this claim recited of a computer program product comprising a non-transitory machine-readable data storage medium, which perform method of claim 25. Therefore, claim 30 is rejected in a similar manner as in the rejection of claim 25. Pertinent Art The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Yoon et al. (US Pub. No.: US 2020/0162238 A1) provide a method, computer system, and a computer program product for controlling access to an asset in a blockchain network. Wang et al. (US Pub. No.: US 2025/0124155 A1) a database operating method and a fully encrypted database are disclosed. The method is executed by a read node in a write once read many database and includes: receiving a reading operation request from a user, determining that a writing operation is required for a data encryption key table in response to the reading operation request; establishing a connection with a write node and forwarding the writing operation; acquiring the data encryption key table that the write node has updated based on the writing operation; generating, based on the updated data encryption key table, a reading operation response and sending the reading operation response to the user. Thus, the present disclosure proposes a write once read many solution applicable to a fully encrypted database, which solves the problem of writing encryption key information of the read node in a distributed database scenario. Barui (US Pub. No.: US 2023/0393646 A1) provider a system comprising a first database server comprising a first master database and a first user database and a second database server comprising a second master database and a second user database. The first database server is configured to select one or more encryption keys from the first master database and the first user database; generate a database backup file based on data content of the first user database and the one or more encryption keys, wherein the data content is encrypted by at least one data encryption key of the one or more encryption keys. The first database server is further configured to encrypt the one or more encryption keys with asymmetric keys or passwords and transmit the database backup file to the second database server. Tormasov et al. (US Patent No.: US 9,794,341 B2) provide a system, computer program product and method for a running process migration with planned minimized down-time. The method facilitates fast and efficient process migration by performing background data synchronization prior to actual process migration. The service slowdown is reduced by employing two-stage transfer method. During a first stage the service, being executed on the original machine, does not stop and all the available data required by this process is being copied. After the first stage is completed the service continues to be executed without an interruption, while the most of the data associated with the service process is already transferred to the new machine. During the second stage the execution of the service on the first machine is stopped. The files, which were not available during the first stage, are now copied. Then the execution of service is started on the second machine. The down-time is reduced to the duration of the second stage. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABIY GETACHEW whose telephone number is (571)272-6932. The examiner can normally be reached Mon.-Fri. 9:00 AM - 5:30 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached at (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. A.G. November 22, 2025 /ABIY GETACHEW/ Primary Examiner, Art Unit 2434