Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in responsive to RCE filed on 1/8/21. Claims 1-20 are pending.  
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
Response to Amendment
Claims 1, 16 and 20 are amended. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 1/8/21 has been entered.
 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 9-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Huang (US 2012/0258777 A1) in view of Bhatti et al. (US 2013/0326579 A1), hereinafter “Bhatti”, in further view of Bach et al. (US 2018/0129665 A1), hereinafter “Bach”.

As to claim 1, Huang discloses a method (HUANG; ¶72-73, 81, figs. 2 & 5) comprising: 
receiving, at a service broker, a request to store data in a public object storage (HUANG; ¶81- a mobile device can request services directly from the public service and storage domain, or it can request services through its ESSI, user can specify what data should be protected and stored in its ESSI. Users' private information is maintained in their corresponding Secure Storage (SS), ¶72-¶73- mobile users for storing data at the cloud public service and storage domain 206 where mobile device and its corresponding ESSI can also act like a service provider or a service broker), wherein the request includes at least one of user information and a container image (HUANG; ¶72- storing their privacy sensitive information in a public cloud where ¶81- user can specify what data should be protected and stored in its ESSI. Users' private information is maintained in their corresponding Secure Storage (SS));	determining, by the service broker, that based on the at least one of user information and the container image that data auditing is necessary (HUANG; ¶85- Fig 5, user's private information and security credentials are stored in the Security Repository (RS) managed by the ESSI mapped to the user's mobile device and the critical data is stored in the SS. ESSI classification model classifies the data as critical data or normal data and ESSI generates a masked index value for the public cloud storage for indexing purpose);
	creating, by the service broker, a storage unit in the public object storage and (HUANG; ¶85- Fig 5, If the data is classified as normal, the normal data will be sent to the public cloud storage through a masking procedure), and a storage proxy (HUANG; ¶85- Fig 5, The EDV (Encryption/Decryption/Verification) module is then used on the critical data and stores the processed data in SS);
storing, in the storage proxy, the data (HUANG; ¶85- a user's private information and security credentials are stored in the Security Repository (RS) (i.e. storage proxy) managed by the ESSI mapped to the user's mobile device and the critical data is stored in the SS).
However, Huang doesn’t explicitly disclose retrieving the data from the storage proxy by a data auditor, determining a data qualification by the data auditor and notifying the storage proxy of the data qualification by the data auditor.
 Bhatti discloses storing, in the storage proxy, the data (BHATTI; ¶85-¶86- System 600 includes an electronic medical record (EMR) where EMR  database 602 stores one or more of data, analysis output and also used to store electronic medical records); retrieving, by a data auditor, the data from the storage proxy (BHATTI; ¶31- system also analyzes access logs to derive audit data, or compliance scores indicating the level of compliance with privacy policies where each log entry includes information about an instance in which a medical provider views or modifies medical records of a patient). Fig 6 explains the system 600 includes an electronic medical record (EMR) database 602 that stores one or more of the access logs, mapped logs, reduced logs, and analysis output, an electronic medical records etc., an encryption server 608 is a server enabling encryption and decryption of the data during the communications between EMR database 602 and external devices, and a mobile healthcare server 612 provides a gateway for communications between the external devices where audit data to report suspicious activities, check violation of any privacy laws or poorly defined access rules using a policy engine 604, a policy auditor 606, a firewall 610); determining, by the data auditor, a data qualification (BHATTI; ¶73- the system uses the audit data to report suspicious activities or poorly defined access rules. The user of a compliance system may use the audit data to identify care providers whose behavior requires further scrutiny); notifying, by the data auditor, the storage proxy of the data qualification (BHATTI; ¶31, ¶63- providing a privacy compliance system, which analyzes existing access policies and derives a new access policy where ¶65- FIG. 5 shows deriving various audit data and a compliance score. ¶91- the policy auditor 606 observes and proxies accesses to EMR database 602. If an access is requested, policy auditor 606 may check with policy engine 605. If policy engine 604 determines that the access is authorized, policy auditor 606 queries the database and returns the encrypted medical record, which is decrypted by the client).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was made to implement Bhatti’s teachings into Huang’s teaching of retrieving the data from the storage proxy by a data auditor, determining a data qualification by the data auditor and notifying the storage proxy of the data qualification by the data auditor. This combination allows improvement of access policy to minimize risk of breach and/or prevent privacy breach through integrated audit and based on access control.
However, Huang- Bhatti doesn’t explicitly disclose receiving, at a service broker, a request to store data in a public object storage which includes at least one of (i) a block storage in which files are split into evenly sized blocks of data, and (ii) an object storage in which data is stored in objects in a flat structure.
In an analogous art, Bach discloses receiving, at a service broker, a request to store data in a public object storage which includes at least one of (i) a block storage in which files are split into evenly sized blocks of data, and (ii) an object storage in which data is stored in objects in a flat structure (receiving, with a processor of a computer, a request to dump datasets from one or more storage devices to the cloud storage, wherein the datasets include restricted datasets and non-restricted datasets, and wherein the restricted datasets are in a format that is not supported by the cloud storage; identifying the restricted datasets; converting the restricted datasets to a format that is supported by the cloud storage to generate converted datasets; and dumping the converted datasets and the non-restricted datasets to one container in the cloud storage, the restricted datasets are converted to a flat file with a sequential format,  the request to dump comprises a dump command with CLOUD, CONTAINER, and OBJECTPREFIX keywords, the one container (i.e. service broker stores the datasets in a flat structure i.e. single folder) comprises a folder in a cloud file system for the cloud storage. Embodiments advantageously store both the non-restricted datasets and the restricted datasets (in converted form) in one folder in the cloud storage) (Bach, ¶ [0006-0010, 0084]).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was made to implement Bach’s teachings into Huang’s- Bhatti’s teaching of receiving, at a service broker, a request to store data in a public object storage which includes at least one of (i) a block storage in which files are split into evenly sized blocks of data, and (ii) an object storage in which data is stored in objects in a flat structure. This combination allows store both restricted and non-restricted datasets to the cloud storage.

As to claim 2, Huang-Bhatti- Bach discloses the method of claim 1, wherein the data qualification is a compliance indication (BHATTI; ¶31- the system also analyzes access logs to derive audit data, or compliance scores indicating the level of compliance with privacy policies). The Examiner supplies the same rationale for the combination of references Huang-Bhatti-Bach as in Claim 1 above.

As to claim 3, Huang-Bhatti- Bach discloses the method of claim 2, further comprising: sending the data, by the storage proxy, to the storage unit (HUANG; ¶85- Fig 5, If the data is classified as normal, the normal data will be sent to the public cloud storage through a masking procedure).

As to claim 4, Huang-Bhatti- Bach discloses the method of claim 2, further comprising: sending storage unit credentials, by the service broker, to a user application, wherein the storage unit credentials include instructions for the user application to access the storage unit (HUANG; ¶85- A user's private information and security credentials are stored in the Security Repository (RS) managed by the ESSI mapped to the user's mobile device).

As to claim 9, Huang-Bhatti- Bach discloses the method of claim 1, wherein the request is sent by a user of an application (HUANG; ¶39- One or more software components 108 may be controlled by the application root, which is the part of the application that provides the user interfaces and issues requests to the software components.).

As to claim 10, Huang-Bhatti- Bach discloses the method of claim 1, wherein the request is automatically sent by an application (HUANG; ¶90- Running more applications will increase the threats of malware that can be installed in the smart devices and then jeopardize the critical information processed in the device).

As to claim 11, Huang-Bhatti- Bach discloses the method of claim 1, further comprising: labeling, by an administrator, the container image with at least one workload type, wherein the at least one workload type corresponds to a category of information within the container image (HUANG; ¶81- The user can specify what data should be protected and stored in its ESSI. Users' private information is maintained in their corresponding Secure Storage (SS)).

As to claim 12, Huang-Bhatti- Bach discloses the method of claim 11, wherein the workload type is at least one of financial information, medical records, credit card numbers, banking information, telephone numbers, data mining information, email addresses, personal home addresses, personal records, relationship information, and source code (BHATTI; ¶39- each log entry includes the date and time of the access, the name or identification of the care provider, the department and the responsibility of the care provider, the name or identification of the patient, the identification of the screen, the name or identification of the specific medical record, and the type of action that the provider performed on the record). The Examiner supplies the same rationale for the combination of references Huang-Bhatti- Bach as in Claim 11 above.

As to claim 13, Huang-Bhatti- Bach discloses the method of claim 11, further comprising: reading, by the storage proxy, the workload type, and sending, by the storage proxy, the data to a first data auditor of a plurality of data auditors (HUANG; ¶51- the MobiCloud framework for network virtualization through setting up multiple VTaPDs is that it may facilitate provisioning of prioritized critical/emergency services in a network and ¶85- provides different the masking procedure according to the level of the criticality of the data).

As to claim 14, Huang-Bhatti- Bach discloses the method of claim 1, further comprising: preconfiguring, by an administrator, rules within the data auditor, wherein the rules determine the data qualification (BHATTI; ¶73- the system uses the audit data to report suspicious activities or poorly defined access rules. The user of a compliance system may use the audit data to identify care providers whose behavior requires further scrutiny). The Examiner supplies the same rationale for the combination of references Huang-Bhatti- Bach as in Claim 1 above.

As to claim 15, Huang-Bhatti- Bach discloses the method of claim 1, further comprising: monitoring, by the storage proxy, the data to ensure that data stored within the storage proxy reflects data updates (HUANG; ¶89- each mobile node only needs to monitor the connectivity and channel quality to its neighboring nodes and updates this information to its ESSI (Extended Semi-Shadow Image) in the Cloud. The Cloud will perform routing and inform the node on how to forward packets).

Claims 16-19 list all the same elements of claims 1-2, 4 and 13 but in a system comprising: one or more processors (HUANG; ¶72-73, 81, figs. 2 & 5); a storage unit (HUANG; ¶72-73, 81, figs. 2 & 5); a storage proxy (HUANG; ¶72-73, 81, figs. 2 & 5); a data auditor (BHATTI; ¶63, 73); a service broker executing on the one or more (HUANG; ¶72-73, 81, figs. 2 & 5), wherein the service broker is configured to: the system to carry out the steps of rather than method form.  Therefore, the supporting rationale of the rejection to claims 1-2, 4 and 13 applies equally as well to claims 16-19.

Claim 20 list all the same elements of claim 1 but in a non-transitory machine readable medium storing instruction, which when executed by one or more physical processors, is configured to (HUANG; ¶72-73, 81, figs. 2 & 5) to carry out the steps of rather than method form.  Therefore, the supporting rationale of the rejection to claim 1 applies equally as well to claim 20.

Claims 5-7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Huang (US 2012/0258777 A1) in view of Bhatti et al. (US 2013/0326579 A1), hereinafter “Bhatti”, in further view of Bach et al. (US 2018/0129665 A1), hereinafter “Bach” as applied above, in further view of Roth et al. (US 2015/0019858 A1), hereinafter “Roth”.

As to claim 5, Huang-Bhatti- Bach discloses the method of claim 1, but does not explicitly disclose the data qualification is a flag, and wherein the flag indicates that the data includes information that should not be stored in the storage unit.
	In an analogous art, Roth discloses wherein the data qualification is a flag, and wherein the flag indicates that the data includes information that should not be stored in the storage unit (ROTH; ¶67-¶68- if it is determined 804 that the request is not authentic or otherwise that the request should not be fulfilled, the process 800 may include denying 818 the request regarding to store data 802).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was made to implement Roth‘s teachings into Huang-Bhatti’s- Bach teaching of wherein the data qualification is a flag, and wherein the flag indicates that the data includes information that should not be stored in the storage unit. This combination ensures that access to the data is authorized and secured in an efficient manner.

As to claim 6, Huang-Bhatti- Bach-Roth discloses the method of claim 5, further comprising: sending, by the storage proxy, a notification of noncompliance to at least one of an administrator and an application (ROTH; ¶82-¶83- a storage service proxy (or proxy for another service) may actively make decisions where to store data based at least in part on various factors. For example, some customers may request through an account configuration or as a parameter in an API call, that their data be stored in a particular zone and a customer receives responses from a storage service proxy where aappropriateness may be determined in accordance with DLP policy, customer preferences, account configuration, API call parameters and the like.). The Examiner supplies the same rationale for the combination of references Huang-Bhatti- Bach-Roth as in Claim 5 above.

As to claim 7, Huang-Bhatti- Bach -Roth discloses the method of claim 5, further comprising: stopping, by the storage proxy, the data from being sent to the (ROTH; ¶61- Denying the request may also include simply inaction such as not responding to the request). The Examiner supplies the same rationale for the combination of references Huang-Bhatti- Bach-Roth as in Claim 5 above.

Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Huang (US 2012/0258777 A1) in view of Bhatti et al. (US 2013/0326579 A1), hereinafter “Bhatti”, in further view of Bach et al. (US 2018/0129665 A1), hereinafter “Bach” as applied above, in further view of Raghavendra et al. (US 2016/0371134 A1), hereinafter “Raghavendra”.
As to claim 8, Huang-Bhatti- Bach discloses the method of claim 1, but does not explicitly disclose the data qualification is a flag, and wherein the flag indicates that the data includes information that should not be stored in the storage unit.
	In an analogous art, Raghavendra discloses the data qualification is a flag, and wherein the flag indicates that the data includes information that should not be stored in the storage unit (RAGHAVENDRA; ¶19, ¶24- Domain Name System (DNS) server 114 resolves domain and host names into IP addresses for all roles, applications, and services in datacenter where the DNS server create log that is resolving names and addresses for the roles in the system being analyzed. Each time a name is resolved, which indicates that a service or role is communicating with that endpoint, a monitoring agent on the DNS server may update the DNS Log 202).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention was made to implement Raghavendra ‘s teachings into Huang-Bhatti’s- Bach teaching of the data qualification is a flag, and 


Response to Arguments

Response to 103 rejections applicant’s amendments to the claim change the scope. Therefore, amended claims necessitated new ground(s) of rejections presented in this office action in view of Bach et al. (US 2018/0129665 A1), have been introduced to address amended. Applicant’s arguments have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection. 

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HITESH R PATEL whose telephone number is (571)270-5442.  The examiner can normally be reached on Monday-Friday 7am-3pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





                                                                                                                                                                                                       /Hitesh Patel/Primary Examiner, Art Unit 2419                                                                                                                                                                                                        
2/4/21