Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restrictions
2.    NO restrictions warranted at initial time of filing for patent.

Priority
3.    Applicant claims domestic priority under 35 USC 119e to provisional application filed on 06/08/2018.
Information Disclosure Statement
4.    The information disclosure statement (IDS) submitted on 12/30/2020, 08/17/2020, and 05/14/2019, the submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Oath/Declaration
5.    Applicant’s Oath was filed on 02/13/2019.

Drawings
6.    Applicant’s drawings filed on 02/13/2019 has been inspected and is in compliance with MPEP 608.01.
Specification
7.    Applicant’s specification filed on 02/13/2019 has been inspected and is in compliance with MPEP 608.02.
Claim Objections
8.    NO objections warranted at initial time of filing for patent.

Remarks
9.	Examiner request Applicant review relevant prior art under the conclusion of this office action.

EXAMINER'S AMENDMENT
10.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

11.	Authorization for this examiner’s amendment was given in an interview with Wayne Bradley on 2/4/2021.

The application has been amended as follows: 
1. (Currently Amended) A system comprising:
a computing device comprising a frontend and a backend, wherein the frontend is a virtual frontend filesystem that is configured is a virtual backend filesystem that comprises a plurality of buckets; and 
a plurality of storage devices, wherein:
each bucket of the plurality of buckets is configured a plurality of failure resilient address spaces across a plurality of storage blocks, 
each storage block of a failure-protected stripe is located in a different storage device of the plurality of storage devices, 
the encrypted data is stored in a file in one or more failure-protected stripes,
the computing device is in a cluster of computing devices, 
the cluster of computing devices is associated with a cluster key,
the computing device registers a long-term key with a leader of the cluster when the computing device joins the cluster of computing devices, and
prior to a transfer of the data, a session key is negotiated using an ephemeral key pair signed with the long-term key.


2.  (Currently Amended) The system of claim 1, wherein the frontend is operable to decrypt data as it leaves the system.



4.  (Original) The system of claim 3, wherein the file key is rotated when the file is copied.

5.  (Original) The system of claim 3, wherein all failure-protected stripes built by the plurality of buckets in the backend are associated with a filesystem key.

6.  (Original) The system of claim 5, wherein the file key is encrypted by the filesystem key.

7.  (Original) The system of claim 5, wherein the file key is re-encrypted when the filesystem key is rotated.

8-10. (Cancelled)

11.  (Currently Amended) A method comprising:
opening a data file for a write access to a filesystem on a computing device, wherein:
the computing device comprises a frontend, a backend and a plurality of storage devices,
the frontend is a virtual frontend filesystem,
is a virtual backend filesystem that comprises a plurality of buckets, 
each bucket of the plurality of buckets is configured to a plurality of failure resilient address spaces across a plurality of storage blocks, 
each storage block of the plurality of storage blocks in a failure-protected stripe is located in a different storage device of the plurality of storage devices,
the computing device is in a cluster of computing devices, and
the cluster of computing devices is associated with a cluster key;
registering a long-term key, of the computing device, with a leader of the cluster when the computing device joins the cluster of computing devices,
negotiating a session key using an ephemeral key pair signed with the long-term key;
encrypting data in the frontend using the session key;
transferring the data encrypted by the session key to the computing device;
writing the encrypted data to the data file in one or more failure-protected stripes built by one or more buckets of the plurality of buckets; and
closing the data file. 

12.  (Currently Amended) The method of claim 11, wherein the frontend is operable to decrypt data as it is read.



14.  (Original) The method of claim 13, wherein the method comprises rotating the file key by copying the data file.

15.  (Original) The method of claim 13, wherein all failure-protected stripes built by the plurality of buckets in the backend are associated with a filesystem key.

16.  (Original) The method of claim 15, wherein the file key is encrypted by the filesystem key.

17.  (Original) The method of claim 15, wherein the method comprises re-encrypting the file key when the filesystem key is rotated.

18-20 (Cancelled)

Reasons for Allowance
12.	Claims 1-7 and 11-17 including all of the limitations of the base claim and any intervening claims are allowed.


Closest Prior Art:
U.S. Publication No. 20170052847 see abstract (A plurality of computing devices are communicatively coupled to each other via a network, and each of the plurality of computing devices comprises one or more of a plurality of storage devices. A plurality of failure resilient address spaces are distributed across the plurality of storage devices such that each of the plurality of failure resilient address spaces spans a plurality of the storage devices. Each one of the plurality of failure resilient address spaces is organized into a plurality of stripes.)Filed on 8/22/2016 and Published on 2/23/2017. Paragraph 0021 “FIG. 1 illustrates various example configurations of a virtual file system in accordance with aspects of this disclosure. Paragraph 0032 “Each VFS front end instance 220.sub.s (s an integer, where 1.ltoreq.s.ltoreq.S if at least one front end instance is present on compute node 104.sub.n) provides an interface for routing file system requests to an appropriate VFS back end instance (running on a VFS node), where the file system requests may originate from one or more of the client processes 218, one or more of the VMs and/or containers 216, and/or the OS and/or hypervisor 212.” Paragraph 0038 “Each VFS front end instance 220.sub.w (w an integer, where 1.ltoreq.w.ltoreq.W if at least one front end instance is present on VFS node 120.sub.j)provides an interface for routing file system requests to an appropriate VFS back end instance (running on the same or a different VFS node), where the file system requests may originate from one or more of the client processes 218, one or more of the VMs and/or containers 216, and/or the OS and/or hypervisor 212.” Paragraph 0044-0046 “As shown in FIG. 5A, the physical storage is organized into a plurality of distributed failure resilient address spaces (DFRASs) 514. In each of which comprises a 

U.S. Publication No. 20140229737 discloses on paragraph 0079 “As illustrated in FIG. 7, the data service frontend is configured to provide encrypted information to the data service backend storage system for storage. In this example, the data service frontend is configured to provide a data object encrypted under a key and the key encrypted under another key having a KeyID.”

U.S. Publication No. 20150347765 discloses on paragraph 0069 “As alluded to above, the storage may be "bucketed" separately per user account, per user, and/or in some other way, in certain example embodiments, e.g., to help reduce the incidence of data comingling. This may be facilitated in certain example embodiments by virtue of the cloud-based storage system used. However, in certain example embodiments, the same hardware backing may be used, but security controls may be implemented (e.g., through the access control layer 112) to help ensure that users cannot access files in different "logical buckets." In certain example embodiments, data at rest in the data store 114 may be encrypted using any suitable technique. In certain example embodiments, a key rotation scheme may be implemented, e.g., to help reduce the risk from keys being compromised and to promote forward security.” Paragraph 0185 “However, according to certain example embodiments, a file system associated with the data store may be unrelated to virtual file structures, except that (a) the assets of any given top-level account may be preferentially grouped together on one or more common nodes by the secure file transfer system and/or the file system, and (b) the assets may be "bucketized" for different accounts.”

 	The following is an Examiner’s Statement of Reasons for Allowance: 
 	Claims 1-7 and 11-17 are allowable over prior art references taken individually or in combination fails to particularly disclose, fairly suggests or render obvious are argued by the applicant which examiner considers persuasive as set forth above.
Although the prior art discloses encrypting data, have a plurality of store devices,  each storage block of a failure-protected stripe is located in a different storage device of the plurality of storage devices, the encrypted data is stored in a file in one or more failure-protected stripes, no one or two references anticipates or obviously suggest a computing device comprising a frontend and a backend, wherein the frontend is a virtual frontend filesystem that is configured encrypt data as it enters the system, and wherein the backend is a virtual backend filesystem that comprises a plurality of buckets. 
Furthermore, the encrypted data is stored in a file in one or more failure-protected stripes, the computing device is in a cluster of computing devices, the cluster of computing devices is associated with a cluster key, the computing device registers a long-term key with a leader of the cluster when the computing device joins the cluster of computing devices, and prior to a transfer of the data, a session key is negotiated using an ephemeral key pair signed with the long-term key.


 Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192.  The examiner can normally be reached on Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/GARY S GRACIA/Primary Examiner, Art Unit 2491