DETAILED ACTION
1.	Claims 1-3, 5-14, 16-22 are pending in this examination.
Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Continued Examination Under 37 CFR 1.114
4.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission has been entered. 
Response to Arguments
5.	Applicant's arguments have been considered but are moot in view of the new ground(s) of rejection.  
Claim Rejections - 35 USC § 103
6.1.	The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.


6.2.	Claims 1-2, 9-11, 13, 18-19, 21 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Application No. 20190155919 to Kaul et al (“Kaul”) and in view of US Patent No. 10783269 issued to Shraer et al (“Shraer”) further in view of “A secure data deduplication framework for cloud environments” by Rashid et al. (“Rashid”).
As per claim 1, Kaul discloses an apparatus comprising: a storage system comprising deduplication control logic configured to perform one or more deduplication operations on encrypted datasets received for form a plurality of tenants and store at least a portion of the encrypted datasets ([0040]-[0044], also see [0037], also see figs. 1-2 and associated texts, deduplication program 110B may execute the converted query on server 112 and return only an encrypted deduplicated data of interest that includes a deduplication map, encrypted deduplication data, and encrypted plain data);
a cryptographic module associated with the storage system, the cryptographic module configured to, in response to a request to access an encrypted dataset stored by the storage system corresponding to a given one of the plurality of tenants ([0019], also see [0040], client computing device may cause the server to determine the corresponding encrypted plain data blocks and the encrypted deduplicated data blocks that are relevant to the query based on the deduplication map, and send the relevant data for decryption on the client computing device);

Kaul does not explicitly disclose however in the same field of endeavor, Shraer discloses the datasets having been encrypted for respective ones of the plurality of tenants using a common encryption key shared amongst the respective ones of the plurality of tenants:  ([30:1-35]) also see 12:55-67, asset can be stored in an encrypted format in a private cloud database associated with each user account that has access to the asset. The record can be specifically encrypted for each account, such that the multiple references to the same asset will have different and user specific cipher text.
a cryptographic module associated with the storage system, the cryptographic module configured to
wherein the storage system is further configured to send the further encrypted dataset to the given one of the plurality of tenants that requested access (30:10-15, also see 28:11-25).

Kaul does not explicitly disclose however in the same field of endeavor, Rashid discloses wherein the storage system is non-trusted and thereby not in possession of a decryption key corresponding to the common encryption key (section V; section III(B) page 84, also see section IV(B)page 86).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kaul with the teaching of Shraer /Rashid by including the feature of non-trusted cloud, in order for Kaul’s system 
 As per claim 2, the combination of Kaul, Shraer and Rashid discloses the apparatus of claim 1, wherein the common encryption key is a public key obtainable by each of the plurality of tenants (Shraer, 12:55-67, of the devices attached to an account can share a common set of keys protecting the cloud storage zone used for short term and archiving purposes). The motivation regarding the obviousness of claim 1 is also applied to claim 2. 
As per claim 9, the combination of Kaul, Shraer and Rashid discloses the apparatus of claim 1, wherein the plurality of tenants are associated with one or more host devices configured to communicate over a network with the storage system (Shraer, 11:56-67). The motivation regarding the obviousness of claim 1 is also applied to claim 9.

As per claim 19, the method comprising: sending the encrypted dataset to a storage system configured to perform one or more deduplication operations on encrypted datasets received for the plurality of tenants and store at least a portion of the encrypted datasets (Kaul,[0019], also see ([0040]-[0044], [0037], client computing device may cause the server to determine the corresponding encrypted plain data blocks and the encrypted deduplicated data blocks that are relevant to the query based on the deduplication map, and send the relevant data for decryption on the client computing device). 
wherein the method is implemented by at least one processing device comprising a processor coupled to a memory (Kaul [0057]).
Kaul does not explicitly disclose however in the same field of endeavor, Shraer discloses encrypting a dataset associated with a given tenant of a plurality of tenants using an encryption key common to the plurality of tenants (Shraer,  12:55-67, of the devices attached to an account can share a common set of keys protecting the cloud storage zone used for short term and archiving purposes);
sending a request to access the encrypted dataset stored by the storage system corresponding to the given tenant (Shraer, 30:10-15, also see 28:11-25); and
receiving the encrypted dataset from the storage system, the encrypted dataset having been further encrypted by the storage system by performing an additional encryption operation on the encrypted data set using a tenant encryption key dedicated 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kaul with the teaching of Shraer by including the feature of additional encryption, in order for Kaul’s system to decrypting the asset and verify the authenticity of the asset. in addition to storing the encrypted (or re-encrypted) asset on the cloud storage system, the logic 1500 can also store a reference count for the encrypted asset, as shown at 1508. The reference count can be used track the number of outstanding references to the asset. Once the number of references is decremented to zero, the asset may be deleted during a garbage collection operation. The logic 1500 can then perform an atomic operation to both create an encrypted record to enable access to the encrypted asset and increment the reference count associated with the asset, as shown at 1510. The logic 1500 can then provide a record identifier to the originator device to enable retrieval of the encrypted record, as shown at 1512. The encrypted record can enable multiple users to access to the encrypted asset without storing multiple instances of the encrypted asset on the cloud storage system (Shraer, 31:15-30).
Kaul does not explicitly disclose however in the same field of endeavor, Rashid discloses wherein the storage system is non-trusted and thereby not in possession of a 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kaul with the teaching of Shraer /Rashid by including the feature of non-trusted cloud, in order for Kaul’s system to employing data deduplication techniques without giving them access to either the users’ plaintexts or the users’ decryption keys. Our framework uses an efficient deduplication algorithm to divide a given file into smaller units. These units are then encrypted by the user using the combination of a secure hash function and a block encryption algorithm. An index tree of hash values of these units is also generated and encrypted using an asymmetric search encryption scheme by the user. This index tree will enable the cloud service provider to search through the index and return the requested units. We will show that our proposed framework will allow cloud service and storage providers to employ data deduplication techniques without giving them access to either the users’ plaintexts or the users’ decryption keys (Rashid, Abstract).

Claims 11, 13, 19, 21 are rejected for similar reasons as stated above.

6.3.	Claims 3 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Kaul, Shraer and Rashid as applied to claim above, and  in view of “Zero knowledge based client side deduplication for encrypted files of secure cloud storage in smart cities” by Yang et al (“Yang”).

As per claim 3, the combination of Kaul, Shraer and Rashid discloses the invention as described above Kaul, Shraer and Rashid does not explicitly disclose however the same field of endeavor, Yang discloses the apparatus of claim 2, wherein a private key to decrypt the encrypted datasets received for the plurality of tenants, corresponding to the common public encryption key, is   to the storage system and the plurality of tenants (Yang, Abstract, page, 246-1st para, Zero Knowledge profs of ownership). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kaul with the teaching of Yang by including the feature of inaccessibility, in order for Kaul’s system to using proofs of file ownership and key distribution thought by Yang. It consists of the proofs of file ownership and key distribution. First, we use zero-knowledge proof to achieve encrypted file deduplication. It enables the client to prove his file ownership via the original file without leaking any secret to the server during the interactive proof while the server only stores the encrypted files (Yang, page, 245).
Claim 14 is rejected for similar reasons as stated above.

6.4.	Claims 5-8, 12, 16-17, 20, 22  are rejected under 35 U.S.C. 103 as being unpatentable over Kaul, Shraer and Rashid as applied to claim above, and in view of US Patent  No. 9779269 issued to Perlman et al (“Perlman”).

	As per claim 5, the combination of Kaul, Shraer and Rashid discloses the invention as described above Kaul, Shraer and Rashid does not explicitly disclose however the same field of endeavor, Perlman discloses the apparatus of claim 1, wherein the tenant encryption keys are obtained from a trusted key management entity (Perlman, 4:44-52). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kaul with the teaching of Perlman by including the feature of keys, in order for Kaul’s system to configured to obtain a plurality of data encryption keys used to encrypt respective ones of the data items for storage in the storage system and a plurality of tenant keys for respective ones of the tenants. A given one of the data items is encrypted using a particular one of the data encryption keys. The given data item as stored for a given one of the tenants has associated metadata that includes the particular data encryption key encrypted using the tenant key of the given tenant. Such an arrangement allows for efficient deduplication. For example, a single copy of the given data item can be stored for multiple ones of the tenants by appropriate configuration of the metadata associated with the given data item (Perlman, abstract).
 As per claim 6, the combination of Kaul, Shraer, Rashid and Perlman discloses the apparatus of claim 1, wherein each tenant encryption key has a corresponding tenant decryption key that serves to decrypt the dataset (Perlman, 5:58-67-6:1-10). The motivation regarding the obviousness of claim 5 is also applied to claim 6.

As per claim 8, the combination of Kaul, Shraer, Rashid and Perlman discloses the common encryption key, each tenant encryption key, and each corresponding tenant decryption key are formed using a Rivest-Shamir-Adleman (RSA) based cryptographic algorithm (APPLICANT ADMITTED PRIOR ART (AAPA)).
As per claim 12, the combination of Kaul, Shraer, Rashid and Perlman discloses the method of claim 11, wherein the further encrypting step is performed by a cryptographic module associated with the storage system (Perlman, 8:52-65). The motivation regarding the obviousness of claim 5 is also applied to claim 12.
Claims 16-17, 20, 22 are rejected for similar reasons as stated above.

7.	The prior art made of record and relied upon is considered pertinent to applicant's disclosure as the prior art discloses many of the claim features (See PTO-form 892). 

a).  US Patent Application No. 20170193032 to Kim et al discloses in a client, an encryption key is created using plain text data, a first tag is created using the encryption key, and the plain text data are encrypted under the encryption key to create encrypted data. The first tag is transmitted to the server to confirm whether the encrypted data is duplicated and after transmitting the first 

b).  US Patent Application No. 20170346625 to Yan et al discloses an approach is provided for managing data duplication in cloud computing. A method comprising, sending from a first device to a data center, data encrypted with a data encryption key for storing the encrypted data at the data center; encrypting the data encryption key according to an attribute-based encryption (ABE) scheme by using identity as an attribute in a deduplication policy for the data; issuing to a second device, a personalized secret attribute key which is derived from a public key of the second device according to the attribute-based encryption (ABE) scheme, wherein the personalized secret attribute key is to be used for decrypting the encrypted data encryption key at the second device, in combination with the policy.

Conclusion
8.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195.  The examiner can normally be reached on 9 AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


HARUNUR . RASHID
Primary Examiner
Art Unit 2497



/HARUNUR RASHID/Primary Examiner, Art Unit 2497