DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 01/15/ 2021. Claims 1-2, 9-10, 12, 18-19, 21 are amended. Claims 3, 11, 14, 17, and 20 are cancelled. Claims 1-2, 4-10, 12-13, 15-16, 18-19, and 21-22 are pending in this examination.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 
Examiner Note
Applicant is encouraged to schedule an interview with the examiner prior to the next communication to compact prosecution of the case.
Response to Argument
Applicant’s arguments with respect to independent claims for newly added limitation have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to 


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-2, 4-6, 12-13, 15-16, 18-19,  and 22 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US2014/0189348) issued to EL-Shimi and in view NPL by Ted Krovetz (UMAC: Message Authentication Code using Universal Hashing) hereinafter referred to as Krovetz (UMAC) and further in view of US Patent No. (US9, 983,827) issued to Tsirkin.
Regarding claim 1, EL-Shimi discloses a method of providing secure data deduplication in a data storage system, the data storage system including a storage processor and a memory, the method comprising [¶6, a network resource is configured to store the non-redundant data blocks, while encrypted, for a number of domains, by encrypting file data for one domain with a different deduplication domain-based cryptographic key than another domain.  In one aspect, authentication values, for instance, lookup hash values are computed on the encrypted non-redundant data blocks.  For this reason, the deduplication service running on the network resource validates data integrity on encrypted data instead of unencrypted or clear data]; and
	   receiving, at the storage processor, data for storage in one or more storage resources of the respective deduplication domain [¶1, as each organization grows, reducing total storage space is a substantial concern.  Data deduplication generally refers to detecting, uniquely identifying and eliminating redundant data blocks and thereby reducing the physical amount of bytes of data that need to be stored on disk or transmitted across a network.  Implementing data deduplication results in considerable savings in the amount of bytes which need to be stored and/or transferred between storage devices], and [¶¶17, 28]; and
segmenting the data into a plurality of data segments [Abstract, Files are partitioned into data blocks and de-duplicated via removal of duplicate data blocks], and
 for at least a respective data segment from among the plurality of data segments, obtaining a keyed hash value for the respective data segment, inputting only the respective data segment and the key  for the respective deduplication domain into a universal hash function to obtain keyed hash value [¶17, For each data block, the example component generates a corresponding cryptographic key based upon that data block's content, either directly or indirectly via a hash-based authentication code, and another cryptographic key, which may be a deduplication domain-based cryptographic key], and [¶25, an integration component 112 is configured to use any of these domain-based keys to produce a hash-based authentication code, for example, a hash-based message authentication code (HMAC), for validating various data corresponding to one or more data blocks of the file data 108, including the metadata 114 (e.g., an offset, a size in number of bytes and/or the like),lookup hash values and/or other cryptographic keys], and  [¶26, The integration component 112 may use a first deduplication domain-based cryptographic key and an example data block's content to compute a first hash-
 maintaining the obtained keyed hash value for the respective data segment in an index table for the respective deduplication domain [¶17, One example component uses lookup hash values to identify which data blocks of a given file are duplicates of previously de-duplicated data blocks and then, omit any such data block from further compression, communication and/or storage], and Only a computing device within a same domain controls encryption/decryption of the duplicate data block.  One example implementation uses lookup hash values to identify the non-duplicate data blocks prior to the encryption of these data blocks.  Another example implementation identifies the non-duplicate data blocks with lookup hash values that are computed on the encrypted data blocks], and [¶47, hash index, lookup hash value]. 
and performing a data deduplication operation on the respective data segment using the keyed hash value for the respective data segment [¶26, the integration component 112 may use a first deduplication domain-based cryptographic key and an example data block's content to compute a first hash-based authentication code, which may be used as a lookup hash value for determining whether another data block is identical to that data block].
EL-Shimi does not explicitly disclose, however, Krovetz discloses with smaller hash value [Abstract, This specification describes how to generate an authentication tag using the UMAC message authentication algorithm. UMAC is designed to be very fast to compute in software on contemporary uniprocessors. Measured speeds are as low as one cycle per byte. UMAC relies on addition of 32-bit and 64-bit numbers and multiplication of 32-bit numbers, operations well supported by contemporary machines. To generate the authentication tag on a 
using a Universal hashing-based Message Authentication Code (UMAC) [Abstract, This specification describes how to generate an authentication tag using the UMAC message authentication algorithm. UMAC is designed to be very fast to compute in software on contemporary uniprocessors. Measured speeds are as low as one cycle per byte. UMAC relies on addition of 32-bit and 64-bit numbers and multiplication of 32-bit numbers, operations well supported by contemporary machines. To generate the authentication tag on a given message, a "universal" hash function is applied to the message and key to produce a short, fixed-length hash value, and this hash value is then XORed with a key-derived pseudorandom pad. UMAC enjoys a rigorous security analysis, and its only internal "cryptographic" component is a block cipher used to generate the pseudorandom pads and internal key material], and [Page 10, section 4.2, UMAC-32, UMAC-64, UMAC-96, and UMAC-128].
	obtaining a keyed hash value for the respective data segment having an acceptable probability of accidental collision for secure data deduplication as:
	[ Page 17,  3rd paragraph, The core of the UMAC design, the UHASH function, does not depend on cryptographic assumptions: its strength is specified by a purely mathematical property stated in terms of collision probability, and this property is proven unconditionally [3, 6]. This means the strength of UHASH is guaranteed regardless of advances in cryptanalysis.], rd paragraph, collision probabilities], and [see Pages 17-19, Tag lengths and forging palpability, collision probabilities].
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of EL-Shimi with the teaching of Krovetz in order to implement a UMAC algorithm which is designed to produce 32-, 64-, 96-,
or 128-bit tags, depending on the desired security level for high performance [Krovetz, Introduction, Page 3].
	randomly generating a plurality of noncryptographic keys for a plurality of domains, respectively, the plurality of noncryptographic keys including a randomly generated noncryptographic key for a respective domain from the plurality of deduplication domains.
	Even though El-Shimi discloses this limitation as: [¶24, an example deduplication domain may refer to an entire enterprise or a specific group or sub-group with that enterprise as defined by the enterprise's computing environment administrator.  Each such secret key, hence, may be used by each entity within that domain ].
	And Krovetz discloses this limitation as: [Page3, 2nd paragraph, Security depends on the sender and receiver sharing a randomly chosen secret hash function and pseudorandom pad. This is achieved by using keyed hash function H and pseudorandom function F. A tag is generated by performing the computation Tag = H_K1(M) xor F_K2(Nonce) where K1 and K2 are secret random keys shared by sender and receiver, and Nonce is a value that changes with each generated tag].
	El-Shimi and Krovetz do not explicitly disclose this limitation, however, Tsirkin discloses [ see FIGS. 2-4 and corresponding text for more details, Col. 5.lines 52-67- Col. 9 Applications 120, 122 and associated first memory 210 and second memory 213( equated to plurality of domains ), Deduplication module 130, Key generator 204(application 120 generates key 206 and stores it in memory 108 or operating system 102 generates a random number and sends this to application 120 as key 206),Keys 206 and 214)]. 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of EL-Shimi and Krovetz with the teaching of Tsirkin in order to allocate first and second applications running on an operating system with first key and second keys for deduplication of one or more memory pages [Tsirkin, Abstract].
Regarding claim 2, EL-Shimi discloses wherein the inputting of the respective data segment  and the key into the universal hash function includes generating the hash value for respective data segment [¶17, One example component uses lookup hash values to identify which data blocks of a given file are duplicates of previously deduplicated data blocks and then, omit any such data block from further compression, communication and/or storage.  For each data block, the example component generates a corresponding cryptographic key based upon that data block's content, either directly or indirectly via a hash-based authentication code, and another cryptographic key, which may be a deduplication domain-based cryptographic key], and [¶¶5, 19].
	            EL-Shimi and Tsirkin do not explicitly disclose, however, Krovetz (UMAC) discloses using a Universal hashing-based Message Authentication Code (UMAC) [Abstract, This specification describes how to generate an authentication tag using the UMAC message authentication algorithm. UMAC is designed to be very fast to compute in software on contemporary uniprocessors. Measured speeds are as low as one cycle per byte. UMAC relies on 
Examiner Note: El-Shimi also discloses HMAC as: [¶25, an integration component 112 is configured to use any of these domain-based keys to produce a hash-based authentication code, for example, a hash-based message authentication code (HMAC), for validating various data corresponding to one or more data blocks of the file data 108, including the metadata 114 (e.g., an offset, a size in number of bytes and/or the like),lookup hash values and/or other cryptographic keys].
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of EL-Shimi and Tsirkin with the teaching of Krovetz (UMAC) in order to implement a UMAC algorithm which is designed to produce 32-, 64-, 96-, or 128-bit tags, depending on the desired security level for high performance [Krovetz, Introduction, Page 3].
		El-Shimi and Krovetz do not explicitly disclose, however, Tsirkin discloses and the randomly-generated noncryptographic key generated for the respective deduplication domain [ see FIGS2-4 and corresponding text for more details, Col. 5.lines 52-67- Col. 9 lines  1-27], Applications 120, 122 and associated first memory 210 and second memory 213( equated to plurality of domains ), Deduplication module 130, Key generator 204(application 120 a random number and sends this to application 120 as key 206),Keys 206 and 214)]. 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of EL-Shimi and Krovetz with the teaching of Tsirkin in order to allocate first and second applications running on an operating system with first key and second keys for deduplication of one or more memory pages [Tsirkin, Abstract].
Regarding claim 4, EL-Shimi discloses wherein the storage processor includes a memory, and wherein the method further comprises: storing the index table in the memory of the data storage system[¶47,   Step 508 determines whether the corresponding lookup hash values match any hash values in a deduplication hash index.  The deduplication service (at network resources (104), see FIG.1), in one example implementation, persists a lookup hash value associated with each deduplicated data block in the deduplication hash index.  By maintaining such an index, the deduplication service may determine whether the one or more secure data blocks are stored in the network resource without re-computing a previously deduplicated data block's lookup hash value], and [¶57].
Regarding claim 5, EL-Shimi discloses wherein the storage resources of the deduplication domain are located in a storage pool, and wherein the method further comprises: storing the index table in the same storage pool as the storage resources of the deduplication domain [¶47,   Step 508 determines whether the corresponding lookup hash values match any hash values in a deduplication hash index.  The deduplication service (at network resources (104), see FIG.1), in one example implementation, persists a lookup hash value associated with each deduplicated data block in the deduplication hash index.  By 
Regarding claim 6, EL-Shimi discloses wherein the performing of the data deduplication operation includes: comparing the keyed hash value for the respective data segment with the respective keyed hash values maintained in the index table; and determining whether the keyed hash value for the respective data segment matches any of the respective keyed hash values maintained in the index table [¶37, lookup hash list 308 for matching data blocks], and [¶39, The deduplication service also may use the lookup hash values to validate a previously de-duplicated data block, which, for instance, became tainted or corrupted data block.  To illustrate, even if the deduplication service indicates a matching lookup hash value for an example requested encrypted data block, there is a possibility that a matching de-duplicated data block is corrupted and/or uploaded by an adversary.  To validate the matching de-duplicated data block's integrity, another hash value is computed on the encrypted data block content from that data block with the same cryptographic key used to compute the lookup hash value…], and [¶47, Step 508 determines whether the corresponding lookup hash values match any hash values in a deduplication hash index…].
Claims 12 and 18 are interpreted and rejected for the same rational set forth in claim 1.
Claims 13 and 19 are interpreted and rejected for the same rational set forth in claim 2.
Claim 15 is interpreted and rejected for the same rational set forth in claim 4.
Claim 16 is interpreted and rejected for the same rational set forth in claim 5.
Regarding claim 22, EL-Shimi and Tsirkin do not explicitly disclose, however, Krovetz (UMAC) discloses wherein the representing of the keyed hash value for the respective data segment includes representing the keyed hash value for the respective data segment by a number of bits selected from the group consisting of 32, 64, and 96 [Abstract, This specification describes how to generate an authentication tag using the UMAC message authentication algorithm. UMAC is designed to be very fast to compute in software on contemporary uniprocessors. Measured speeds are as low as one cycle per byte. UMAC relies on addition of 32-bit and 64-bit numbers and multiplication of 32-bit numbers, operations well-supported by contemporary machines. To generate the authentication tag on a given message, a "universal" hash function is applied to the message and key to produce a short, fixed-length hash value, and this hash value is then XORed with a key-derived pseudorandom pad. UMAC enjoys a rigorous security analysis, and its only internal "cryptographic" component is a block cipher used to generate the pseudorandom pads and internal key material], and [Page 10, section 4.2, UMAC-32, UMAC-64, UMAC-96, and UMAC-128].
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of EL-Shimi and Tsirkin with the teaching of Krovetz in order to implement a UMAC algorithm, which is designed to produce 32-, 64-, and 96-or 128-bit tags, depending on the desired security level for high performance [Krovetz, Introduction, Page 3].

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US2014/0189348) issued to EL-Shimi and in view NPL by Ted Krovetz (UMAC: Message Authentication Code using Universal Hashing) hereinafter referred to as Krovetz (UMAC) and further in view of  US Patent No. (US9, 983, 827) issued to Tsirkin and further in view of US Patent Application No. 8,190,835 issued to Yueh.
Regarding claim 7, EL-Shimi discloses having determined that the keyed hash value for the respective data segment matches one of the respective keyed hash values maintained in the index table, (i) generating metadata for the respective data segment, the metadata including the keyed hash value of the respective data segment[¶37, lookup hashlist 308 for matching data blocks], and [¶39, The deduplication service also may use the lookup hash values to validate a previously deduplicated data block, which, for instance, became tainted or corrupted data block.  To illustrate, even if the deduplication service indicates a matching lookup hash value for an example requested encrypted data block, there is a possibility that a matching deduplicated data block is corrupted and/or uploaded by an adversary.  To validate the matching deduplicated data block's integrity, another hash value is computed on the encrypted data block content from that data block with the same cryptographic key used to compute the lookup hash value…], and [¶47, Step 508 determines whether the corresponding lookup hash values match any hash values in a deduplication hash index…].
EL-Shimi , Krovetz(UMAC)  and Tsirkin do not explicitly disclose, however, Yueh discloses  a pointer to a storage location of a data segment having the matching keyed hash value, and a reference to an original location of the respective data segment in the received data  [Col. 3 lines 9-40,  Each de-duplication client identifies duplicate data and releases it out of (or prevents it from being stored on) a corresponding storage system, to be replaced by a pointer or other reference pointing to a single instance of the data stored on any of the storage systems in the architecture.  For instance, a de-duplication client may break a file into blocks and hash each block.  The de-duplication client compares the hash for each block to the hash table maintained by the de-duplication client.  If a new hash is identical to an existing hash in the hash table, the data corresponding to the new hash can be released out of the storage system and the de-
	removing the respective data segment from the data storage system  [Abstract, Each de-duplication client can de-duplicate a digital sequence by breaking the sequence into blocks and identifying redundant blocks already stored in the shared architecture.  Identifying redundant blocks may include hashing each block and comparing the hash to a local and/or master hash table containing hashes of existing data.  Once identified, redundant data previously stored is deleted (e.g., post-process de-duplication), or redundant data is not stored to begin with (e.g., inline de-duplication)].
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of EL-Shimi and Krovetz (UMAC) and Karr with the teaching of Yueh in order to implement global de-duplication for original data and WAFL snapshot data across a plurality of storage systems [Yueh, FIGS 9A-9B].

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US2014/0189348) issued to EL-Shimi and in view NPL by Ted Krovetz (UMAC: Message Authentication Code using Universal Hashing) hereinafter referred to as Krovetz (UMAC) and further in view of  US Patent No. (US9,983,827) issued to Tsirkin and further in view of US Patent Application No. 2011/0022718 issued to Evans and in view of US Patent Application No. 2009/0190760 issued to Bojinov.
Regarding claim 8, EL-Shimi discloses: having determined that the keyed hash value for the respective data segment does not match any of the respective keyed hash values maintained in the index table, (i) storing the respective data segment in association with one or more other data segments from the received data at a storage location in one of the storage resources of the deduplication domain.
 Even Though EL-Shimi discloses [¶48, Step 510 represents secure data block validation.  Without being decrypted, an example secure data block may be examined for data integrity via a relevant authentication technique.  For instance, the deduplication service verifies data integrity by computing a separate hash authentication code based upon a deduplication domain-based lookup key and encrypted data block content from the secure data block and compares that authentication code with the example secure data block's lookup hash value, as provided during step 506.  A match between these values indicates a correct secure data block while a mismatch implies incorrect data in the secure data block].
El-Shimi , Krpvetz(UMAC) and Tsirkin do not explicitly disclose, however, Evans discloses this limitation as:  [¶55, The hasher 4011 is operable to process a data chunk 4018 using a hash function that returns a number, or hash, that can be used as a chunk identifier 4019 to identify the chunk 4018.  The chunk identifiers 4019 are stored in manifests 4022 in a manifest store 4020 in secondary storage 2040.  Each manifest 4022 comprises a plurality of chunk identifiers 4019.  The chunk identifiers 4019 are represented in FIGS. 1 and 2 by respective letters, identical letters denoting identical chunk identifiers 4019], and  [¶56] The matcher 4012 is operable to attempt to establish whether a data chunk 4018 in a newly arrived segment 4015 is identical to a previously processed and stored data chunk.  This can be done in any convenient manner.  If no match is found for a data chunk 4018 of a segment 4015, the storer 4013 will store the corresponding unmatched data chunk 4018 from the buffer 4030 to a deduplicated data store 4021].

and (ii) incorporating the keyed hash value of the respective data segment and a pointer that maps the keyed hash value of the respective data segment to the storage location of the respective data segment into a new entry for the index table.
Even though EL-Shimi discloses this limitation as : - 16 -[¶36, Using the lookup hash values, such a component may use query a deduplication service to determine which of the encrypted data blocks 304, if any, are redundant (e.g., duplicates of previously de-duplicated data blocks) and which data blocks are new and are to be uploaded].
	However, EL-shimi , Krovetz(UMAC), Tsirkin and Evans do not explicitly disclose a, however, Bojinov  discloses this limitation as: [¶48, FIG. 6 is another illustration depicting the writing of data chunks of a data stream to a storage device according to yet another data layout format, in accordance with an embodiment of the invention.  For example, instead of writing metadata/compressed data chunk pairs on the storage device, the metadata is written to an index file of the storage device.  The metadata include pointers to the locations of corresponding compressed data chunks, which can be of variable size.  As shown in FIG. 6, .epsilon..sub.3 points to CD.sub.3 and .epsilon..sub.4 points to CD.sub.4.  This method is similar to a hashing technique, thus avoiding the need to consider sorted metadata, such as the method described with respect to FIG. 5].
. 

Claims 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US2014/0189348) issued to EL-Shimi and in view NPL by Ted Krovetz (UMAC: Message Authentication Code using Universal Hashing) hereinafter referred to as Krovetz (UMAC) and further in view of US Patent No. (US9,983,827) issued to Tsirkin. and further in view of US Patent Application No. 9,336,092 issued to Li.
Regarding claim 9, Even though El-Shimi discloses randomly-generated nonccryptographic key as: [¶24, an example deduplication domain may refer to an entire enterprise or a specific group or sub-group with that enterprise as defined by the enterprise's computing environment administrator.  Each such secret key, hence, may be used by each entity within that domain ].
	And Krovetz discloses randomly-generated nonccryptographic key as: [Page3, 2nd paragraph, Security depends on the sender and receiver sharing a randomly-chosen secret hash function and pseudorandom pad. This is achieved by using keyed hash function H and pseudorandom function F. A tag is generated by performing the computation Tag = H_K1(M) xor F_K2(Nonce) where K1 and K2 are secret random keys shared by sender and receiver, and Nonce is a value that changes with each generated tag].
	El-Shimi and Krovetz do not explicitly disclose, however, Tsirkin discloses randomly-generated nonccryptographic key [ see FIGS. 2-4 and corresponding text for more details, Applications 120, 122 and associated first memory 210 and second memory 213( equated to plurality of domains ), Deduplication module 130, Key generator 204(application 120 generates key 206 and stores it in memory 108 or operating system 102 generates a random number and sends this to application 120 as key 206),Keys 206 and 214)]. 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of EL-Shimi  and Krovetz with the teaching of Tsirkin in order to allocate first and second applications running on an operating system with first key and second keys for deduplication of one or more memory pages[ Tsirkin, Abstract].
	EL-Shimi, Krovetz(UMAC) and Tsirkin do not explicitly disclose,  however, LI discloses accessing, over a network, the key generated for the respective deduplication domain of the one or more storage resources from a secure key server computer [Col.5 lines 23-28, FIG. 2 shows an overall architecture of a system 205 for secure data deduplication.  This system includes one or more clients 210, a secure key server 215, and a storage server 220, each of which are interconnected through a communication network 225.  The clients, servers, and communication network may be as shown in FIG. 1 and described above], and [Col. 5 lines 50-62, specifically, the secure key server includes an encryption key manager 230, and an encryption key database 235.  The key database tracks and stores a history of keys or key versions.  The encryption key manager is responsible for managing the lifecycle of an encryption key.  The encryption key manager may generate new encryption keys, expire keys, delete keys, maintain the keys in the key database, and respond to key requests from clients.  Keys may be generated periodically according to a user-configurable security policy, on-
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of EL-Shimi, Krpvetz (UMAC) and Tsirkin with the teaching of LI in order to secure data deduplication [LI. Title, FIG.2].
Regarding claim 10, Even though El-Shimi discloses randomly-generated nonccryptographic key as: [¶24, an example deduplication domain may refer to an entire enterprise or a specific group or sub-group with that enterprise as defined by the enterprise's computing environment administrator.  Each such secret key, hence, may be used by each entity within that domain ].
	And Krovetz discloses randomly-generated nonccryptographic key as: [Page3, 2nd paragraph, Security depends on the sender and receiver sharing a randomly-chosen secret hash function and pseudorandom pad. This is achieved by using keyed hash function H and pseudorandom function F. A tag is generated by performing the computation Tag = H_K1(M) xor F_K2(Nonce) where K1 and K2 are secret random keys shared by sender and receiver, and Nonce is a value that changes with each generated tag].
	El-Shimi and Krovetz do not explicitly disclose, however, Tsirkin discloses randomly-generated nonccryptographic key [ see FIGS. 2-4 and corresponding text for more details, Col. 5.lines 52-67- Col. 9 lines  1-27], Applications 120, 122 and associated first memory 210 and second memory 213( equated to plurality of domains ), Deduplication module 130, Key generator 204(application 120 generates key 206 and stores it in memory 108 or operating a random number and sends this to application 120 as key 206),Keys 206 and 214)]. 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of EL-Shimi  and Krovetz with the teaching of Tsirkin in order to allocate first and second applications running on an operating system with first key and second keys for deduplication of one or more memory pages[ Tsirkin, Abstract].
	 EL-Shimi, Krovetz (UMAC) and Tsirkin do not explicitly disclose, however, LI discloses wherein the accessing of the key generated for the respective deduplication domain includes issuing, by the storage processor, a key request to the secure key server computer to obtain the key over the network.  [Col.5 lines 23-28; FIG. 2 shows an overall architecture of a system 205 for secure data deduplication.  This system includes one or more clients 210, a secure key server 215, and a storage server 220, each of which are interconnected through a communication network 225.  The clients, servers, and communication network may be as shown in FIG. 1 and described above], and [Col. 5 lines 50-62, specifically, the secure key server includes an encryption key manager 230, and an encryption key database 235.  The key database tracks and stores a history of keys or key versions.  The encryption key manager is responsible for managing the lifecycle of an encryption key.  The encryption key manager may generate new encryption keys, expire keys, delete keys, maintain the keys in the key database, and respond to key requests from clients.  Keys may be generated periodically according to a user-configurable security policy, on-demand, or both.  For example, depending upon the security needs of the organization, new keys may be provided every month, every other month, every six months, yearly, or at any other frequency as desired].

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US2014/0189348) issued to EL-Shimi and in view NPL by Ted Krovetz (UMAC: Message Authentication Code using Universal Hashing) hereinafter referred to as Krovetz (UMAC) and further in view of  US Patent No. (US9,983,827 issued to Tsirkin and further in view of NPL by Ted Krovetz (VMAC: Message Authentication Code using Universal Hashing) hereinafter referred to as Krovetz (VMAC).
Regarding claim 21, El-Shimi discloses wherein the inputting of the respective data segment and the key generated for the respective deduplication domain into the Universal hash function includes generating the keyed hash value for the respective data segment [¶17, One example component uses lookup hash values to identify which data blocks of a given file are duplicates of previously de-duplicated data blocks and then, omit any such data block from further compression, communication and/or storage.  For each data block, the example component generates a corresponding cryptographic key based upon that data block's content, either directly or indirectly via a hash-based authentication code, and another cryptographic key, which may be a deduplication domain-based cryptographic key], and [¶¶5, 19].
El-shimi, Krovetz (UMAC) and Tsirkin do not explicitly disclose, however, Krovetz (VMAC) discloses  using one of a cipher-based Message Authentication Code (VMAC) and a Galois Message Authentication Code (GMAC)[ Page 9, section 4.2:  VMAC-64 and VMAC-128, The preceding VMAC definition has a parameter "taglen" which specifies the length of tag generated by the algorithm. The following aliases define names that make tag length explicit in the name. VMAC-64(K, M, Nonce) = VMAC(K, M, Nonce, 64) VMAC-128(K, M, Nonce) = VMAC(K, M, Nonce, 128)], and [ section 5:  VHASH: Universal hash 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of EL-Shimi , Krovetz (UMAC) and Tsirkin with the teaching of Krovetz (VMAC) in order to implement VMAC message authentication algorithm which is designed to have exceptional performance in software on 64-bit CPU architecture while still performing well on 32-bit architectures [Krovetz (VMAC), Abstract].
                                                                                                                                                                                          Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
ROTH(US8,739,308) [ As illustrated in FIG. 8, the key authority 802 propagates keys to a plurality of key zones 804.  A key zone may be a domain of the organization in which a received key is valid.  For example, referring to FIG. 2, each key zone 804 may correspond to a fault zone, such as a data center.  Key zones may be, but are not necessarily, geographically defined.  For example, each key zone may correspond to a country, region, or other geographically defined region.  Key zones may also be defined in other ways.  For example, each key zone may correspond to a service provided by a computing resource provider, to a customer of an organization, and the like], and [(114)]. see fig. 17 and 18 and corresponding text for more detail].
Karr(US10,452,297)[ deduplication, collision, hash value].

Geil(US9,705,932)[ Ready the entire spec. De-duplication key].

Tribmle (US9766832) [de-duplication, strong collision, collision resistance, hash value].
Wallace(8,914,338) [weak has value, deduplication, collision].
Frandzel(US2008/0294696)[ strong has value, deduplication, collision].
Goss(2013/0326115) [strong has function, deduplication, collision].
Jayaraman(US2013/0018851)[ strong has value, deduplication, collision].

Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20.
                                                                                                                                                                                                  
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 




                                                                                                                                                                                                Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207.  The examiner can normally be reached on Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/SHAHRIAR ZARRINEH/Examiner, Art Unit 2497