DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

                                                      Election/Restrictions
2.    Applicant elected claims 9-20 without traverse in the reply filed on 04/13/2021; and claims 1-8 has been withdrawn is hereby acknowledged.

                                                             Claim Interpretation
3.    The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. - An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

4. The claim 20 in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:



(B)    the term "means" or "step" or the generic placeholder is modified by functional language, typically, but not always linked by the transition word "for" (e.g., "means for") or another linking word or phrase, such as "configured to" or "so that"; and

(C)    the term "means" or "step" or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.

Use of the word "means" (or "step") in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C.112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is 
interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.

Absence of the word "means" (or "step") in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.



If applicant does not intend to have the claim limitation(s) treated under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112 , sixth paragraph, applicant may amend the claim(s) so that it/they will clearly not invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, or present a sufficient showing that the claim recites/recite sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f) or pre-AIA  35 U.S.C.112, sixth paragraph.

Claim Rejections - 35 USC § 102
5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


6. Claim(s) 9 and 19 are rejected under 35 U.S.C. 102(a) (1) as being anticipated by Amarendran (US Pub.No.2016/0078245).

7.    Regarding claim 9 Amarendran teaches a computer-implemented method, comprising: initiating an object storage operation for reading and writing an identified data object; reading the identified data object from a first storage node (Para:0092-0093, Para:0096, and Para:0519-
moving the encrypted data object from the first storage node to a second storage node (Para:0179 and Para:0227 teaches transferring the encrypted data object from the first storage device to one or more secondary storage device);

decrypting write operations from the encrypted data object when writing the identified data object to the second storage node (Para:0202, Para:0317 and Para:0520-0521 teaches decrypting and writing the data object to a secondary storage device).

8.    Regarding claim 19 Amarendran the computer-implemented method, wherein: the first storage node and the second storage node are in different storage systems (Para: 0108 and Para: 0179 teaches the primary storage device and the secondary storage device are in different storage systems); and encrypting read operations and decrypting write operations use a common encryption key (Para: 0227 and Para: 0418 teaches the encryption module obtains a data encryption key. This data encryption key can include any type of symmetric key [which uses the same key for encryption and decryption]. For example, the symmetric key can be an Advanced Encryption Standard (AES) key. Para: 0317 teaches the decryption module can determine the type of encryption used to encrypt the file and select a corresponding decryption algorithm to decrypt the file).

Claim Rejections - 35 USC § 103
9. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


10. Claims 10-13 and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Amarendran (US Pub.No.2016/0078245) as applied to claim 9 above and further in view of in view of Iasi (US Pub.No.217/0208050).

11.  Regarding claim 10 Amarendran teaches the computer-implemented method, wherein: initiating the object storage operation includes using a user credential for reading and writing the identified data object (Para: 0402- 0405 and Para: 0521-0522 teaches requires a user credential (such as password) for reading and writing the identified data object),
encrypting read operations is selectively executed based on the user type being the replication user type (Para: 0309-0310 teaches encrypting the data file based on one or more users and/or pieces of metadata associated with the file (such as author of a file, the owner of a file, the editor of a file, associate user  of a file, type of a file etc); and decrypting read operations is selectively executed based on the user type being the replication user type (Para:0314-0315 and Para:0350-0351 teaches decrypting the data file based on the user type).

But Amarendran does not expressly teach the user credential having a user type, the user type selected from an owner user type and a replication user type; the computer-implemented method further comprises identifying the user type from the user credential for the object storage operation.


 (Para:0025  teaches the secure key platform 120 stores and manages user credentials associated with the client device 110 including, for example, but not limited to, usernames, passwords, passphrases, and challenge questions and/or responses. The user credentials are used to access user data. Para: 0033-0036 and Para: 0046-0058 teaches the secure key platform will control access to user credentials, data store credentials, and user data based on each user's type and/or role. (1) A primary user is the user who has the highest level of ownership to the data associated with a corresponding user name within various data store. This user is considered as the main user and requires account information such as a username and password to gain access. The primary user has account administrative access by default and may grant administrative access to other users. All other users are regarded as "associate" users.  (2) An associate user has subordinate access to the data associated with a primary user's username. There are several classifications of associate users, each having a specific access level. The primary user is responsible for approving each new instance of an associate user. An associate user is required to provide a user name, password, and primary user name in order to gain access. (3) An alternate associate user is able to perform any operation for e.g., put ( ) get ( ) on the data associated with the primary user's account. By default, an alternate associate user does not have administrator access although such access may be granted access by the primary user. (4) A compound associate user logs in, another window will request that a second user (either a primary user and/or an alternate associate user) log in and grant access to the compound associate user. Once access is granted, the compound associate user may have access to all data. A compound associate user may have an access time limit assigned by the primary user. (5) A delegate associate user has the same access levels as an alternate associate user. In addition, a delegate associate user has administrator access by 

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Amarendran to include the user credential having a user type, the user type selected from an owner user type and a replication user type; the computer-implemented method further comprises identifying the user type from the user credential for the object storage operation, as taught by Iasi since such a setup will identity the user and protect the data from being accessed by another user.

12.  Regarding claim 11 Amarendran teaches the computer-implemented method, wherein reading the identified data object and writing the identified data object are executed by a controller node configured to communicate with a plurality of storage nodes, the plurality of storage nodes including the first storage node and the second storage node (Fig.1D and Para: 0082 teaches the plurality of storage nodes including the first storage node 104 and the second storage node108).

13. Regarding claim 12 Iasi teaches the computer-implemented method, wherein identifying the user type from the user credential is executed by an authenticator in communication with the controller node (Para: 0021-0025, Para: 0033-0034 and Para: 0046-0058 teaches and authenticating the user and identifying the user from the user credential).



15. Regarding claim 15 Amarendran in view of Iasi teaches the computer-implemented method, wherein: identifying the user type from the user credential (Iasi: Para: 0021-0025, Para: 0033-0034 and Para: 0046-0058 teaches identifying the user from the credential), 
encrypting read operations, and decrypting write operations are executed by a proxy application (Amarendran: Para: 0350-0352 teaches encrypting read operations and decrypting write operations are executed by a remote application);
 and the object storage operation is processed by the proxy application prior to reading and writing the identified data object (Amarendran: Para: 0108 and Para:0152-0153 teaches object storage operation is processed by the remote application).

16.    Regarding claim 16 Amarendran in view of Iasi teaches the computer-implemented method, wherein: the user type is a flag associated with the object storage operation (Amarendran: Para: 0290 Para: 0247 teaches flagging the data objects based on the sensitivity or privilege associated with the user type); a first value of the flag is the owner user type; and a second value of the flag is the replication user type (Iasi: Para:0049 -0051 teaches a primary user is identified as the person who has the highest level of ownership to the data associated with a corresponding user name within various data store. This user is considered as the "main" user and requires account information such as a username and password to gain access. The primary user [is the first flag herein has the highest access value] has account administrative access by default and may grant administrative access to other users. All other users are 

17.    Regarding claim 17 Amarendran in view of Iasi teaches the computer-implemented method, further comprising setting the user type for the object storage operation to the replication user type for system tasks not initiated by an application user (Iasi: Para:0021, Para:0024 and Para:0030-0031teaches the client device 110 may be associated with a user who is an administrator. As such, the secure key platform 120 may authenticate the client device 110 further based on the internet protocol (IP) address from which the client device 110 is attempting a login. For example, in the event that an administrator login is attempted from outside of an authorized IP address range, the secure key platform 120 may deploy one or more measures including, for example, but not limited to, disabling the administrator account and transmitting alerts to one or more verified email accounts. As such setting the user type for the object storage operation is not initiated by an application user).

18.  Regarding claim 18 Amarendran the computer-implemented method, further comprising storing the identified data object in a cache memory after reading the identified data object from the first storage node and before writing the identified data object to the second storage node (Para: 0158-0159 and Para: 0167-0168 teaches the media agent 144 can act as a local cache for reading data from the primary storage device. The media agent manages, coordinates, and facilitates the transmission of data, as directed by the storage manager 140, between a client computing device 102 and one or more secondary storage devices 108. Whereas the storage manager 140 controls the operation of the information management system 100, the media agent 144 generally provides a portal to secondary storage devices 108. For instance, other components in the system interact with the media agents 144 to gain access to data stored on .

19. Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Amarendran (US Pub.No.2016/0078245) in view of Iasi (US Pub.No.217/0208050) as applied to claim 10 above and further in view of Murray (US Pub.No.2019/0013936).

20.  Regarding claim 14 over Amarendran in view of Iasi teaches all the above claimed limitations, but does not expressly teach the computer-implemented method, wherein: reading the identified data object includes sending a first hypertext transfer protocol (HTTP) call conforming to a simple storage services application protocol interface (API) GET operation to the first storage node (Fig.4 and Para: 0152 teaches a Get file request/call/operation in a flowchart 300. When a client running on device 102 of user U.sub.1 of fig. 1, or simply the client, wishes to read a protected file from cloud storage 106, it issues a Get request as shown by process/function/step box 302. Such a file operation/request is intercepted by shim 105 that is also installed on the client device and operates as an intermediary between client 103 and cloud storage 106 to which it interfaces via the available API of cloud storage or network 106);

and writing the identified data object includes sending a second HTTP call conforming to a simple storage services API PUT operation to the second storage node (Fig.5 and Para:0166 teaches a Put file request/call/operation in a flowchart 400. When a client running on device 102 of user U.sub.1 of fig. 1, or simply the client, wishes to write a file as a protected file into cloud storage 106, it issues a Put request as shown by process/function/step box 402. Such a file operation/request is intercepted by shim 105 that is also installed on the client device and operates as an intermediary between client 103 and cloud storage 106 to which it interfaces via the available API of cloud storage or network 106. In response to the interception of the Put 

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Amarendran in view of Iasi to include reading the identified data object includes sending a first hypertext transfer protocol (HTTP) call conforming to a simple storage services application protocol interface (API) GET operation to the first storage node; and writing the identified data object includes sending a second HTTP call conforming to a simple storage services API PUT operation to the second storage node, as taught by Murray such a setup will secure data in a cloud storage.


21. Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Amarendran (US Pub.No.2016/0078245) in view of Iasi (US Pub.No.217/0208050).

22.   Regarding claim 20 Amarendran teaches a system, comprising: means for initiating an object storage operation using a user credential for reading and writing an identified data object (Para: 0402- 0405 and Para: 0521-0522 teaches requires a user credential (such as password) for reading and writing the identified data object),
      means for selectively encrypting read operations based on the user type to encrypt the identified data object when reading the identified data object from a first storage node if the user type is the replication user type (Para:0227 teaches encrypting the data object before sending the data object to media agents during a secondary copy operation. Para: 0309-0310 teaches encrypting the data file based on one or more users and/or pieces of metadata associated with 
     means for reading the identified data object from the first storage node (Para:0092-0093, Para:0096, and Para:0519-0522 teaches reading the data object from the primary storage device);
 means for selectively decrypting write operations based on the user type to decrypt the identified data object when writing the identified data object to a second storage node if the user type is the replication user type (Para:0179 and Para:0227 teaches transferring the encrypted data object from the first storage device to one or more secondary storage device. Para: 0314-0315 and Para: 0350-0351 teaches decrypting the data file based on the user type);
  and means for writing the identified data object to the second storage node (Para:0202, Para:0317 and Para:0520-0521 teaches decrypting and writing the data object to a secondary storage device).

But Amarendran does not expressly teach the user credential having a user type, the user type selected from an owner user type and a replication user type; means for identifying the user type from the user credential for the object storage operation.

Iasi teaches the user credential having a user type, the user type selected from an owner user type and a replication user type; and identifying the user type from the user credential for the object storage operation (Para: 0025 teaches the secure key platform 120 stores and manages user credentials associated with the client device 110 including, for example, but not limited to, usernames, passwords, passphrases, and challenge questions and/or responses. The user credentials are used to access user data. Para: 0033-0036 and Para: 0046-0058 teaches the secure key platform will control access to user credentials, data store credentials, and user data based on each user's type and/or role. (1) A primary user is the  All other users are regarded as "associate" users.  (2) An associate user has subordinate access to the data associated with a primary user's username. There are several classifications of associate users, each having a specific access level. The primary user is responsible for approving each new instance of an associate user. An associate user is required to provide a user name, password, and primary user name in order to gain access. (3) An alternate associate user is able to perform any operation for e.g., put ( ) get ( ) on the data associated with the primary user's account. By default, an alternate associate user does not have administrator access although such access may be granted access by the primary user. (4) A compound associate user logs in, another window will request that a second user (either a primary user and/or an alternate associate user) log in and grant access to the compound associate user. Once access is granted, the compound associate user may have access to all data. A compound associate user may have an access time limit assigned by the primary user. (5) A delegate associate user has the same access levels as an alternate associate user. In addition, a delegate associate user has administrator access by default. A system administrator may use this user account type to gain access to user data. (6) A restricted associate user has no access to data by default. Instead, the restricted associate user may have access to specific data objects as identified by a primary user (e.g., through the primary user's administrator page). For example, the primary user may associate certain data objects with a restricted associate user account thereby providing the restricted associated user with access to only those data objects).

Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Amarendran to include 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506.  The examiner can normally be reached on Mon-Fri: 7:30 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/DEREENA T CATTUNGAL/Examiner, Art Unit 2431