Detailed Action
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Amendment filed on 05/17/2021 has been acknowledged. Claims 1-7, 9-12 and 14-19 are currently pending and have been considered below. Claim 1 and 16-18 are independent claim. Claim 8 and 13 are cancelled. Claim 19 is added new.

Priority
This application is a DIV of 15/511,914 filed on 03/16/2017 (PAT 10, 534, 920 B2). Also 15/511,914 is a 371 of PCT/EP2015/071026 09/15/2015.

Information Disclosure Statement
The information disclosure statements (IDS's) submitted on 09/06/2019 and 09/25/2019 are in compliance with provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Drawings
The drawings filed on 09/06/2019 are accepted by the examiner.

Response to Arguments
Applicant’s arguments filed on 05/17/2021 has been considered and they are persuasive.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an 
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
Claims 1-7, 9-12 and 14-19 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 of US Patent No. 10,534,920 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the patented application contains every element of claims of the instant application.  A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a 35 patent claim to a species within that genus). “ELI .
Claims 1-18 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 of US Patent No. 10,534,920 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because claim 1 of patent ‘920 encompasses the claimed subject matter with an additional limitation of “authenticating the further user to the file management server; after successful authentication, checking, by the file management server, whether the further user is authorised for read access to the file; and if the analysis reveals that the further user is authorised for read access to the file and has successfully authenticated himself, generating a further version of the metadata, wherein the further version of the metadata allows a reconstruction of the file from the file fragments, wherein the further version of the metadata is generated specifically for the file and specifically for the further user computer system, wherein the generation of the further version of the metadata of the file includes, sending, by the file management server, the public key of the further user computer system to the user computer system which generated the file and encrypted fragments thereof using its symmetric key, encrypting the symmetric key using the public key of the further user computer system by the user computer system which generated the file, combining the encrypted symmetric key with further data by the user computer system which generated the file, in order to create the further version of the metadata, sending . 
This is a non-provisional non-statutory obviousness type double patenting rejection because the conflicting claims have been patented.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b): 
(b) CONCLUSION. - The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. 

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly
claiming the subject matter which the applicant regards as his invention.
 

Claim 3 recites “the method according to claim 1, further comprising”, “using the metadata by the file management server to control the access of a further user to the file”. 
Claim 4 recites “reconstruction of the file content of the selected file by the user computer system or by a further authorized user computer system”.
Claim 6 recites “authentication method by means of which a further user must authenticate himself”.
further user computer system of a further user”.
 Claim 12 recites “an access enquiry of a further user computer system”, “whether a further user, to whom the further user computer system is assigned”, “authenticating the further user computer system”, “if the further user has access rights for the file, requesting a further authorisation token by the file management server form each of the identified memory services and forwarding the further authorisation tokens obtained in response to this request to the further user computer system by the file management server, wherein the further authorisation tokens allow the further user computer system”.
Claim 14 recites “further authorisation token is only sent from the file management server to the identified memory services if the further user computer system, from which the further user has sent the access enquiry”.
Claim 15 recites “further comprising”, “a user profile of the further user”, “protected manner in the further user computer system”, “the file management server to the further user computer system so as to enable the further user computer system”.
Claim 19 recites “further comprises”.
The limitations are not clear to the examiner as the limitation “further” is not clear. Thus claim is incomprehensible.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claim 1-7, 9-12 and 14-19 are rejected under 35 U.S.C. 103 as being unpatentable over Resch (US Patent Application Publication No 2013/0304711 A1) in view of Lahdensivu (US Patent Application Publication No 2012/0173925 A1) and further in view of Linden (US Patent No 6,360,254 B1).

Regarding Claim 1, Resch discloses a method for storing data, wherein the method comprises the following steps in order to store a file:
 	automatically generating a distribution schedule, which contains instructions for generating file fragments of the file by means of an error correction method and identifiers of a number of memory services, in the non-volatile storage media of which the generated file fragments are to be 
 performing the error correction method specified in the distribution schedule for generation of the file fragments from the file by the user computer system, wherein at least one of the file fragments contains error correction bits (Resch, ¶[0080]- ¶[0083], s series of data segment is created in accordance with a data storage protocol. The grid module receives the data segments and manipulates each of the data segments before performing an error coding function. After manipulating a data segment, the grid module error encodes (Reed-Solomon, Convolution encoding, Trellis encoding etc) the manipulated data segment into error coded data slices. ¶[0096], encoded data segment includes thirty-two bits, but may include more or less bits. Each EC data slice does not include 
sending an authorisation enquiry of the user computer system for storing the file fragments in the memory services identified in the distribution schedule to the file management server via a network (Resch, ¶[0077], the gateway module authenticates the user associated with the data object by verifying the user ID with the managing unit. ¶[0078], when the user is authenticated, the gateway module obtains user information from the management unit, the user device and/or other authenticating unit. The user information includes a vault identifier, operational parameters and user attributes. A vault identifier identifies a vault which is a virtual memory space that maps to a set of DS storage units. The operational parameters may include an error coding algorithm, the width, a read threshold, a write threshold, an encryption algorithm, a slicing parameter, a compression algorithm, an integrity check or other parameters that may be used to access the DSN memory layer); 
in response to receipt of the authorisation enquiry, requesting an authorisation token by the file management server from each of the memory services identified in the distribution schedule and forwarding the authorisation tokens obtained in response to the request to the user computer system by the file management server (Resch, Fig-8A, ¶[0108], a processing module generates and sends an authentication token 
storing the generated file fragments via the network in the storage media of the identified memory devices by means of authorisation verification by the authorisation tokens, with the user computer system bypassing the file management server (Resch, ¶[0109], the processing module determines that the authentication token is applicable to the request when the request is a write request and a permission allows the processing module to perform an associated write sequence. Also ¶[0058], the DS managing unit tracks  the amount of data stored or retrieved by a user device which can be used to generate a per data amount bill); 
wherein metadata, which allow the reconstruction of the file from the stored file fragments, are stored in the user computer system and/or the file management server (Resch, ¶[0056], DS managing unit determines a number of slices and a read threshold value  which is minimum number of slices required to reconstruct the data segment ¶[0082]- ¶[0083], the number of pillars are chosen as a parameter of error 
Resch does not appear to disclose the following limitation that Lahdensivu teaches:
metadata are protected against access by the memory services (Lahdensivu, ¶[0009], encrypted data can be used for the error correction data calculation. Encrypting the data ensures that the service provider has no access to the user’s data. The error correction data is calculated in the same way as for the unencrypted data and the result of the recovery is the same encrypted data that was used for the error correction calculation).
Resch in view of Lahdensivu are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “protecting privacy of sensitive information”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Resch in view of Lahdensivu to include the idea of generating data distribution model and setting up parameters that minimizes the error function to predict the data that is entered by a user. The modification will prevent the user to enter any false data. 
Resch in view of Lahdensivu do not appear to disclose the following limitation that Linden teaches:

Resch in view of Lahdensivu and further in view of Linden are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “protecting privacy of sensitive information”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Resch in view of Lahdensivu and Linden to include the idea of enabling users of a web site or other information system to efficiently and securely access private web pages and other types of restricted resources. The modification (using private URLs) will allow authorized users to access the private resources without the need to enter a username, password or other authentication information and without the need to download special authentication software. 

 Regarding claim 2, Resch in view of Lahdensivu and Linden discloses the method according to claim 1, comprising the following steps: 
providing a configuration, which contains requirements of a user with regard to the speed, the geographical location, the security and/or the costs of an IT infrastructure to be used for the storing of data and also requirements with regard to the availability of the data to be stored (Resch, ¶[0052], each of the DS units includes a processing module and memory and may be located at a geographically different site than the other DS units (one in Chicago, one in Milwaukee). ¶[0085], The DS unit attributes may include availability, self-selection, performance history, link speed, link latency, ownership, available DSN memory, domain, cost, a prioritization scheme, a centralized table. Lahdensivu, ¶[0012], the geographical location of the stored data or the service user’s data connection speed can be used as a factor in selecting the group of data sets for error correction calculation. The geographical distribution can be used to lower risk of a natural disaster causing too many data sets becoming unavailable simultaneously. Network speed can be used to form the groups where only users with high speed connections belong to the same group allowing faster recovery times); 
providing a memory service catalogue, which comprises specifications of a multiplicity of available memory services, wherein the specification of each of the memory services contains details with regard to the speed, the geographical location, the security and/or the costs of an IT infrastructure of the memory service used for the storing of the data (Resch, ¶[0052], each of the DS units 
in order to generate the distribution schedule, automatically evaluating the configuration and the memory service catalogue so as to identify, depending on the specifications of the available memory services and depending on the user requirements, an error correction method from a multiplicity of error correction methods that meets the requirements with regard to the availability of the data to be stored and so as to identify the plurality of memory services identified in the distribution schedule from the multiplicity of available memory services that are suitable for storing the file in accordance with the user-specific requirements with regard to the speed, geographical location, security and/or costs of the IT infrastructure to be used for the storing of data (Resch, ¶[0052], each of the DS units includes a processing module and memory and may be located at a 
using the identified error correction method as the error correction method of the distribution schedule (Lahdensivu, ¶[0014], if the user’s stored data is not available within specifies time, the recovery can be started automatically to a new mass storage utilizing error correction data and the stored data that is available from the other users. The user can be removed from the group used for error correction data calculation, if the user’s stored data is unavailable longer than a specified time). 

Regarding claim 3, Resch in view of Lahdensivu and Linden discloses the method according to claim 1, further comprising the following steps: 
generating the metadata by the user computer system, wherein the user computer system is assigned to a user, wherein the metadata include (Resch, 
paths to all memory locations in the storage media of the memory services in which the file fragments of the file are to be stored or have already been stored (Resch, ¶[0056], DS managing unit determines a number of slices and a read threshold value  which is minimum number of slices required to reconstruct the data segment. ¶[0079], the gateway module uses the user information to assign a source name to the data. For instance, the gateway module determines the source name of the data object based on the vault identifier and the data object. The source name may contain a file identifier (ID), a vault generation number, a reserved field, and a vault identifier (ID). The gateway module may generate the file ID based on a hash function of the data object. ¶[0082]- ¶[0083], the number of pillars are chosen as a parameter of error coding dispersal storage. The read threshold corresponds to the minimum number of error free error coded data slices required to reconstruct the data segment. Also Lahdensivu, ¶[0006], error correction algorithm is used for calculating error correction data from several separate stored data sets and 
a symmetric key, which allows a decryption of the file fragment encrypted with this symmetric key; and/or 
for each of the file fragments, a hash value of the file fragment calculated by the user computer system; and/or 
the original file name of the file stored in a distributed manner; and/or 
configuration data of the error correction method (FKV); 
a mapping of the original file name to the hash values and paths of the generated file fragments; 
storing the metadata in the user computer system (Resch, ¶[0056], DS managing unit determines a number of slices and a read threshold value  which is minimum number of slices required to reconstruct the data segment. ¶[0082]- ¶[0083], the number of pillars are chosen as a parameter of error coding dispersal storage. The read threshold corresponds to the minimum number of error free error coded data slices required to reconstruct the data segment. Also Lahdensivu, ¶[0006], error correction algorithm is used for calculating error correction data from several separate stored data sets and storing the error correction data instead of the full copy of the stored data); 
transferring the metadata to the file management server (Resch, ¶[0056], DS managing unit determines a number of slices and a read threshold value  which is minimum number of slices required to reconstruct the data segment. ¶[0082]- ¶[0083], the number of pillars are chosen as a parameter of error 
using the metadata by the file management server to control the access of a further user to the file (Resch, ¶[0056], DS managing unit determines a number of slices and a read threshold value  which is minimum number of slices required to reconstruct the data segment. ¶[0082]- ¶[0083], the number of pillars are chosen as a parameter of error coding dispersal storage. The read threshold corresponds to the minimum number of error free error coded data slices required to reconstruct the data segment. Also Lahdensivu, ¶[0006], error correction algorithm is used for calculating error correction data from several separate stored data sets and storing the error correction data instead of the full copy of the stored data).

Regarding claim 4, Resch in view of Lahdensivu and Linden discloses the method according to claim 3, 
wherein metadata of a multiplicity of files stored in a distributed manner in the memory services are stored in the user computer system and the method comprises a use of said metadata by a client application of the user computer for generation of a client-based view of the files stored in a distributed manner (Resch, ¶[0056], DS managing unit determines a number of slices and a read 
wherein metadata of a multiplicity of files stored in the memory services in a distributed manner are stored in the file management server and the method comprises a use of said metadata by a web portal hosted on the file management server for generation of a network-based view of the files stored in a distributed manner (Resch, ¶[0056], DS managing unit determines a number of slices and a read threshold value  which is minimum number of slices required to reconstruct the data segment. ¶[0082]- ¶[0083], the number of pillars are chosen as a parameter of error coding dispersal storage. The read threshold corresponds to the minimum number of error free error coded data slices required to reconstruct the data segment. Also Lahdensivu, ¶[0006], error correction algorithm is used for calculating error correction data from several separate stored data sets and storing the error correction data instead of the full copy of the stored data); 
wherein the client-based and/or the network-based view is configured to dynamically reconstruct the original file names from the metadata and, by selection of one of the files stored in a distributed manner, to initiate a dynamic 

Regarding claim 5, Resch in view of Lahdensivu and Linden discloses the method according to claim 2, 
wherein the determination of the error correction method which meets the user requirements with regard to the availability of the file includes a determination of the anticipated total size of all file fragments to be generated by the error correction method, wherein for each of the file fragments to be generated, a memory service is identified which, in accordance with its specifications, meets the requirements with regard to the speed, geographical location, security and/or costs under consideration of the anticipated total size (Resch, ¶[0052], each of the DS units includes a processing module and memory and may be located at a geographically different site than the other DS units (one 
wherein, if the determined error correction method would prompt the generation of file fragments of which the total size does not make it possible to identify a sufficient number of memory services which, in accordance with their specifications, meet the requirements with regard to the speed, security and/or costs under consideration of the total size, automatically determining another error correction method, which is configured to generate file fragments of which the anticipated total size is sufficiently small so that, for each file fragment to be generated, a memory service can be identified which, in accordance with its specifications, meets the requirements with regard to the speed, geographical location, security and/or costs under consideration of the anticipated total size (Resch, ¶[0056], DS managing unit determines a number of slices and a read threshold value  which is minimum number of slices required to reconstruct the data segment. ¶[0082]- ¶[0083], the number of pillars are chosen as a parameter 
wherein, in order to meet the user requirements with regard to a maximum duration of the data transfer for the transfer of the file via the network, the determined error correction method is automatically configured so that, as a result of this method, a sufficiently large number of the generated file fragments is generated, such that with parallel transfer of these file fragments to the plurality of memory services or from the plurality of memory services identified in the distribution schedule the transfer time for all file fragments lies below the maximum duration (Resch, ¶[0056], DS managing unit determines a number of slices and a read threshold value  which is minimum number of slices required to reconstruct the data segment. ¶[0082]- ¶[0083], the number of pillars are chosen as a parameter of error coding dispersal storage. The read threshold corresponds to the minimum number of error free error coded data slices required to reconstruct the data segment. Also Lahdensivu, ¶[0006], error correction algorithm is used for calculating error correction data from several separate stored data sets and storing the error correction data instead of the full copy of the stored data).

Regarding Claim 6, Resch in view of Lahdensivu and Linden discloses the method according to claim 2, wherein the user computer system is assigned to a user, wherein the configuration also contains one or more of the following data items in user-configurable form: 
a minimum trust level, which specifies a minimum level of reliability of an authentication method by means of which a further user must authenticate himself to the file management server so as to be allowed to access the file stored in the memory media of the identified memory services (Resch, ¶[0077], the gateway module authenticates the user associated with the data object by verifying the user ID with the managing unit. ¶[0078], when the user is authenticated, the gateway module obtains user information from the management unit, the user device and/or other authenticating unit. The user information includes a vault identifier, operational parameters and user attributes. A vault identifier identifies a vault which is a virtual memory space that maps to a set of DS storage units. The operational parameters may include an error coding algorithm, the width, a read threshold, a write threshold, an encryption algorithm, a slicing parameter, a compression algorithm, an integrity check or other parameters that may be used to access the DSN memory layer).

Regarding Claim 7, Resch in view of Lahdensivu and Linden discloses the method according to claim 1, also comprising the steps of: 

encrypting each of the file fragments of the file by the user computer system, wherein the hash value is used as a symmetric key for encryption of the file fragments by the user computer system (Resch, ¶[0057], the security parameters may include encryption/decryption scheme, one or more encryption keys, key generation scheme. ¶[0130], processing module determines whether to apply an encryption codec based on determining whether the data segment is already encrypted); 
generating the metadata, wherein the metadata include the calculated hash value of the total file and hash values of the file fragments, by the user computer system (Resch, ¶[0079], the gateway module uses the user information to assign a source name to the data. For instance, the gateway module determines the source name of the data object based on the vault identifier and the data object. The source name may contain a file identifier (ID), a vault generation number, a reserved field, and a vault identifier (ID). The gateway module may 
encrypting the generated metadata, which include the symmetric key, or at least the symmetric key, by a public key, which is assigned to the user computer system of a user or a further user computer system of a further user authorised to access the file, wherein a private key together with the public key forms an asymmetric cryptographic key pair, wherein the public key in the file management server is linked to a user profile of the user assigned to the public key (Resch, ¶[0079], the gateway module uses the user information to assign a source name to the data. For instance, the gateway module determines the source name of the data object based on the vault identifier and the data object. The source name may contain a file identifier (ID), a vault generation number, a reserved field, and a vault identifier (ID). The gateway module may generate the file ID based on a hash function of the data object. ¶[0057], the security parameters may include encryption/decryption scheme, one or more encryption keys, key generation scheme. ¶[0130], processing module determines whether to apply an encryption codec based on determining whether the data segment is already encrypted. ¶[0112], the processing module generates an encrypted hash of the permissions and 
wherein the file fragments are stored in encrypted form in the storage media of the identified memory services (Lahdensivu, ¶[0009], encrypted data can be used for the error correction data calculation. Encrypting the data ensures that the service provider has no access to the user’s data. The error correction data is calculated in the same way as for the unencrypted data and the result of the recovery is the same encrypted data that was used for the error correction calculation. Resch, ¶[0077], the gateway module authenticates the user associated with the data object by verifying the user ID with the managing unit. ¶[0078], when the user is authenticated, the gateway module obtains user information from the management unit, the user device and/or other authenticating unit. The user information includes a vault identifier, operational parameters and user attributes. A vault identifier identifies a vault which is a virtual memory space that maps to a set of DS storage units. The operational parameters may include an error coding algorithm, the width, a read threshold, a write threshold, an encryption algorithm, a slicing parameter, a compression algorithm, an integrity check or other parameters that may be used to access the DSN memory layer).

Regarding claim 9, Resch in view of Lahdensivu and Linden discloses the method according to claim 1, also comprising the steps of: 

upon receipt of the authorisation enquiry of the user computer system for storage of the file fragments, checking, by the file management server, whether the user to whom the user computer system is assigned has access rights in order to store the file by means of the identified memory services (Resch, ¶[0077], the gateway module authenticates the user associated with the data object by verifying the user ID with the managing unit. ¶[0078], when the user is authenticated, the gateway module obtains user information from the management unit, the user device and/or other authenticating unit. The user information includes a vault identifier, operational parameters and user attributes. A 
wherein the file management server requests the authorisation token only following successful authentication and only if the user has the access rights (Resch, ¶[0077], the gateway module authenticates the user associated with the data object by verifying the user ID with the managing unit. ¶[0078], when the user is authenticated, the gateway module obtains user information from the management unit, the user device and/or other authenticating unit. The user information includes a vault identifier, operational parameters and user attributes. A vault identifier identifies a vault which is a virtual memory space that maps to a set of DS storage units. The operational parameters may include an error coding algorithm, the width, a read threshold, a write threshold, an encryption algorithm, a slicing parameter, a compression algorithm, an integrity check or other parameters that may be used to access the DSN memory layer).

Regarding claim 10, Resch in view of Lahdensivu and Linden discloses the method according to claim 1: 


Regarding Claim 11, Resch in view of Lahdensivu and Linden discloses the method according to claim 1, wherein a signing key is managed by the file management server in a form stored in a protected manner, said method also comprising the steps of: 
providing a signature validation key to each of the memory services, wherein the signature validation key is designed to validate the signatures generated by the signing key (Resch, Fig-8A, ¶[0108], a processing module generates and sends an authentication token request message that includes a credential. The credential includes one or more 
signing of the authorisation tokens received from each of the identified memory services with the signing key by the file management server, wherein the authorisation tokens are forwarded in signed form to the user computer system (Resch, Fig-8A, ¶[0108], a processing module generates and sends an authentication token request message that includes a credential. The credential includes one or more of a user device identifier, a password, a hash of the password and a signature. The processing module of a user device sends the request to an authentication authority. The authentication authority receives the authentication token request message and generates an authentication token response message that includes permission, a time stamp associated with the permission and a signature), 
wherein each of the signed authorisation tokens enables a receiver of this signed authorisation token to access a storage space on the storage medium of the corresponding memory service identified by the authorisation token only when the memory service in question identifies the signature as being valid (Resch, Fig-8A, ¶[0108], a processing 

Regarding Claim 12, Resch in view of Lahdensivu and Linden discloses the method according to claim 1, also comprising the steps of: 
receiving an access enquiry of a further user computer system for access to the file stored in a distributed manner, wherein the access enquiry is received by the file management server (Resch, Fig-8A, ¶[0108], a processing module generates and sends an authentication token request message that includes a credential. The credential includes one or more of a user device identifier, a password, a hash of the password and a signature. The processing module of a user device sends the request to an authentication authority. The authentication authority receives the authentication token request message and generates an authentication token response message that includes permission, a time stamp associated with the permission and a signature); 

checking, by the file management server, whether a further user, to whom the further user computer system is assigned, has access rights for the type of requested access to the file (Resch, Fig-8A, ¶[0108], a processing module generates and sends an authentication token request message that includes a credential. The credential includes one or more of a user device identifier, a password, a hash of the password and a signature. The processing module of a user device sends the request to an authentication authority. The authentication authority receives the authentication token request message and generates an authentication token response message that includes permission, a time stamp associated with the permission and a signature); 

following successful authentication and if the further user has access rights for the file, requesting a further authorisation token by the file management server form each of the identified memory services and forwarding the further authorisation tokens obtained in response to this request to the further user computer system by the file management server, wherein the further authorisation tokens allow the further user computer system to have the requested access to the file fragments stored by the memory services in direct form (Resch, Fig-8A, ¶[0108], a processing module generates and sends an authentication token request message that includes a credential. The credential includes one or more of a user device identifier, a password, a hash of the password and a signature. The processing module of a user device sends the request to an authentication authority. The authentication authority receives the 

Regarding Claim 14, Resch in view of Lahdensivu and Linden discloses the method according to claim 12, 
wherein the configuration of the user contains a specification of a type of computer which is alone authorised to access data that the user has stored in the storage media of the identified services (Resch, Fig-8A, ¶[0108], a processing module generates and sends an authentication token request message that includes a credential. The credential includes one or more of a user device identifier, a password, a hash of the password and a signature. The processing module of a user device sends the request to an authentication authority. The authentication authority receives the authentication token request message and generates an authentication token response message that includes permission, a time stamp associated with the permission and a signature); and 
wherein the request of the further authorisation token is only sent from the file management server to the identified memory services if the further user computer system, from which the further user has sent the access enquiry to the file management server, meets said specification of the sole authorised computer type (Resch, Fig-8A, ¶[0108], a 

Regarding Claim 15, Resch in view of Lahdensivu and Linden discloses the method according to claim 12, further comprising the steps of: 
managing a user profile of the further user by the file management server, wherein the user profile contains a public key, which together with a private decryption key forms an asymmetric cryptographic key pair, wherein the private decryption key is stored in a protected manner in the further user computer system and serves to decrypt the metadata of the file or to decrypt parts of the metadata (Resch, ¶[0057], the security parameters may include encryption/decryption scheme, one or more encryption keys, key generation scheme. ¶[0130], processing module determines whether to apply an encryption codec based on determining whether the data segment is already encrypted); and 
if the user has authenticated himself successfully to the file management server and if the further user has the access rights for the 

Regarding Claim 16, Resch discloses a non-transitory computer-readable storage medium with computer-readable instructions which, with execution by a processor, configure the processor to: 
automatically generate a distribution schedule, which contains instructions for generating file fragments of the file by means of an error correction method and identifiers of a number of memory services, in a the non-volatile storage medium media of which the generated file fragments are to be stored, by a file management server or by a user computer system (Resch, Fig-1, ¶[0052], the DSN memory includes a plurality of distributed storage units for storing data. Each of the DS units includes a processing module and memory and may be located at a geographically different site than the other DS unit. ¶[0079], the source name may contain a file identifier, a vault generation number, a reserved field and a vault identifier. ¶[0080]- ¶[0083], s series of data segment is created in accordance with a data storage protocol. The grid module receives the data segments and manipulates each of the data segments before performing an error coding function. After manipulating a data segment, the grid module error encodes (Reed-Solomon, Convolution encoding, Trellis encoding etc) the manipulated data segment into error coded data slices); 
perform the error correction method specified in the distribution schedule for generation of the file fragments from the file by the user computer system, wherein at least one of the file fragments contains 
send an authorisation enquiry of the user computer system for storing the file fragments in the memory services identified in the distribution schedule to the file management server via a network (Resch, ¶[0077], the gateway module authenticates the user associated with the data object by verifying the user ID with the managing unit. ¶[0078], when the user is authenticated, the gateway module obtains user information from the management unit, the user device and/or other authenticating unit. The user information includes a vault identifier, operational parameters and user attributes. A vault identifier identifies a vault which is a virtual memory space that maps to a set of DS storage units. The operational parameters may include an error coding algorithm, 
in response to receipt of the authorisation enquiry, request an authorisation token by the file management server from each of the memory services identified in the distribution schedule and forwarding the authorisation tokens obtained in response to the request to the user computer system by the file management server (Resch, Fig-8A, ¶[0108], a processing module generates and sends an authentication token request message that includes a credential. The credential includes one or more of a user device identifier, a password, a hash of the password and a signature. The processing module of a user device sends the request to an authentication authority. The authentication authority receives the authentication token request message and generates an authentication token response message that includes permission, a time stamp associated with the permission and a signature), 
store the generated file fragments via the network in the storage media of the identified memory devices by means of authorisation verification by the authorisation tokens, with the user computer system bypassing the file management server (Resch, ¶[0109], the processing module determines that the authentication token is applicable to the request when the request is a write request and a permission allows the 
wherein metadata, which allow the reconstruction of the file from the stored file fragments, are stored in the user computer system and/or the file management server (Resch, ¶[0056], DS managing unit determines a number of slices and a read threshold value  which is minimum number of slices required to reconstruct the data segment ¶[0082]- ¶[0083], the number of pillars are chosen as a parameter of error coding dispersal storage. The read threshold corresponds to the minimum number of error free error coded data slices required to reconstruct the data segment).
Resch does not appear to disclose the following limitation that Lahdensivu teaches:
metadata are protected against access by the memory services (Lahdensivu, ¶[0009], encrypted data can be used for the error correction data calculation. Encrypting the data ensures that the service provider has no access to the user’s data. The error correction data is calculated in the same way as for the unencrypted data and the result of the recovery is the same encrypted data that was used for the error correction calculation).

Resch in view of Lahdensivu do not appear to disclose the following limitation that Linden teaches:
wherein the authorisation tokens are formed as URLs, which each enable direct write or direct read access to a storage space on the storage medium of one of the memory services identified by the URL (Linden, col 3, line 30-40, the method involves generating a unique, private URL that corresponds to a private resource and conveying the URL to the corresponding user or group of users that are to have remote access to the resource. Application code running on the server is used to validate the URLs and to thereby restrict access to the private resources. Col 4, line 10-15, when a user attempts to access a resource which is referenced by a URL of the appropriate format, a token validation program is invoked to validate the token. Fig-3A, 3B, col 8, line 50-65).
Resch in view of Lahdensivu and further in view of Linden are analogous art because they are from the “same field of endeavor” and are from the same 

Regarding Claim 17, Resch discloses a user computer system comprising a processor, a network interface for operatively coupling the user computer system to a multiplicity of memory services and to a file management server via a network, wherein the user computer system comprises a memory medium with a client application that can be executed by the processor, wherein the client application is configured to execute the following method for storing a file: 
using a distribution schedule, which contains instructions for generating file fragments of the file by means of an error correction method and identifiers of a number of memory services in the non-volatile storage media of which the generated file fragments are to be stored, wherein the file management server does not provide a memory service (Resch, Fig-1, ¶[0052], the DSN memory includes a plurality of distributed 
performing the error correction method specified in the distribution schedule for generating the file fragments of the file, wherein at least one of the file fragments includes error correction bits (Resch, ¶[0080]- ¶[0083], s series of data segment is created in accordance with a data storage protocol. The grid module receives the data segments and manipulates each of the data segments before performing an error coding function. After manipulating a data segment, the grid module error encodes (Reed-Solomon, Convolution encoding, Trellis encoding etc) the manipulated data segment into error coded data slices. ¶[0096], encoded data segment includes thirty-two bits, but may include more or less bits. Each EC data slice does not include consecutive bits of data segment reducing the impact of consecutive bit failures on data recovery.  Also 
sending an authorisation enquiry of the user computer system for storing the file fragments in the memory services identified in the distribution schedule to the file management server via the network (Resch, ¶[0077], the gateway module authenticates the user associated with the data object by verifying the user ID with the managing unit. ¶[0078], when the user is authenticated, the gateway module obtains user information from the management unit, the user device and/or other authenticating unit. The user information includes a vault identifier, operational parameters and user attributes. A vault identifier identifies a vault which is a virtual memory space that maps to a set of DS storage units. The operational parameters may include an error coding algorithm, the width, a read threshold, a write threshold, an encryption algorithm, a slicing parameter, a compression algorithm, an integrity check or other parameters that may be used to access the DSN memory layer); 
in response to the sending of the authorisation enquiry, receiving authorisation tokens from the file management server for each of the memory services identified in the distribution schedule (Resch, Fig-8A, ¶[0108], a processing module generates and sends an authentication token request message that includes a credential. The credential includes one or more of a user device identifier, a password, a hash of the password and a signature. The processing module of a user device sends 
storing the generated file fragments via the network in the storage media of the identified memory services by means of authorisation verification by the authorisation tokens, with the user computer system bypassing the file management server (Resch, ¶[0109], the processing module determines that the authentication token is applicable to the request when the request is a write request and a permission allows the processing module to perform an associated write sequence. Also ¶[0058], the DS managing unit tracks  the amount of data stored or retrieved by a user device which can be used to generate a per data amount bill),
wherein metadata, which allow the reconstruction of the file from the stored file fragments, are protected against access by the memory services (Resch, ¶[0056], DS managing unit determines a number of slices and a read threshold value  which is minimum number of slices required to reconstruct the data segment ¶[0082]- ¶[0083], the number of pillars are chosen as a parameter of error coding dispersal storage. The read threshold corresponds to the minimum number of error free error coded data slices required to reconstruct the data segment).

metadata are protected against access by the memory services (Lahdensivu, ¶[0009], encrypted data can be used for the error correction data calculation. Encrypting the data ensures that the service provider has no access to the user’s data. The error correction data is calculated in the same way as for the unencrypted data and the result of the recovery is the same encrypted data that was used for the error correction calculation).
Resch in view of Lahdensivu are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “protecting privacy of sensitive information”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Resch in view of Lahdensivu to include the idea of generating data distribution model and setting up parameters that minimizes the error function to predict the data that is entered by a user. The modification will prevent the user to enter any false data. 
Resch in view of Lahdensivu do not appear to disclose the following limitation that Linden teaches:
wherein the authorisation tokens are formed as URLs, which each enable direct write or direct read access to a storage space on the storage medium of one of the memory services identified by the URL (Linden, col 3, line 30-40, the method involves generating a unique, 
Resch in view of Lahdensivu and further in view of Linden are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “protecting privacy of sensitive information”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Resch in view of Lahdensivu and Linden to include the idea of enabling users of a web site or other information system to efficiently and securely access private web pages and other types of restricted resources. The modification (using private URLs) will allow authorized users to access the private resources without the need to enter a username, password or other authentication information and without the need to download special authentication software.

Regarding Claim 18, Resch in view of Lahdensivu discloses a file management server comprising a processor, a network interface for operatively coupling the file management server to at least one user computer system and to a multiplicity of memory services via a network, 
receiving an authorisation enquiry of the user computer system to store file fragments of a file via the network in a plurality of the memory services, wherein the file management server does not provide a memory service (Resch, Fig-1, ¶[0052], the DSN memory includes a plurality of distributed storage units for storing data. Each of the DS units includes a processing module and memory and may be located at a geographically different site than the other DS unit. ¶[0079], the source name may contain a file identifier, a vault generation number, a reserved field and a vault identifier. ¶[0080]- ¶[0083], s series of data segment is created in accordance with a data storage protocol. The grid module receives the data segments and manipulates each of the data segments before performing an error coding function. After manipulating a data segment, the grid module error encodes (Reed-Solomon, Convolution encoding, Trellis encoding etc) the manipulated data segment into error coded data slices); and
in response to the receipt of the authorisation enquiry, requesting an authorisation token from each of the plurality of memory services and forwarding the authorisation tokens obtained in response to the request to the user computer system (Resch, Fig-8A, ¶[0108], a processing 
wherein metadata, which allow the reconstruction of the file from the stored file fragments (Resch, ¶[0056], DS managing unit determines a number of slices and a read threshold value  which is minimum number of slices required to reconstruct the data segment ¶[0082]- ¶[0083], the number of pillars are chosen as a parameter of error coding dispersal storage. The read threshold corresponds to the minimum number of error free error coded data slices required to reconstruct the data segment). 
Resch does not appear to disclose the following limitation that Lahdensivu teaches:
metadata are protected against access by the memory services (Lahdensivu, ¶[0009], encrypted data can be used for the error correction data calculation. Encrypting the data ensures that the service provider has no access to the user’s data. The error correction data is calculated in the same way as for the unencrypted data and the result of the 
Resch in view of Lahdensivu are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “protecting privacy of sensitive information”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Resch in view of Lahdensivu to include the idea of generating data distribution model and setting up parameters that minimizes the error function to predict the data that is entered by a user. The modification will prevent the user to enter any false data.
Resch in view of Lahdensivu do not appear to disclose the following limitation that Linden teaches:
wherein the authorisation tokens are formed as URLs, which each enable direct write or direct read access to a storage space on the storage medium of one of the memory services identified by the URL (Linden, col 3, line 30-40, the method involves generating a unique, private URL that corresponds to a private resource and conveying the URL to the corresponding user or group of users that are to have remote access to the resource. Application code running on the server is used to validate the URLs and to thereby restrict access to the private resources. Col 4, line 10-15, when a user attempts to access a resource which is 
Resch in view of Lahdensivu and further in view of Linden are analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “protecting privacy of sensitive information”. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the invention to modify the invention of Resch in view of Lahdensivu and Linden to include the idea of enabling users of a web site or other information system to efficiently and securely access private web pages and other types of restricted resources. The modification (using private URLs) will allow authorized users to access the private resources without the need to enter a username, password or other authentication information and without the need to download special authentication software.

Regarding claim 19, Resch in view of Linden discloses the method according to claim 1, wherein the authorisation tokens formed as URLs are authorization URLs, and wherein the method further comprises automatically invalidating an authorization URL after a predetermined period of time has elapsed (Linden, col 2, line 15-30, the server application may be configured to invalidate the tokens (and thus the private URLs) after a single use or after a predetermined period of time).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-Form 892).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F, 8 am to 5 pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 

/WASIKA NIPA/           Primary Examiner, Art Unit 2433