DETAILED ACTION
Response to Amendment

1. This written action is responding to the amendment dated on 05/07/2021.
2. The present application, filed on or after March 16, 2013, is being examined under 
    the first inventor to file provisions of the AIA .  
3. Objection to 3, 7 and 20 is withdrawn.
4. The 112(b) rejection to claims 2-20 is withdrawn, and 112(b) rejection is issued to 
     claim 5.
5. Claims 1-11, and 13-20 are amended.
6. Claims 1-120 are submitted for examination.
7. Claims 1-20 are examined and rejected.
8. The Examiner would like to point out that this action is made final (See MPEP 
    706.07a).
9.
Applicant’s Argument:
On pages 13-14 of the Remarks/Arguments, Applicant argues 
1. Bala does not describe a cloud computing instant of a storage controller application with a separate cloud-based storage system.

2. Bala does not describe that one encryption key is associated with the data, while the other encryption key is associated with the cloud-based storage system.

Response to Argument: 
In response to argument No. 1, pplicant's arguments regarding the prior art rejections of the amended claims are moot in view of the new ground of rejection under Seago. See rejections below.

In response to argument No. 2, Examiner respectfully disagrees with the applicant’s arguments because Bala substantially teaches a client to get a first security key from a security manager, encrypts a file, and sends the encrypted file along with the security key ID to a storage system to be backed up (col.8, lin.30-47, and fig. 4A), wherein the storage system such as a cloud storage (col. 5, lin. 64-col. 6, lin. 1-14), and wherein the first encryption key is a stream specific (i.e. encryption key is associated with the data) (col. 6, lin. 40), and further Bala teaches re-encrypting  deduplicted data segments with a second key, and storing the re-encrypted data segments on a storage system such as a cloud storage (col. 5, lin. 64-col. 6, lin. 1-14), (col. 9, lin. 9-26), wherein the second security key is not exposed to any client (i.e. the second security key is associated only with the storage system such as the cloud storage) (col. 6, lin. 38-46)

10.
Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 
1.
Claim 5 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. The language of the following limitation “send the third encrypted data” in claim 5 is confusing and unclear, for example: it is unclear whether the third encrypted data will be sent to the requester in response to the second request or to another entity for further processing. Examiner suggest amending the claim similar to claim 14 and 19 such as sending the third encrypted data in response to the second request.

11.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
s 1-20 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,387,661 in view of Bala and Seago (as mentioned below), wherein the claims of the patent No. 10,387,661 do not recite a cloud computing instance executing a storage controller application, the storage controller application configured to perform a plurality of functions, however Bala substantially teaches implementing a storage system such as a cloud storage (col. 5, lin. 64-col. 6, lin. 1-14), and Seago teaches a cloud controller performs a plurality of functions, wherein the cloud controller is maintained by a cloud provider system [0016-0017], and fig. 1 

12.
Claim Rejections - 35 USC § 103
 In the event the determination of the status of the application as subject to AIA  35   U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



Claims 1-3, 5-10, and 12-20 are rejected under 35 U.S.C. 102(a)(1) as being unpatentable over Balasubramanianet al. US 9,225,691 (hereinafter Bala), and further in view of Seago et al. US 2015/0058460 (hereinafter Seago)
Regarding claim 1 Bala teaches a cloud-based storage system comprising a storage array comprising one or more storage devices (Bala teaches storage system may include a plurality of volumes of redundant array of inexpensive disks (col. 4, lin. 18-38), and fig. 1, wherein the storage system such as a cloud storage (col. 5, lin. 64-col. 6, lin. 1-14));  
receive a first request to write first encrypted data to a logical volume resident on the cloud-based storage system, wherein the first encrypted data comprises a first data encrypted by a first encryption key associated with a property of the data (Bala teaches a client to get a first security key from a security manager, encrypts a file, and sends the encrypted file along with the security key ID to a storage system to be backed up (col.8, lin.30-47, and fig. 4A), wherein the storage system such as a cloud storage (col. 5, lin. 64-col. 6, lin. 1-14), and wherein the first encryption key is a stream specific (col. 6, lin. 40)); 
decrypt the first encrypted data using a first decryption key to generate first decrypted data; perform at least one of a data deduplication operation or a data compression operation on the first decrypted data to generate first reduced data (Bala teaches after receiving the encrypted file by the storage system, the storage system decrypts the encrypted file with a decryption key, and deduplicates the decrypted file (col. 9, lin. 9-26); 2P3117US02 
 wherein the second encryption key is associated with at least one property of the cloud-based storage system; and store the second encrypted data on the cloud-based storage system (Bala teaches re-encrypts the deduplicted data segments with a second key, and stores the re-encrypted data segments on a storage system such as a cloud storage (col. 5, lin. 64-col. 6, lin. 1-14), (col. 9, lin. 9-26), wherein the second security key is not exposed to any client (i.e. the second security key is associated only with the storage system) (col. 6, lin. 38-46)). Bala does not teach a cloud computing instance executing a storage controller application, the storage controller application configured to perform a plurality of functions. Seago substantially teaches a cloud controller performs a plurality of functions, wherein the cloud controller is maintained by a cloud provider system [0016-0017], and fig. 1.
It would have been obvious to one of ordinary skill in the art at the time the invention was made to modify the invention of Bala such that the cloud includes a controller application to perform a plurality of functions. This combination would have been obvious because it uses a known technique (using a cloud controller on a cloud system to perform a plurality of functions) to a known method ready for improvement (Bala’s using a storage system such as a cloud storage to store secure information) to yield predictable results (using a storage system such as a cloud storage with a controller application to store secure information and perform a plurality of functions). See MPEP 2143(D).
In response to Claim 2: Rejected for the same reason as claim 7


Regarding claim 5 Bala teaches the system of claim 1, wherein the storage controller application is further configured to: receive a second request to read the second encrypted data from a logical volume on the cloud-based storage system; retrieve the second encrypted data from the logical volume on the cloud-based storage system; decrypt the second encrypted data using a second decryption key to generate 

In response to Claim 6: Rejected for the same reason as claim 1
Regarding claim 7 Bala teaches the method of claim 6, further comprising: determining a first decryption key to decrypt the first encrypted data (Bala teaches a client to get a first security key from a security manager, encrypts a file, and sends the encrypted file along with a security key ID to a storage system to be backed up, wherein the storage system uses the security key ID to request a decryption key (col.8, lin.30-47, and fig. 4A). 
 


In response to Claim 9: Rejected for the same reason as claim 3
In response to Claim 10: Rejected for the same reason as claim 18
In response to Claim 12: Rejected for the same reason as claim 1
In response to Claim 13: Rejected for the same reason as claim 1
In response to Claim 14: Rejected for the same reason as claim 5
In response to Claim 15: Rejected for the same reason as claim 5
In response to Claim 16: Rejected for the same reason as claim 1
In response to Claim 17: Rejected for the same reason as claim 7

Regarding claim 18 Bala teaches the non-transitory computer readable storage medium of claim 17, wherein the storage controller application is further configured to: identify a plurality of security identifiers associated with at least one property of the first data; access a policy definition mapping associated with the first data; select a first security identifier of the plurality of security identifiers based on the policy definition mapping; and determine the first decryption key using the first security identifier by accessing at least one of a mapping table or a key management service (Bala teaches a client to get a security key from a security manager, use it to encrypt a file, and send the encrypted file along with the first security key ID, and a particular seed (i.e. the particular seed is another security identifier) to a storage system to be backed up. The storage system sends a request to a security manager to get the first security key to decrypt the encrypted file, wherein the request may include the first security key ID, wherein the security manager uses the first security key ID to identify the security key that was used by the client to encrypt the file (col. 8, lin.30-67, fig. 4A), wherein for each encrypted file, security information includes an entry that maps a key ID and a seed to the encrypted incoming file (col. 7, lin. 16-27), and fig. 2) and wherein the first security key is a stream/client specific (col. 6, lin. 40), and fig. 4A-4B), and further Seago teaches a cloud controller performs a plurality of functions, wherein the cloud controller may be maintained by a cloud provider system [0016-0017], and fig. 1. 

In response to Claim 19: Rejected for the same reason as claim 5
In response to Claim 20: Rejected for the same reason as claim 5


13.
	Claim Rejections - 35 USC § 103
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 4 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Bala as mentioned above, and further in view of Rush et al. US 2007/0094507 (hereinafter Rush).

Regarding claim 4 Bala teaches the system of claim 2. (Bala teaches storage system such as a cloud storage (col. 5, lin. 64-col. 6, lin. 1-14), and further Seago teaches a cloud controller performs a plurality of functions, wherein the cloud controller may be maintained by a cloud provider system [0016-0017], and fig. 1). Bala and Seago do not teach wherein to determine the first decryption key a processor is further configured to: detect a device on an input port associated with the cloud-based storage 
	 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Bala and Seago such that the invention further includes determine the first decryption key, the processing device is to: detect a physical device on an input port associated with the storage array; and receive the first decryption key from the physical device. One would have been motivated to do so to make the system more secure (i.e. retrieving decryption key from a flash drive is more secure than requesting the key via network).

In response to Claim 11: Rejected for the same reason as claim 4








Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ayoub Alata whose telephone number is (313) 446-6541. The examiner can normally be reached on M-F: 8:00am-4:30pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jay Kim can be reached at (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/AYOUB ALATA/Primary Examiner, Art Unit 2494