DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 08/20/2019 and 12/03/2020 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections
Claims 6, 11, and 15 are objected to because of the following informalities:  
Claims 6, 11, and 15 recite the limitation “the one or more other device” in line 5 of claim 6, line 8 of claim 11, and line 13 of claim 15.  The limitation should be “the one or more other devices” for consistency. Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 18 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 18 recites the limitation "the encrypted key" in lines 5 and 7.  There is insufficient antecedent basis for this limitation in the claim. Examiner suggests to amend this limitation to “the encrypted data encryption key” to obviate this rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Schmahmann (US 20180062852 A1; hereinafter “Schmahmann”) in view of Lim et al. (US 20180048464 A1; hereinafter “Lim”).
As per claims 1, 8, and 13, Schmahmann discloses a method, cloud-based storage system, and non-transitory computer readable storage medium, the cloud-based storage system comprising:
a memory (Schmahmann, [0130], memory); and 
a processing device operatively coupled to the memory (Schmahmann, [0130], processor), the processing device to: 

determine a document of the plurality of documents that is associated with the first encrypted data (Schmahmann, [0112], collaboration platform adds update operation to an operation sequence for the corresponding document (i.e., determines the document associated with the update operation)), and wherein the first encrypted data represents an edit to a portion of the document (Schmahmann, [0063], wherein the operation content/update includes edits to document content which are encrypted); 
determine a plurality of user accounts of collaborators of the document (Schmahmann, [0110], collaboration platform server is able to see the access control data for the document and is able to determine the user identifiers affiliated with the document (i.e., user accounts of collaborators of the document)), the plurality of user accounts comprise a first user account associated with the first client device (Schmahmann, [0110], the user identifiers affiliated with the document including the user identifier that is requesting the operation update for the document); and 
provide the first encrypted data to one or more other client devices that are each associated with one of the plurality of user accounts, excluding the first user account (Schmahmann, [0115], collaboration platform server transmits the operation update to a second client that has a user identifier affiliated with the document).
Schmahmann does not disclose, however, Lim teaches or suggests: wherein the cloud-based storage system stores a plurality of documents in an encrypted form (Lim, [0299], encrypted documents are stored on a file server or cloud storage); and 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of Schmahmann to include storing only encrypted documents in the cloud storage as taught by Lim for the benefit of protecting the plurality of documents from unauthorized access and use (Lim, [0335]).

As per claim 2, claim 1 is incorporated and the modified Schmahmann discloses: wherein the first encrypted data includes: the edit to the portion of the document encrypted based on a data encryption key (Schmahmann, [0063] and [0045], operation content/update is encrypted with a symmetric key (i.e., data encryption key)).
While the modified Schmahmann teaches encrypting the symmetric data encryption key (Schmahmann, [0045]), the modified Schmahmann does not disclose, however, Lim teaches or suggests: the data encryption key encrypted based on a key encryption key, wherein the key encryption key is not accessible to the server (Lim, [0111], content encryption key (i.e., data encryption key) is provided to the key management server (i.e., another server) and is encrypted at the key management server (i.e., another server) using a key encryption key that is not accessible to the file server (see Fig. 19)).


As per claim 3, claim 2 is incorporated and the modified Schmahmann does not disclose, however, Lim teaches or suggest: wherein the key encryption key is provided by another server not connected to the server and connected to the first client device and the one or more other client devices (Lim, [0111] and Figs. 19 and 24, the key encryption key is provided by the key management server and is not connected to the file server or cloud storage).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Schmahmann to include having a key management server encrypt the data encryption key using a key encryption key that is not accessible to the file server as taught by Lim for the benefit of protecting the plurality of documents from unauthorized access and use (Lim, [0335]).

As per claims 4 and 10, claims 1 and 8 are incorporated and the modified Schmahmann discloses: configuring a second user account from the plurality of user accounts of collaborators to coordinate with the server for collaborative editing of the (n) that is configured for collaborative editing of the document merges the one or more local change events with the collaborator change events from other users, [0079] and [0092], wherein the operations are combined in chronological order).
While the modified Schmahmann discloses: merging edits from different users (Schmahmann, [0094]-[0097]), Schmahmann does not explicitly disclose generating second encrypted data based on the combined edits. However, in another embodiment, Schmahmann teaches encrypting edits (Schmahmann, [0063]). 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Schmahmann to include encrypting merged edits as suggested by a different embodiment of Schmahmann for the benefit of efficiently protecting the edits from a plurality of users instead of encrypting each edit from each user which would require more processing.

As per claim 5, claim 4 is incorporated and the modified Schmahmann discloses: wherein the determining of the plurality of user accounts of collaborators of the document comprises determining that the first user account corresponds to a user account other than the second user account (Schmahmann, [0061] and [0110], plurality of different user/accounts identified using a user/account identifier, where a first user account is different than a second user account); and 


As per claim 6, claim 4 is incorporated and the modified Schmahmann discloses wherein: the determining of the plurality of user accounts of collaborators of the document comprises determining that the first user account corresponds to the second user account (Schmahmann, [0110], access control data for the document is seen by the collaboration platform and is able to see user accounts that correspond to each other with regard to document access); and 
the providing of the first encrypted data comprises providing the first encrypted data to the one or more other client device that are each associated with one of the plurality of user accounts other than the second user account, wherein the first encrypted data corresponds to the second encrypted data (Schmahmann, [0115], encrypted operation is transmitted to a second client or other client excluding the first client, [0094]-[0097], wherein the encrypted operation comprises encrypted merged edits).

As per claim 7, claim 3 is incorporated and the modified Schmahmann discloses: wherein the first client device is to perform operations comprising: 

encrypting the edit based on the data encryption key (Schmahmann, [0045], “encrypt the data with a symmetric scheme using the generated random symmetric key”); and 
combining the encrypted edit with the encrypted data encryption key to generate the first encrypted data (Schmahmann, [0045], “encrypt the generated random symmetric key with an asymmetric key, and pair the symmetrically encrypted block of data with the asymmetrically encrypted key”).
The modified Schmahmann does not disclose, however, Lim teaches or suggests: providing the data encryption key to the another server (Lim, [0111], content encryption key (i.e., data encryption key) is provided to the key management server (i.e., another server) and is encrypted at the key management server (i.e., another server) using a key encryption key); 
obtaining the encrypted data encryption key based on encryption of the data encryption key using the key encryption key provided by the another server (Lim, [0111], encrypted content encryption key is returned back to the computing device (i.e., first client device) after being encrypted using the key encryption key provided by the key management server ( i.e., another server)).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Schmahmann to include having a key management server encrypt the data encryption key using a key encryption key and return the encrypted data encryption key 

As per claims 9 and 14, claim 8 and 13 are incorporated respectively and the modified Schmahmann discloses: wherein the first encrypted data includes: the edit to the portion of the document encrypted based on a data encryption key (Schmahmann, [0063] and [0045], operation content/update is encrypted with a symmetric key).
While the modified Schmahmann teaches encrypting the symmetric data encryption key (Schmahmann, [0045]), the modified Schmahmann does not disclose, however, Lim teaches or suggests: the data encryption key encrypted based on a key encryption key, wherein the key encryption key is not accessible to the cloud-based storage system (Lim, [0111], content encryption key (i.e., data encryption key) is provided to the key management server (i.e., another server) and is encrypted at the key management server (i.e., another server) using a key encryption key that is not accessible to the file server (see Fig. 19)) and 
wherein the key encryption key is provided by another server not connected to the cloud-based storage system and connected to the first client device and the one or more other client devices (Lim, [0111] and Figs. 19 and 24, the key encryption key is provided by the key management server and is not connected to the file server or cloud storage).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Schmahmann to include having a key management server encrypt the data 

As per claim 11, claim 10 is incorporated and the modified Schmahmann discloses: wherein to provide the first encrypted data, the processing device is to: responsive to determining that the first user account corresponds to a user account other than the second user account, provide the first encrypted data to the second client device that is associated with the second user account, the second client device being one of the one or more other client devices (Schmahmann, [0061] and [0110], plurality of different user/accounts identified using a user/account identifier, where a first user account is different than a second user account, [0115], collaboration platform server transmits the encrypted operation update to a second client that has a user identifier affiliated with the document); and
responsive to determining that the first user account corresponds to the second user account, provide the first encrypted data to the one or more other client device that are each associated with one of the plurality of user accounts other than the second user account, wherein the first encrypted data corresponds to the second encrypted data (Schmahmann, [0110], access control data for the document is seen by the collaboration platform and is able to see user accounts that correspond to each other with regard to document access, [0115], encrypted operation is transmitted to a second client or other client excluding the first client, [0094]-[0097], wherein the encrypted operation comprises encrypted merged edits).

As per claims 12 and 16, claims 9 and 14 are incorporated, respectively, and the modified Schmahmann discloses: wherein the first client device is to perform operations comprising: 
generating the data encryption key (Schmahmann, [0045], “generating a random symmetric key”); 
encrypting the edit based on the data encryption key (Schmahmann, [0045], “encrypt the data with a symmetric scheme using the generated random symmetric key”); and 
combining the encrypted edit with the encrypted data encryption key to generate the first encrypted data (Schmahmann, [0045], “encrypt the generated random symmetric key with an asymmetric key, and pair the symmetrically encrypted block of data with the asymmetrically encrypted key”).
The modified Schmahmann does not disclose, however, Lim teaches or suggests: providing the data encryption key to the another server (Lim, [0111], content encryption key (i.e., data encryption key) is provided to the key management server (i.e., another server) and is encrypted at the key management server (i.e., another server) using a key encryption key); 
obtaining the encrypted data encryption key based on encryption of the data encryption key using the key encryption key provided by the another server (Lim, [0111], encrypted content encryption key is returned back to the computing device (i.e., first client device) after being encrypted using the key encryption key provided by the key management server ( i.e., another server)).


As per claim 15, claim 13 is incorporate and the modified Schmahmann discloses: the processing device is to further: configure a second user account from the plurality of user accounts of collaborators to coordinate with the server for collaborative editing of the document, wherein a second client device associated with the second user account is to combine edits to the document made by the collaborators in a chronological order (Schmahmann, [0094]-[0097], collaborative client 230 of a second client device 120(n) that is configured for collaborative editing of the document merges the one or more local change events with the collaborator change events from other users, [0079] and [0092], wherein the operations are combined in chronological order); 
responsive to determining that the first user account corresponds to a user account other than the second user account, provide the first encrypted data to the second client device that is associated with the second user account, the second client device being one of the one or more other client devices (Schmahmann, [0061] and [0110], plurality of different user/accounts identified using a user/account identifier, where a first user account is different than a second user account, [0115], collaboration 
responsive to determining that the first user account corresponds to the second user account, provide the first encrypted data to the one or more other client device that are each associated with one of the plurality of user accounts other than the second user account, wherein the first encrypted data corresponds to the second encrypted data (Schmahmann, [0110], access control data for the document is seen by the collaboration platform and is able to see user accounts that correspond to each other with regard to document access, [0115], encrypted operation is transmitted to a second client or other client excluding the first client, [0094]-[0097], wherein the encrypted operation comprises encrypted merged edits).
While the modified Schmahmann discloses: merging edits from different users (Schmahmann, [0094]-[0097]), the modified Schmahmann does not explicitly disclose generating second encrypted data based on the combined edits. However, in another embodiment, Schmahmann teaches encrypting edits (Schmahmann, [0063]). 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Schmahmann to include encrypting merged edits as suggested by a different embodiment of Schmahmann for the benefit of efficiently protecting the edits from a plurality of users instead of encrypting each edit from each user which would require more processing.

As per claim 17, Schmahmann discloses: a method comprising: 

receiving an edit to a portion of the document via the GUI (Schmahmann, [0058]); 
generating encrypted data representing the edit, wherein the encrypted data includes the edit encrypted based on a data encryption key (Schmahmann, [0061] and [0063], operation content/update, which includes the edits to the document, is encrypted (i.e., first encrypted data), [0063] and [0045], operation content/update is encrypted with a symmetric key (i.e., data encryption key)); and 
providing the encrypted data to the first server of the cloud-based storage system (Schmahmann, [0109], collaboration platform server receives a document content/update operation from a first client, [0063], wherein the operation content/update is encrypted (i.e., first encrypted data)).
While the modified Schmahmann teaches encrypting the symmetric data encryption key (Schmahmann, [0045]), the modified Schmahmann does not disclose, 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of Schmahmann to include having a key management server encrypt the data encryption key using a key encryption key that is not accessible to the file server as taught by Lim for the benefit of protecting the plurality of documents from unauthorized access and use (Lim, [0335]).

As per claim 18, claim 17 is incorporated and the modified Schmahmann discloses: wherein the generating of the encrypted data comprising: 
generating the data encryption key (Schmahmann, [0045], “generating a random symmetric key”); 
encrypting the edit based on the data encryption key (Schmahmann, [0045], “encrypt the data with a symmetric scheme using the generated random symmetric key”); and 
combining the encrypted edit with the encrypted key to generate the encrypted data (Schmahmann, [0045], “encrypt the generated random symmetric key with an asymmetric key, and pair the symmetrically encrypted block of data with the asymmetrically encrypted key”).

obtaining the encrypted key generated based on encryption of the data encryption key using the key encryption key provided by the second server (Lim, [0111], encrypted content encryption key is returned back to the computing device (i.e., first client device) after being encrypted using the key encryption key provided by the key management server ( i.e., another server)).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Schmahmann to include having a key management server encrypt the data encryption key using a key encryption key and return the encrypted data encryption key back to the client device as taught by Lim for the benefit of protecting the plurality of documents from unauthorized access and use (Lim, [0335]).
 
As per claim 19, claim 17 is incorporated and the modified Schmahmann discloses: receiving second encrypted data from the first server of the cloud-based storage system, the second encrypted data representing a second edit to the portion of the document made by a collaborator of the document, wherein the second encrypted data includes the second edit encrypted based on a second data encryption key (Schmahmann, [0096]-[0098], receiving an operation specifying change events (i.e., 
obtaining the second edit from the second encrypted data by decrypting the encrypted second edit using the second data encryption key (Schmahmann, [0096]-[0098], the second data/edit is obtained from decrypting the second encrypted operation using the symmetric key used to encrypt the operation data initially); and 
updating the document provided on the GUI based on the second edit (Schmahmann, [0096]-[0098], the document is updated with all the edits, including the operation change event made by the second collaborator).
The modified Schmahmann does not disclose, however, Lim teaches or suggests: the second data encryption key encrypted based on the key encryption key and decrypting the encrypted second data encryption key using the key encryption key (Lim, [0111], content encryption key (i.e., data encryption key) is provided to the key management server (i.e., another server) and is encrypted at the key management server (i.e., another server) using a key encryption key, [0115], decrypting the encrypted content encryption key using the key encryption key).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Schmahmann to include having a key management server encrypt the data encryption key using a key encryption key and return the encrypted data encryption key 

As per claim 20, claim 19 is incorporated and the modified Schmahmann discloses: receiving third encrypted data from the first server of the cloud-based storage system, the third encrypted data representing a third edit to the portion of the document made by another collaborator of the document (Schmahmann, [0094]-[0097], collaborative client 230 of a second client device 120(n) that is configured for collaborative editing of the document merges the one or more local change events with the collaborator change events from other users, [0079] and [0092], wherein the operations are combined in chronological order); 
generating fourth encrypted data based on a combination of the second edit and the third edit in a chronological order (Schmahmann, [0079] and [0092], wherein the operations are combined in chronological order), wherein the operations are combined in chronological order); and 
providing the fourth encrypted data to the first server of the cloud-based storage system (Schmahmann, [0060], distributing the encrypted edit by uploading to the collaboration platform).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited for a listing of analogous art.

Douglis et al. (US 10007809 B1) teaches encrypting a post-edit version of the first portion of the document using an encryption key (col. 12 lines 33-38).	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEXANDER R LAPIAN whose telephone number is (571)272-7552.  The examiner can normally be reached on M-F 9:30-6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 


ALEXANDER R. LAPIAN
Examiner
Art Unit 2437



/ALEXANDER R LAPIAN/Examiner, Art Unit 2437   

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437