DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Applicant's response filed 29 April 2021 has been considered and entered. Accordingly, claims 1-20 are pending in this application. Claims 1-2, 4-5, 7-11, 13-16, and 19-20 have been amended; claims 3, 6, 12, and 17-18 are original.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 5 and 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 5 recites the limitation "the tenant key table" in line 3.  
There is insufficient antecedent basis for this limitation in the claim.
Claim 15 recites the limitation "the key management server" in line 3. There is insufficient antecedent basis for this limitation in the claim. 
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 

Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 6, 12-14 and 16-17 of U.S. Patent No. 10,678,754, in view of Perlman (US 9,779,269 B1) and in view of Chandra et al. (US 9,396,341 B1). --See the mapping and obvious statements below:
Claims 1, 10-11 and 19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 6, 14 and 16-17 of U.S. Patent No. 10,678,754 in view of Perlman and further in view of O’Brien. Claims of Colgrove (754) does not disclose “in response to determining that the decrypted data block does match an existing data block: encrypt the existing data block with a shared volume encryption key; encrypt the shared volume encryption key with a first tenant encryption key associated with the first tenant and provide the shared volume encryption key encrypted with the first tenant encryption key to the first tenant; and encrypt the shared volume encryption key with a second tenant encryption key associated with the second tenant and provide the shared volume encryption key encrypted with the second tenant encryption key to the second tenant” and “store, in a tenant key data structure, the  However Perlman discloses the aforementioned limitation (Fig. 2, Col. 10 line 14-17; Fig. 1, Col. 5, line 13-17; Col. 10 line 24-27). Perlman does not explicitly disclose “store, in a tenant key data structure, the shared volume encryption key encrypted with the first tenant encryption key and the shared volume encryption key encrypted with the second tenant encryption key mapped to an identifier of the volume”. However O’Brien discloses the aforementioned limitation (Fig. 2, Col. 6 line 34-46; Col. 8 line 17-22). Colgrove, Perlman and O’Brien are analogous art because they both pertain to data deduplication for multi-tenant storage with data encryption and decryption process; therefore it would have been obvious to have data encryption and decryption process for securing each tenant data.
Claim 2 is rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 6 and 17 of U.S. Patent No. 10,678,754. 
Claims 3 and 12 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 6 and 16-17 of U.S. Patent No. 10,678,754.
Claims 4 and 13 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 6, 14 and 16-17 of U.S. Patent No. 10,678,754.
Claims 7 and 16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 6, 14 and 17 of U.S. Patent No. 10,678,754 in view of Perlman. Claims of Colgrove (754) does not disclose “determine that the shared volume encryption key does not already exist; and generate the shared volume encryption key”. However Perlman discloses the aforementioned limitation (Col. 7 line .
Claims 8 and 17 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 6, 14 and 17 of U.S. Patent No. 10,678,754 in view of Perlman. Claims of Colgrove (754) does not disclose “wherein in response to determining that the first hash value does not match the second hash value, or that the decrypted data block does not match the existing data block, the processing device is further to: encrypt the data block with a non-shared volume key; encrypt the non-shared volume key with the first tenant key; and provide the encrypted non-shared volume key to the first tenant”. However Perlman discloses the aforementioned limitation (Col. 10 line 60-66; Col. 2 line 23-27; Col. 3 line 52-54). Colgrove and Perlman are analogous art because they both pertain to data deduplication for multi-tenant storage with data encryption and decryption process; therefore it would have been obvious to have data encryption and decryption process for securing each tenant data.
Claims 9, 18 and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 6, 14 and 17 of U.S. Patent No. 10,678,754 in view of Perlman. Claims of Colgrove (754) does not disclose “wherein in response to determining that the first hash value does not match the second hash value, or that the decrypted data block does not match the existing data block, the processing device is further to: encrypt the data block with a non-shared volume key; encrypt the non-shared volume key with the first tenant key; and provide the encrypted non-shared volume key .
Claims 5 and 14 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 6, 12-13 and 16-17 of U.S. Patent No. 10,678,754.
Claims 6 and 15 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 6, 14 and 17 of U.S. Patent No. 10,678,754 in view of Perlman and Chandra. Claims of Colgrove (754) does not disclose “wherein in response to determining that the first hash value does not match the second hash value, or that the decrypted data block does not match the existing data block, the processing device is further to: encrypt the data block with a non-shared volume key; encrypt the non-shared volume key with the first tenant key; and provide the encrypted non-shared volume key to the first tenant”. However Chandra discloses the aforementioned limitation (Fig. 8, Col. 6 line 59-62; ). Colgrove, Perlman and Chandra are analogous art because they all pertain to data deduplication for multi-tenant storage with data encryption and decryption process; therefore it would have been obvious to have data encryption and decryption process for securing each tenant data.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


 8.	Claims 1, 3-4, 7-13 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Perlman (Previously applied) (US 9,779,269 B1), in view of O’Brien et al. (US 10,013,364 B1), hereinafter O’Brien. 
As to claim 1, Perlman discloses a system comprising a multi-tenant storage array comprising one or more storage devices (Fig. 1, Col. 3, line 38-40, The storage array 102, i.e. a multi-tenant storage array, includes stored encrypted data items 110 of multiple tenants, as well as associated metadata 112 for the stored encrypted data items 110); and 
a storage controller operatively coupled to the multi-tenant storage array, the storage controller comprising a processing device, the processing device to (Col. 3 line 12-17, The storage system 100 comprises a storage array 102 coupled to a cryptographic module 104. Also coupled to the storage array 102, i.e. multi-tenant :  
receive a request to write a data block to a volume resident on the multi-tenant storage array, wherein the request is associated with a first tenant of the multi-tenant storage array (Col. 5 line 13-17, “The portion of the metadata 112 for a given one of the data items includes multiple instances of the corresponding data encryption key encrypted using respective ones of multiple tenants that have requested storage of that data item”. Col. 11 line 11-15, “the term "data item" as used herein is intended to be broadly construed so as to encompass, for example, a block, file, object or other grouping of data suitable for storage in the storage system.”. Therefore the data item represents a data block which needs to be stored, i.e. written, to a volume resident on the multi-tenant storage array in response to a first tenant request.); 
determine that a first hash value associated with the data block matches a second hash value associated with the multi-tenant storage array (Col. 10 line 49-56, The deduplication process of FIG. 3 is therefore configured to detect situations in which a received plaintext data item to be stored in the system is the same as an existing encrypted data item already stored in the system by comparing a hash value, i.e. a first hash value, generated from the received plaintext data item to hash values already in the deduplication directory. If there is a match, the received data item need not be separately encrypted and stored. Thus, the hash value which is already stored in the deduplication directory matches with the first hash value represents the second hash value.); 
decrypt the data block to generate a decrypted data block (Col. 10 line 55-56, “If there is a match, the received data item need not be separately encrypted and stored.”. Col. 5 line 58-65, each of the multiple tenants that has requested storage of a given data item can independently access the single copy of the given data item as encrypted for storage by decrypting its corresponding instance of the encrypted data encryption key in the associated metadata 112 using its tenant key and then using the resulting decrypted data encryption key to decrypt the encrypted data item, i.e. decrypt the data block to generate a decrypted data block.); 
determine that the decrypted data block matches an existing data block corresponding to the second hash value, wherein the existing data block is associated with a second tenant of the multi-tenant storage array (Col. 7 line 11-15, the deduplication controller 105 can be configured to determine if a given data item received from a given one of the tenants is a duplicate of an existing encrypted data item, i.e. determine whether the decrypted data block matches any existing data block, previously stored for another one of the tenants, i.e. a second tenant.); 
encrypt the existing data block with a shared volume encryption key (Fig. 2, Col. 10 line 14-17, the metadata of the existing data item, i.e. data block that was determined to be a duplicate of the received data item, i.e. the decrypted data block does match an existing data block, is updated to include a data encryption key encrypted under the appropriate tenant key. When data encryption key DEK1 for data item ID1 which is shared by two or more tenants then the {DEK1}T1 represents a shared volume encryption key. Thus, the existing data item, i.e. data block, is encrypted with a shared volume encryption key.);  
-94-3469US01 P70479 11700US.CP1encrypt the shared volume encryption key with a first tenant encryption key associated with the first tenant (Fig. 1, Col. 5, line 13-17, the portion of the metadata 112 for data item ID1 includes {DEK1} T1, i.e. shared volume encryption key, which denotes DEK1 encrypted under tenant key T1, i.e. first tenant encryption key, of Tenant 1, i.e. a first tenant and {DEK1} T2, i.e. shared volume encryption key, which denotes DEK1 encrypted under tenant key T2 of Tenant 2. Thus, T1 and T2 are respective tenant keys of the multiple tenants denoted Tenant 1 and Tenant 2 that have both requested storage of the same data item ID1 in the storage system 100. When data encryption key DEK1 for data item ID1 which is shared by two or more tenants then the {DEK1}T1 and {DEK1}T2 represents a shared volume encryption key. Col. 3 line 52-54, encrypted data storage is provided to the tenants, i.e. provide the shared volume encryption key encrypted with the first tenant encryption key to the first tenant, as a service of the service provider operating the cloud storage system);  
encrypt the shared volume encryption key with a second tenant encryption key associated with the second tenant (Col. 10 line 24-27, instead of storing another copy of ID1, the metadata for ID1 is updated to include the instance {DEK1} T2 of the data encryption key DEK1 encrypted using tenant key T2, i.e. a second tenant encryption key, of Tenant 2, i.e. a second tenant, where {DEK1}T2 represents the shared volume encryption key. Col. 3 line 52-54, encrypted data storage is provided to the tenants, i.e. provide the shared volume encryption key encrypted with the second tenant encryption key to the second tenant, as a service of the service provider operating the cloud storage system).  
store, in a tenant key data structure, the shared volume encryption key encrypted with the first tenant encryption key and the shared volume encryption key encrypted with the second tenant encryption key mapped to an identifier of the volume.
However in the same field of endeavor, O’Brien discloses store, in a tenant key data structure, the volume encryption key encrypted with the first tenant encryption key and the volume encryption key encrypted with the second tenant encryption key mapped to an identifier of the volume (Fig. 2, Col. 6 line 34-46, “FIG. 2 shows a per tenant encryption key database 100 utilized by the data storage equipment 20 of FIG. 1. The per tenant encryption key database 100 includes entries 102(A), 102(8), 102(C), 102(D), 102(E), ... (collectively entries 102) which contain tenant key information. In particular, each entry 102 includes a tenant identifier field 104 which holds a tenant identifier (or ID) which uniquely identifies a particular tenant 32 (also see FIG. 1), a per tenant key field 106 which holds the per tenant encryption key 60 assigned to that tenant 32, and other fields 108 to hold other information regarding that tenant 32 (e.g., tenant names, key 45 expiration data, LUNs/volumes/file systems/RAID groups/ etc. assigned to that tenant 32, and so on”. Col. 8 line 17-22, “prior to encryption using the per tenant keys, a variety of optimizations can be performed such as data deduplication, data compression, and so on. Furthermore, the data can be doubly encrypted/decrypted using per drive encryption keys in combination with the per tenant encryption keys”. Thus, database 100 represents a tenant key data structure which is used to store the volume encryption key encrypted with the first .  
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Perlman such that the shared volume encryption key of Perlman can be stored with tenant encryption key of individual tenant, for those who shared data between each other, in the database of O’Brien in order to protect individual data. Thus, as combined, rendering obvious “store, in a tenant key data structure, the shared volume encryption key encrypted with the first tenant encryption key and the shared volume encryption key encrypted with the second tenant encryption key mapped to an identifier of the volume” as claimed. One of the ordinary skill in the art would have motivated to make this modification in order to ensure data availability and secure data using per tenant encryption keys as similarly described by Perlman (Col. 4 line 7-15) by providing highly secure storage for data encryption keys and tenant keys in the system as suggested by O’Brien (Col. 3 line 22-33).


a method comprising:  -96-3469US01 P70479 11700US.CP1receiving a request to write a data block to a volume resident on a multi-tenant storage array, wherein the request is associated with a first tenant of the multi-tenant storage array (Col. 5 line 13-17, “The portion of the metadata 112 for a given one of the data items includes multiple instances of the corresponding data encryption key encrypted using respective ones of multiple tenants that have requested storage of that data item”. Col. 11 line 11-15, “the term "data item" as used herein is intended to be broadly construed so as to encompass, for example, a block, file, object or other grouping of data suitable for storage in the storage system.”. Therefore the data item represents a data block which needs to be stored, i.e. written, to a volume resident on the multi-tenant storage array in response to a first tenant request.); 
determining that the data block matches an existing data block on the multi-tenant storage array, wherein the existing data block corresponds to a second tenant (Col. 7 line 11-15, the deduplication controller 105 can be configured to determine if a given data item received from a given one of the tenants is a duplicate of an existing encrypted data item, i.e. determine whether the decrypted data block matches any existing data block, previously stored for another one of the tenants, i.e. a second tenant.); 
encrypting, by a processing device, the existing data block with a shared volume encryption key (Fig. 2, Col. 10 line 14-17, the metadata of the existing data item, i.e. data block that was determined to be a duplicate of the received data item, i.e. the decrypted data block does match an existing data block, is updated to include a data encryption key encrypted under the appropriate tenant key. When data encryption ; 
encrypting, by the processing device, the shared volume encryption key with a first tenant encryption key associated with the first tenant (Fig. 1, Col. 5, line 13-17, the portion of the metadata 112 for data item ID1 includes {DEK1} T1, i.e. shared volume encryption key, which denotes DEK1 encrypted under tenant key T1, i.e. first tenant encryption key, of Tenant 1, i.e. a first tenant and {DEK1} T2, i.e. shared volume encryption key, which denotes DEK1 encrypted under tenant key T2 of Tenant 2. Thus, T1 and T2 are respective tenant keys of the multiple tenants denoted Tenant 1 and Tenant 2 that have both requested storage of the same data item ID1 in the storage system 100. When data encryption key DEK1 for data item ID1 which is shared by two or more tenants then the {DEK1}T1 and {DEK1}T2 represents a shared volume encryption key. Col. 3 line 52-54, encrypted data storage is provided to the tenants, i.e. provide the shared volume encryption key encrypted with the first tenant encryption key to the first tenant, as a service of the service provider operating the cloud storage system); and 
encrypting, by the processing device, the shared volume encryption key with a second tenant encryption key associated with the second tenant (Col. 10 line 24-27, instead of storing another copy of ID1, the metadata for ID1 is updated to include the instance {DEK1} T2 of the data encryption key DEK1 encrypted using tenant key T2, i.e. a second tenant encryption key, of Tenant 2, i.e. a second tenant, where {DEK1}T2 represents the shared volume encryption key. Col. 3 line 52-54, encrypted .  
Perlman does not explicitly discloses storing, in a tenant key data structure, the shared volume encryption key encrypted with the first tenant encryption key and the shared volume encryption key encrypted with the second tenant encryption key mapped to an identifier of the volume.
However in the same field of endeavor, O’Brien discloses storing, in a tenant key data structure, the volume encryption key encrypted with the first tenant encryption key and the volume encryption key encrypted with the second tenant encryption key mapped to an identifier of the volume (Fig. 2, Col. 6 line 34-46, “FIG. 2 shows a per tenant encryption key database 100 utilized by the data storage equipment 20 of FIG. 1. The per tenant encryption key database 100 includes entries 102(A), 102(8), 102(C), 102(D), 102(E), ... (collectively entries 102) which contain tenant key information. In particular, each entry 102 includes a tenant identifier field 104 which holds a tenant identifier (or ID) which uniquely identifies a particular tenant 32 (also see FIG. 1), a per tenant key field 106 which holds the per tenant encryption key 60 assigned to that tenant 32, and other fields 108 to hold other information regarding that tenant 32 (e.g., tenant names, key 45 expiration data, LUNs/volumes/file systems/RAID groups/ etc. assigned to that tenant 32, and so on”. Col. 8 line 17-22, “prior to encryption using the per tenant keys, a variety of optimizations can be performed such as data deduplication, data compression, and so on. Furthermore, the data can be doubly encrypted/decrypted using per drive encryption keys in combination .  
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Perlman such that the shared volume encryption key of Perlman can be stored with tenant encryption key of individual tenant, for those who shared data between each other, in the database of O’Brien in order to protect individual data. Thus, as combined, rendering obvious “storing, in a tenant key data structure, the shared volume encryption key encrypted with the first tenant encryption key and the shared volume encryption key encrypted with the second tenant encryption key mapped to an identifier of the volume” as claimed. One of the ordinary skill in the art would have motivated to make this modification in order to ensure data availability and secure data using per tenant encryption keys as similarly described by Perlman (Col. 4 line 7-15) by providing highly secure storage for data encryption keys and tenant keys in the system as suggested by O’Brien (Col. 3 line 22-33).


a non-transitory computer readable storage medium storing instructions, which when executed, cause a processing device to (Col. 8 line 16-20): receive a request to write a data block to a volume resident on a multi-tenant storage array, wherein the request is associated with a first tenant of the multi-tenant storage array (Col. 5 line 13-17, “The portion of the metadata 112 for a given one of the data items includes multiple instances of the corresponding data encryption key encrypted using respective ones of multiple tenants that have requested storage of that data item”. Col. 11 line 11-15, “the term "data item" as used herein is intended to be broadly construed so as to encompass, for example, a block, file, object or other grouping of data suitable for storage in the storage system.”. Therefore the data item represents a data block which needs to be stored, i.e. written, to a volume resident on the multi-tenant storage array in response to a first tenant request.); 
determine that the data block matches an existing data block on the multi-tenant storage array, wherein the existing data block corresponds to a second tenant (Col. 7 line 11-15, the deduplication controller 105 can be configured to determine if a given data item received from a given one of the tenants is a duplicate of an existing encrypted data item, i.e. determine whether the decrypted data block matches any existing data block, previously stored for another one of the tenants, i.e. a second tenant.); 
encrypt, by the processing device, the existing data block with a shared volume encryption key (Fig. 2, Col. 10 line 14-17, the metadata of the existing data item, i.e. data block that was determined to be a duplicate of the received data item, i.e. the decrypted data block does match an existing data block, is updated to include a ; 
encrypt, by the processing device, the shared volume encryption key with a first tenant encryption key associated with the first tenant and provide the shared volume encryption key encrypted with the first tenant encryption key to the first tenant (Fig. 1, Col. 5, line 13-17, the portion of the metadata 112 for data item ID1 includes {DEK1} T1, i.e. shared volume encryption key, which denotes DEK1 encrypted under tenant key T1, i.e. first tenant encryption key, of Tenant 1, i.e. a first tenant and {DEK1} T2, i.e. shared volume encryption key, which denotes DEK1 encrypted under tenant key T2 of Tenant 2. Thus, T1 and T2 are respective tenant keys of the multiple tenants denoted Tenant 1 and Tenant 2 that have both requested storage of the same data item ID1 in the storage system 100. When data encryption key DEK1 for data item ID1 which is shared by two or more tenants then the {DEK1}T1 and {DEK1}T2 represents a shared volume encryption key. Col. 3 line 52-54, encrypted data storage is provided to the tenants, i.e. provide the shared volume encryption key encrypted with the first tenant encryption key to the first tenant, as a service of the service provider operating the cloud storage system); and  
-99-3469US01 P70479 11700US.CP1encrypt, by the processing device, the shared volume encryption key with a second tenant encryption key associated with the second tenant and provide the shared volume encryption key encrypted with the second tenant encryption key to the second tenant (Col. 10 line 24-27, instead of storing another copy of ID1, the .  
Perlman does not explicitly discloses store, in a tenant key data structure, the shared volume encryption key encrypted with the first tenant encryption key and the shared volume encryption key encrypted with the second tenant encryption key mapped to an identifier of the volume.
However in the same field of endeavor, O’Brien discloses store, in a tenant key data structure, the volume encryption key encrypted with the first tenant encryption key and the volume encryption key encrypted with the second tenant encryption key mapped to an identifier of the volume (Fig. 2, Col. 6 line 34-46, “FIG. 2 shows a per tenant encryption key database 100 utilized by the data storage equipment 20 of FIG. 1. The per tenant encryption key database 100 includes entries 102(A), 102(8), 102(C), 102(D), 102(E), ... (collectively entries 102) which contain tenant key information. In particular, each entry 102 includes a tenant identifier field 104 which holds a tenant identifier (or ID) which uniquely identifies a particular tenant 32 (also see FIG. 1), a per tenant key field 106 which holds the per tenant encryption key 60 assigned to that tenant 32, and other fields 108 to hold other information regarding that tenant 32 (e.g., tenant names, key 45 expiration data, LUNs/volumes/file .  
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Perlman such that the shared volume encryption key of Perlman can be stored with tenant encryption key of individual tenant, for those who shared data between each other, in the database of O’Brien in order to protect individual data. Thus, as combined, rendering obvious “store, in a tenant key data structure, the shared volume encryption key encrypted with the first tenant encryption key and the shared volume encryption key encrypted with the second tenant encryption key mapped to an identifier of the volume” as claimed. One of the ordinary skill in the art would have motivated to make this modification in order to ensure data availability and secure data using per tenant encryption keys as similarly described by Perlman (Col. 4 line 7-15) by providing highly secure storage for data encryption keys and tenant keys in the system as suggested by O’Brien (Col. 3 line 22-33).

wherein to determine whether the data block matches the existing data block on the multi-tenant storage array, the method further comprises: determining that a first hash value associated with the data block matches a second hash value associated with the multi-tenant storage array (Col. 10 line 49-56, The deduplication process of FIG. 3 is therefore configured to detect situations in which a received plaintext data item to be stored in the system is the same as an existing encrypted data item already stored in the system by comparing a hash value, i.e. a first hash value, generated from the received plaintext data item to hash values already in the deduplication directory. If there is a match, the received data item need not be separately encrypted and stored. Thus, the hash value which is already stored in the deduplication directory matches with the first hash value represents the second hash value.); 
decrypting the data block to generate a decrypted data block (Col. 10 line 55-56, “If there is a match, the received data item need not be separately encrypted and stored.”. Col. 5 line 58-65, each of the multiple tenants that has requested storage of a given data item can independently access the single copy of the given data item as encrypted for storage by decrypting its corresponding instance of the encrypted data encryption key in the associated metadata 112 using its tenant key and then using the resulting decrypted data encryption key to decrypt the encrypted data item, i.e. decrypt the data block to generate a decrypted data block.); and  
-97-3469US01 P70479 11700US.CP1determining that the decrypted data block matches the existing data block corresponding to the second hash value (Col. 7 line 11-15, the deduplication .  

As to claims 3 and 12, the claims are rejected for the same reasons as claims 1 and 11 above. In addition, Perlman discloses wherein the data block comprises the first hash value (Col. 9 line 63-67, “a hash value is generated for the received plaintext data item and compared to existing hash values stored in a deduplication directory. The existing hash values are stored for respective existing data items, using respective entries of the deduplication directory.”. Since a hash value is generated for each data item, i.e. data block, thus the data block comprises the first hash value.).

As to claims 4 and 13, the claims are rejected for the same reasons as claims 1 and 11 above. In addition, Perlman discloses wherein to decrypt the data block to generate the decrypted data block, the processing device is further to: retrieve the first tenant encryption key based on a determination that the first tenant owns the data block (Col. 5 line 13-20, the portion of the metadata 112 for data item ID1 includes {DEKl} T1, which denotes DEK1 encrypted under tenant key T1 of Tenant 1, i.e. the first tenant. Col. 7 line 11-20, “the deduplication controller 105 can be configured to determine if a given data item received from a given one of the tenants is a duplicate of an existing encrypted data item previously stored for another one of the tenants. If the received data item is a duplicate of the existing encrypted data item, the deduplication .  

As to claims 7 and 16, the claims are rejected for the same reasons as claims 1 and 10 above. In addition, Perlman discloses the processing device further to: generate the shared volume encryption key based on a determination that the shared volume encryption key does not already exist (Col. 7 line 39-53, “The key generator 120 is utilized to generate data encryption keys for use in encrypting data items for storage in the storage array 102. The key generator 120 can also be used to generate tenant keys that are assigned to respective ones of multiple tenants. The encryption and decryption modules 122 and 124 are utilized to encrypt and decrypt data items in conjunction with storage in and retrieval from the storage array 102. These modules are also used to encrypt and decrypt data encryption keys using tenant keys of respective tenants of the system 100.”. Thus, the key generator 120 is utilized to see whether the shared volume encryption key, exist or not, if not then the key generator 120 generates shared volume encryption key.)


 wherein in response to determining that the first hash value does not match the second hash value, or that the decrypted data block does not match the existing data block, the processing device is further to: encrypt the data block with a non-shared volume key (Col. 10 line 60-66, if the received data item is not a duplicate of any existing data item of the storage system, i.e. the decrypted data block does not match the existing data block, the hash value of the received data item as generated in step 302 is stored in the deduplication directory, using a directory entry created for that data item. Also, the received data item is encrypted using a corresponding data encryption key, i.e. encrypt the data block with a non-shared volume key); and encrypt the non-shared volume key with the first tenant key ((Col. 2 line 23-27, The given data item as stored for a given one of the tenants has associated metadata that includes the particular data encryption key encrypted by the cryptographic module using the tenant key, i.e. the first tenant key, of the given tenant. Col. 11 line 20-26, metadata 112 of FIG. 2, it is assumed that the data item ID1 is first received in the system 100 from Tenant 1 having tenant key T1. Accordingly, the portion of the metadata 112 for data item ID1 is configured to include the instance {DEK1} T1, i.e. non-shared volume key, which is the data encryption key DEK1, used to encrypt data item ID1, encrypted under the tenant key T1, i.e. the first tenant key. When data encryption key DEK1 for data item ID1 which is not shared or exists in any other tenants then the {DEK1} T1 represents non-shared volume key).

 the processing device further to: receive a request from the first tenant to overwrite the data block (Col. 5 line 10-17, The portion of the metadata 112 for a given one of the data items includes multiple instances of the corresponding data encryption key encrypted using respective ones of multiple tenants that have requested storage of that data item, i.e. receive a request from the first tenant. Col. 6 line 7-14, “the tenant can provide an access request to the system 100 that is processed by the cryptographic module 104. The accessibility of a given tenant to a given data item can be revoked in the system 100 by deletion of its corresponding instance of the encrypted data encryption key from the associated metadata 112 of that data item.”. Thus, the system can overwrite the data item by deleting existing data item encryption key from the metadata and store the new data block by using the data encryption key for the appropriate tenant); 
encrypt the data block with a non-shared volume key (Col. 10 line 60-66, if the received data item is not a duplicate of any existing data item of the storage system, i.e. the decrypted data block does not match the existing data block, the hash value of the received data item as generated in step 302 is stored in the deduplication directory, using a directory entry created for that data item. Also, the received data item is encrypted using a corresponding data encryption key, i.e. encrypt the data block with a non-shared volume key); and 
encrypt the non-shared volume key with the second tenant key (Col. 2 line 23-27, The given data item as stored for a given one of the tenants has associated metadata that includes the particular data encryption key, i.e. non-shared volume key, .  

As to claim 17, the claim is rejected for the same reasons as claim 11 above. In addition, Perlman discloses wherein in response to determining that the first hash value does not match the second hash value, or that the decrypted data block does not match the existing data block, the method further comprises: encrypting the data block with a non-shared volume key (Col. 10 line 60-66, if the received data item is not a duplicate of any existing data item of the storage system, i.e. the decrypted data block does not match the existing data block, the hash value of the received data item as generated in step 302 is stored in the deduplication directory, using a directory entry created for that data item. Also, the received data item is encrypted using a corresponding data encryption key, i.e. encrypt the data block with a non-shared volume key); encrypting the non-shared volume key with the first tenant key ((Col. 2 line 23-27, The given data item as stored for a given one of the tenants has associated metadata that includes the particular data encryption key encrypted by the cryptographic module using the tenant key, i.e. the first tenant key, of the given tenant. Col. 11 line 20-26, metadata 112 of FIG. 2, it is assumed that the data item ID1 is first received in the system 100 from Tenant 1 having tenant key T1. Accordingly, the portion of the metadata 112 for data item ID1 is configured to include the instance {DEK1} T1, i.e. non-shared volume key, which is the data encryption key DEK1, used to encrypt data item ID1, encrypted under the tenant key T1, i.e. the first tenant key. When data encryption key DEK1 for data item ID1 which is not shared or exists in any other tenants ; and providing the encrypted non-shared volume key to the first tenant (Col. 3 line 52-54, encrypted data storage is provided to the tenants, i.e. provide the encrypted non-shared volume key to the first tenant, as a service of the service provider operating the cloud storage system).

As to claim 18, the claim is rejected for the same reasons as claim 10 above. In addition, Perlman discloses further comprising: receiving a request from the first tenant to overwrite the data block (Col. 5 line 10-17, The portion of the metadata 112 for a given one of the data items includes multiple instances of the corresponding data encryption key encrypted using respective ones of multiple tenants that have requested storage of that data item, i.e. receive a request from the first tenant. Col. 6 line 7-14, “the tenant can provide an access request to the system 100 that is processed by the cryptographic module 104. The accessibility of a given tenant to a given data item can be revoked in the system 100 by deletion of its corresponding instance of the encrypted data encryption key from the associated metadata 112 of that data item.”. Thus, the system can overwrite the data item by deleting existing data item encryption key from the metadata and store the new data block by using the data encryption key for the appropriate tenant); 
encrypting the data block with a non-shared volume key (Col. 10 line 60-66, if the received data item is not a duplicate of any existing data item of the storage system, i.e. the decrypted data block does not match the existing data block, the hash value of the received data item as generated in step 302 is stored in the deduplication directory, using a directory entry created for that data item. Also, the received data item ; 
encrypting the non-shared volume key with the second tenant key (Col. 2 line 23-27, The given data item as stored for a given one of the tenants has associated metadata that includes the particular data encryption key, i.e. non-shared volume key, encrypted by the cryptographic module using the tenant key, i.e. the second tenant key, of the given tenant.); and 
providing the encrypted non-shared volume key to the second tenant (Col. 3 line 52-54, encrypted data storage is provided to the tenants, i.e. provide the encrypted non-shared volume key to the second tenant, as a service of the service provider operating the cloud storage system.).  




2 is rejected under 35 U.S.C. 103 as being unpatentable over Perlman and O’Brien as applied above, in view of AKIRAV et al. (Previously applied) (US 2016/0004716 A1), hereinafter AKIRAV. 
As to claim 2, the claim is rejected for the same reasons as claim 1 above. Combination of Perlman of O’Brien do not explicitly disclose the processing device further to: generate the first hash value for the data block, wherein the first hash value is based at least in part on the data block and a tenant identifier associated with the first tenant.
However in the same field of endeavor, AKIRAV discloses the processing device further to: generate the first hash value for the data block, wherein the first hash value is based at least in part on the data block (Para. 45, A new hash value is generated based upon incorporating the tenant ID, i.e. tenant identifier. When breaking of the data stream into data segments each data segment, i.e. data block, still receives a hash value, but the hash value is calculated in a way that is also taking into account the tenant ID. The calculation is performed on a concatenation of the 4096 bytes data segment along with the 4 bytes tenant ID to create an artificial "extended" data segment of 4100 bytes (4096 byte plus ( +) 4 byte) size just for the calculation) and a tenant identifier associated with the first tenant (Para. 23, “the method incorporates, as if part of input data, a tenant identification (ID) into a hash value calculation using a single hash based index table for separating data segments in a multi-tenant deduplication system”. Para. 25, “to enhance data security and privacy for preventing an unauthorized user (attack), the present invention uses the tenant ID, i.e. a tenant identifier, (which is encrypted) to eliminate the effect of the aforementioned attack and introduce a level of .
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of AKIRAV into the combined method of Perlman and O’Brien by generating the hash value using the tenant identifier as disclosed by AKIRAV. One of the ordinary skill in the art would have motivated to make this modification in order to separate data segments in a multi-tenant deduplication system as suggested by AKIRAV (Para. 6).

10.	Claims 5-6 and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Perlman and O’Brien as applied above, in view of Chandra et al. (Previously applied) (US 9,396,341 B1), hereinafter Chandra. 
As to claim 5, the claim is rejected for the same reasons as claim 4 above. Combination of Perlman of O’Brien do not explicitly disclose wherein to determine that the first tenant owns the data block, the processing device is to retrieve an identifier of the first tenant from the tenant key table.
However in the same field of endeavor, Chandra discloses wherein to determine that the first tenant owns the data block, the processing device is to retrieve an identifier of the first tenant from the tenant key table (Fig. 8, Col. 8 line 10-16, “A fingerprint entry 1305 may be stored in an index, database or table to track and retrieve a tenant's encrypted rdata. The entry 1305 may include a tenant identifier 1310, a fingerprint 1315, and information 1320 that maps, references, links, points, or .  
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Chandra into the combined method of Perlman and O’Brien by utilizing the table to retrieve the tenant identifier as disclosed by Chandra. One of the ordinary skill in the art would have motivated to make this modification in order to maintain security for the tenant data that privately belongs to each of the multiple tenants as suggested by Chandra (Col. 5, Line 52-55).

As to claim 6, the claim is rejected for the same reasons as claim 4 above. Combination of Perlman of O’Brien do not explicitly disclose wherein to retrieve the first tenant encryption key, the processing device is to retrieve the first tenant encryption key from a key management server.
However in the same field of endeavor, Chandra discloses wherein to retrieve the first tenant encryption key, the processing device is to retrieve the first tenant encryption key from a key management server (Fig. 8, Col. 6 line 59-62, “The SUKs provided by the storage system can be unique 60 for each rdata item or the storage system can have a limited number SUKs which can be reused periodically so that multiple rdata items will be encrypted with the same SUK.”. Col. 8 line 6-15, “Once the rdata has been stored, the storage server 410 can transmit the rdata fingerprint information back to the tenants so that tdata can be retrieved from the storage server .  
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Chandra into the combined method of Perlman and O’Brien by utilizing the table to retrieve the tenant key such as the tenant encryption key as disclosed by Chandra. One of the ordinary skill in the art would have motivated to make this modification in order to maintain security for the tenant data that privately belongs to each of the multiple tenants as suggested by Chandra (Col. 5, Line 52-55).

As to claim 14, the claim is rejected for the same reasons as claim 13 above. Combination of Perlman of O’Brien do not explicitly disclose The method of claim 13, wherein to determine that the first tenant owns the data block, the method further comprises retrieving an identifier of the first tenant from a tenant key table.
However in the same field of endeavor, Chandra discloses wherein to determine that the first tenant owns the data block, the method further comprises retrieving an identifier of the first tenant from a tenant key table (Fig. 8, Col. 8 line 10-16, “A fingerprint entry 1305 may be stored in an index, database .  
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Chandra into the combined method of Perlman and O’Brien by utilizing the table to retrieve the tenant identifier as disclosed by Chandra. One of the ordinary skill in the art would have motivated to make this modification in order to maintain security for the tenant data that privately belongs to each of the multiple tenants as suggested by Chandra (Col. 5, Line 52-55).

As to claim 15, the claim is rejected for the same reasons as claim 13 above. Combination of Perlman of O’Brien do not explicitly disclose The method of claim 13, wherein to retrieve the first tenant encryption key, the method further comprises retrieving the first tenant encryption key from the key management server.
However in the same field of endeavor, Chandra discloses wherein to retrieve the first tenant encryption key, the method further comprises retrieving the first tenant encryption key from the key management server (Fig. 8, Col. 6 line 59-62, “The SUKs provided by the storage system can be unique 60 for each rdata item or the storage system can have a limited number SUKs which can .  
Therefore it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teaching of Chandra into the combined method of Perlman and O’Brien by utilizing the table to retrieve the tenant key such as the tenant encryption key as disclosed by Chandra. One of the ordinary skill in the art would have motivated to make this modification in order to maintain security for the tenant data that privately belongs to each of the multiple tenants as suggested by Chandra (Col. 5, Line 52-55).


Response to Arguments
11.	Applicant’s arguments with respect to claims 1-20 have been considered but are moot because of the new ground of rejection necessitated by the amendment to the claims. For Examiner's response, see discussion below:
Applicant's arguments, see pages 10-11, with respect to the rejections of claims 1-20 under 35 USC §102 and §103 have been considered but are moot in view of the new ground(s) of rejection necessitated by applicant's amendments as set forth in the respective rejections of claims 1-20 under 35 USC §103 above in view of the newly found reference.

Conclusion
12.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Shetty et al. (US 2017/0286698 A1) teaches uploading streamed objects to a cloud storage system.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD SOLAIMAN BHUYAN whose telephone number is (571)272-7843. The examiner can normally be reached on Monday - Friday 9:00am-5:00pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Robert Beausoliel can be reached on 571-272-3645. The fax phone number for the organization where this application or proceeding is assigned is 571 -273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-

/M.S.B./Examiner, Art Unit 2167    

/ROBERT W BEAUSOLIEL JR/Supervisory Patent Examiner, Art Unit 2167