DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This action is in response to the communications and remarks filed on 11/9/2021. Claims 1-2, 4-11, and 13-22 are presently pending for examination.

Response to Arguments
Applicant's arguments, see pages 8-13, filed 11/9/2021, regarding the 112 rejections of  Claims 19-20, have been fully considered and are persuasive. The rejection has been withdrawn in view of the amended claims.
Applicant’s arguments, see pages 8-13, filed 11/9/2021, regarding the U.S.C. 102 rejections of Claims 1-20 have been fully considered and are not persuasive.  Applicant argues that "one skilled in the art would not understand Greco's description of monitoring and tracking and storing parameters in the automated data storage library 10 as teaching or suggesting 'detecting, at a local key manager (LKM) executing on a first node that a rekey timer on the first node has expired.'"
Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees.  Greco teaches a local key manager, [paragraph 0110, In one example of creating a distributed key store at least a first EEDK 2 is generated for local 
Applicant argues that, "one skilled in the art would not understand Greco's description of monitoring/tracking/storing parameters and determining whether to perform a special operation by the automated data storage library 10 as teaching or suggesting 'the shared rekey timer separate from the current shared key and controlled by the LKM executing on the first node.’”
Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees.  Firstly, the examiner used the Greco reference to teach the “session key rekey timer” rather than the “shared rekey timer.”  Although the examiner used the Greco reference to teach only the "session key rekey timer" and not the "shared rekey timer", Greco still teaches, requesting creation of a new shared key by a server that is remote from the first node and the second node; receiving the new shared key from the server [paragraph 0103, the EKM/host system 1021 may be constructed from one or more servers (e.g. the EKM may reside on one server and any application which is reading and writing data to the tape drive 15 may reside on another server).  However implemented, the EKM/host 1021 includes a data key generator functionality for generating a data key (DK) 1 for use in performing data encryption - the EKM is remote and provides the new data key (shared key)]  Therefore, the rejection is maintained.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-2, 4-11, and 13-21 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Greco et al., (US 20090175451 A1) hereinafter referred to as Greco.
Regarding Claims 1, 10, and 19, Greco discloses A computer program product for facilitating processing in a computing environment, the computer program product comprising: a computer readable storage medium readable by one or more processing circuits and storing instructions for performing operations comprising: detecting, at a local key manager (LKM) executing on a first node that a rekey timer on the first node has expired, [paragraph 0128, A key is said to be expired when it reaches beyond the defined time limit (e.g. expiration date), without a rekey operation being performed. A rekey operation may then be performed once the key is expired] [paragraph 0131, When the EKM 1021 attempts access to the expired key the EKM 1021 detects that the key has expired if the amount of time transpired since the most recent rekey is greater than the predetermined maximum threshold of time transpired] 
the rekey timer one of: a shared key rekey timer for a current shared key between the first node and a second node, the shared rekey timer separate from the current shared key and controlled by the LKM executing on the first node; and a session key rekey timer for a session key used in a secure communication between a channel on the first node and a channel on the second node, the session key created based at least in part on the current shared key and used for encrypting data in the secure communication; [paragraph 0110, In one example of creating a distributed key store at least a first EEDK 2 is generated for local use by using a public key of the local key manager to wrap the data key 1 – this is the “local key manager”] [paragraph 0114, a secure key exchange is established to encrypt the data key DK 1 with a session key (e.g. the public key from the tape drive 15), thereby generating a session encrypted data key 4] [paragraph 0059, A "rekey" operation or "rekeying" refers to an operation to change the key used for a removable storage media, wherein the key to change may comprise a key encrypting key (KEK) or the actual encryption key used to encrypt the data (the data key) – this is the “session key rekey timer”] 
based on the rekey timer being the shared key rekey timer; requesting creation of a new shared key by a server that is remote from the first node and the second node; receiving the new shared key from the server; [paragraph 0103, the EKM/host system 1021 may be constructed from one or more servers (e.g. the EKM may reside on one server and any application which is reading and writing data to the tape drive 15 may reside on another server). However implemented, the EKM/host 1021 includes a data key generator functionality for generating a data key (DK) 1 for use in performing data encryption] 
and storing the new shared key as the current shared key; and based on the rekey timer being the session key rekey timer, obtaining a new session key that is based at least in part on the current shared key and using the new session key in the secure communication. [paragraph 0132, The EKM 1021 performs the special operation of rekeying by translating the expired key into a new valid key] [paragraph 0130, While the above examples of determining if a special operation may be performed have been described with reference to a tape rekey, one of ordinary skill in the art would understand that any special operation as described above or below may be determined in the same manner]
Regarding Claims 2 and 11, Greco discloses wherein the operations further comprise resetting the rekey timer in response to receiving the new shared key. [paragraph 0128, A key is said to be expired when it reaches beyond the defined time limit (e.g. expiration date), without a rekey operation being performed. A rekey operation may then be performed once the key is expired or proactively before the key is expired – part of the rekey operation is resetting the timer as the previous timer was expired and not valid]
Regarding Claims 4 and 13, Greco discloses wherein the storing is in volatile storage. [paragraph 0116, While the EEDKs 2a could be discarded from the tape drive 15 after being written to the tape cartridge 600, they may be retained in the tape drive 15 in a volatile fashion for as long as the tape cartridge 600 is loaded in the tape drive 15]
Regarding Claims 5 and 14, Greco discloses wherein the operations further comprise resetting the rekey timer in response to obtaining the new session key. [paragraph 0128, A key is said to be expired when it reaches beyond the defined time limit (e.g. expiration date), without a rekey operation being performed. A rekey operation may then be performed once the key is expired or proactively before the key is expired – part of the rekey operation is resetting the timer as the previous timer was expired and not valid]
Regarding Claims 6 and 15, Greco discloses wherein the obtaining the new session key comprises negotiating with the second node to generate the new session key based at least in part on the current shared key. [paragraph 0131, when the EKM 1021 attempts access to the expired key the EKM 1021 detects that the key has expired if the amount of time transpired since the most recent rekey is greater than the predetermined maximum threshold of time transpired. If the key is expired then it may be determined a special operation of a rekey may be performed] [paragraph 0132, The EKM 1021 performs the special operation of rekeying by translating the expired key into a new valid key. The EKM 1021 then performs the initial requested operation of decryption utilizing the new valid key (as described in FIG. 13). Thus, the data on the tape may be decrypted and a rekey may occur during a single session with the key manager]
Regarding Claims 7 and 16, Greco discloses wherein the rekey timer expires based at least in part on an amount of time elapsing subsequent to the rekey timer being obtained. [paragraph 0128, A key is said to be expired when it reaches beyond the defined time limit (e.g. expiration date), without a rekey operation being performed]
Regarding Claims 8 and 17, Greco discloses wherein the first node is a host computer and the LKM executes in a logical partition of the host computer. [Figure 10, element 1021 EKM/Host]
Regarding Claims 9 and 18, Greco discloses wherein the first node is a storage array. [paragraph 0028, The automated data storage library of FIG. 1 comprises a left hand service bay 13, one or more storage frames 11, and right hand service bay 14. As will be discussed, a frame may comprise an expansion component of the automated data storage library]
Regarding Claim 20, Greco discloses wherein the first node is a host computer and the LKM executes in a logical partition of the host computer, [Figure 10, element 1021 EKM/Host] 
and the second node is a storage array. [paragraph 0028, The automated data storage library of FIG. 1 comprises a left hand service bay 13, one or more storage frames 11, and right hand service bay 14. As will be discussed, a frame may comprise an expansion component of the automated data storage library]
Regarding Claim 21, Greco discloses wherein a second shared key rekey timer for the current shared key between the first node and the second node is controlled by a second LKM executing on the second node. [paragraph 0110, In one example of creating a distributed key store at least a first EEDK 2 is generated for local use by using a public key of the local key manager to wrap the data key 1 – this is the “local key manager” – this “local key manager” would be included in all of the nodes] [paragraph 0114, a secure key exchange is established to encrypt the data key DK 1 with a session key (e.g. the public key from the tape drive 15), thereby generating a session encrypted data key 4] [paragraph 0059, A "rekey" operation or "rekeying" refers to an operation to change the key used for a removable storage media, wherein the key to change may comprise a key encrypting key (KEK) or the actual encryption key used to encrypt the data (the data key) – this is the “session key rekey timer”]

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Greco, as applied to Claims 1, 10, and 19, respectively, above, in view of Qi et al., (US 20110150223 A1) hereinafter referred to as Qi.
Regarding Claim 22, Greco does not explicitly teach wherein at a given point in time the value of the shared rekey timer controlled by the LKM executing on the first node is different than the value of the second shared rekey timer controlled by the second LKM executing on the second node.
Qi teaches wherein at a given point in time the value of the shared rekey timer controlled by the LKM executing on the first node is different than the value of the second shared rekey timer controlled by the second LKM executing on the second node. [paragraphs 0038 – 0039, The supplicant 104 may continue to support receipt of the packets using the old key for a predetermined period of time after transmitting Message 4. On receipt of Message 4, the authenticator 102 may start queuing packets using the new key and may continue to support receipt of packets using the old key for a predetermined period of time. In some embodiments, the predetermined period of time may be approximately 60 seconds. In some alternate embodiments, after the fourth EAP message, both the supplicant 104 and the authenticator 102 may start a switchover timer that has a time-delay (e.g., on the order of ten seconds) that is larger than the maximum delay of both devices. During this time period, both supplicant 104 and the authenticator 102 may continue using the old key. After the time-delay of the switchover timer, both the supplicant 104 and the authenticator 102 may transmit using the new key and may continue to use both the old key and the new key for reception for at least a predetermined period of time – teaches the supplicant and the authenticator both having timers that may be different] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Qi with the disclosure of Greco. The motivation or suggestion would have been to allow the use of an old key for a predetermined period of time. (paragraphs 0038-0039)

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include  1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP;  2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW J STEINLE whose telephone number is (571)272-9923. The examiner can normally be reached M-F 10am-6pm CT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/ANDREW J STEINLE/Primary Examiner, Art Unit 2497