Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statements
The information disclosure statement(s) (IDS) submitted on 5/17/2021 was previously considered, as indicated in the non-final Office action issued on 8/13/2021, and thus, has been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  No other IDS(s) have been submitted. Accordingly, the information disclosure statement(s) have been considered by the examiner.

Previous Claim Rejections - 35 USC § 112
As a result of the applicants claim amendments, the examiner has withdrawn all claim rejections under of 35 U.S.C. 112(b). 

Response to Applicant’s Arguments regarding 35 U.S.C. 103
	The applicant’s response states:
In the Office Action, the Examiner relies on Hetzler, Srivastava, Clifford, 
Narayanamurthy, Gauda, and Grube as allegedly rendering obvious the pending claims. Applicant respectfully disagrees and requests allowance of the claims. 
First, amended independent claim 1 recites a unique combination wherein the one or more processors are configured to "receiv[e] [a] first key" and "receiv[e] [a] second key." None of the cited references disclose these limitations as recited in the claims. In fact, Hetzler itself teaches away from transmitting multiple keys. It states for example, that "the client secret encryption key 404 never leaves client 1 side 402." Hetzler at $ [0074], [0108], [0181] (emphasis added). It also states that "the storage secret encryption key 422 never leaves the storage system 420." Hetzler at $ [0084], [0117] (emphasis added). "[T]he client secret key is not shared with the storage system, any other clients, any other storage system, etc." Hetzler at [0181]. These keys are shown in the annotated figure 4 of Hetzler below, where the client secret encryption key 404 is shown in red, and the storage secret encryption key 422 is shown in blue. 
Hetzler further states that its methods are intended to avoid sharing keys through the use of key identifiers instead: "[I]f the duplicate data chunks from different clients are encrypted with different keys, conventional deduplication of a client 1 data chunk against a client 2 data chunk requires sharing a key. In stark contrast, various configurations of the present disclosure provide a chunk identifier comprising information identifying the key used to encrypt the data 

The applicant asserts that Hetzler clearly teaches away from sharing keys, as shown in emphasis above. 
The Examiner disagrees. It is noted that the client public key 606 is sent (see 616 in Fig. 6-7) to the storage system 608 from the client side 1. (See Hetzler [0145] and 616 in Fig. 6-7) Similarly, the storage public key 612 may be sent (see 618 in fig. 6-7) to the client side 1, from the public storage system 608. (Hetzler [0145]) 
Additionally, Hetzler in [0066-67] teaches two encryption methods using shared keys (i.e., “first key” of claim 1) that allow a server to decrypt content from a client that provides the server with the key and the data. 
The applicant has modified the rejection, describing two potential interpretations of “partial decryption” as taught in Hetzler. One of these interpretations was included in the previous Office action. These interpretations are include below in the rejection of claim 1.  

Second, the Office Action fails to provide any citations or explanation for the step of "receiving a first key" of claim 1. See Office Action at 4. While the Office Action points to Hetzler’s use of a cryptographic hash in connection with this limitation, Applicant believes the Office Action to rely on this cryptographic hash as corresponding only to a "first segment identifier," rather than a "first key." This understanding is based on the Office Action's reliance of the ephemeral encryption key 440 of Hetzler as allegedly disclosing a first key in connection with other steps. See, e.g., Office Action at 4 (mapping to the ephemeral encryption key 440 for the step of "using the first key, partially decrypting the first data structure"). However, Hetzler itself explains that the cryptographic hash is not a key, and therefore could not possibly correspond to the "first key" of the pending claims. Hetzler at [0135] and ("[T]he key ID is not the key itself. For example, the key ID provided may be a cryptographic hash") (emphasis added). Because the Office Action fails to explain what disclosure of the cited references teach or suggest the step of "receiving the first key" as disclosed in independent claims 1, 17, and 23, it has failed to carry its burden under the obviousness analysis. The pending claims are therefore allowable for a second reason.


The Examiner asserts the rejection has been updated, as indicated above, and clearly indicates two interpretations of how partial decryption is performed.  
Third, amended independent claim 1 recites a unique combination wherein the one or more processors are configured to, "using the first key, partially decrypt] the encrypted first data structure" (emphasis added). The Office Action relies on paragraph [0098] of Hetzler as allegedly partially decrypting an encrypted first data structure using storage ephemeral key 440. Office Action at 5. However, that portion of Hetzler does not relate to partially decrypting an encrypted data structure. This is because the storage ephemeral key 440 of Hetzler is used to encrypt deduplication "information," rather than any encrypted data, and Hetzler makes clear that the deduplication information is not the encrypted data itself (e.g., chunks) but is rather mere "metadata." It explains that: "[T]he meta-generator 406 computes deduplication information (e.g., metadata) 446 associated with the write data 444 ... [T]he deduplication information 446 may include chunk start locations, chunk lengths, chunk signatures, similarity information, etc.... The deduplication information 446 may be encrypted with the storage ephemeral key 440 by the ephemeral key encrypter 410 and sent to the storage system 420." Hetzler at   [0094] (emphasis added). There is no teaching or suggestion in Hetzler of "partially decrypting" encrypted data using storage ephemeral key 440. Therefore, independent claim 1 is allowable over the cited references for a third reason.

	Notes: the Examiner’s rejection continues to rely on the Client Encryption Key 404 of Hetzler to teach the “common key” of claim 1. 

Fourth, amended independent claim 1 recites a unique combination wherein the one or more processors are configured to, "using the second key, partially decrypt[]  the encrypted second data structure" (emphasis added). As previously explained, Hetzler fails to teach receiving a second key and partially decrypting a data structure. In the absence of such teachings, it further fails to teach or suggest "partially decrypting" a second data structure, let alone doing so using a second key that is received by the one or more processors. Therefore, independent claim 1 is allowable over the cited references for a fourth reason.

The Examiner’s updated rejection, included below, addresses this argument. In particular, “partially decrypting” is taught by Hetzler, with an additional interpretation of Hetzler added in light of the applicant’s amendments to claim 1.
Fifth, amended independent claim 1 recites a unique combination wherein the one or more processors are configured to "stor[e] the partially decrypted first data structure" (emphasis added). As noted above, Hetzler fails to teach partially decrypting a first data structure. In the absence of such a teaching, it further fails to teach or suggest storing a "partially decrypted" first data structure. Therefore, independent claim 1 is allowable over the cited references for a fifth reason.

Again, the Examiner’s updated rejection, included below, addresses this argument. In particular, “partially decrypting” is taught by the new combination of references.
Sixth, amended independent claim 1 recites a unique combination wherein the one or more processors are configured to "selectively stor[e] a copy of the partially decrypted second data" (emphasis added). As previously explained, Hetzler fails to disclose partially decrypting a second data structure. In the absence of such a teaching, it further fails to teach or suggest storing a "partially decrypted" second data structure, let alone storing it "selectively." Therefore, independent claim 1 is allowable over the cited references for a sixth reason.

	As noted above, the updated rejection, as discussed above, teaches “partial decryption”, and the rest of the previous rejection clearly teaches the selective storing of another data structure based on a comparison between the first data structure and the second data structure.

Seventh, amended independent claim 1 recites a unique combination wherein the one or more processors are configured to selectively store a copy of the partially decrypted second data "based on whether content of the partially decrypted first data structure corresponds to content of the partially decrypted second data structure" (emphasis added). As previously explained, Hetzler fails to disclose partially decrypting a first data structure and partially decrypting a second data structure. In the absence of such teachings, it further fails to teach or suggest selectively storing a the partially decrypted second data structure based on whether content of the partially decrypted first data structure corresponds to content of the partially decrypted second data structure. 
The Office Action cites to the deduplication process of Hetzler as allegedly 
disclosing selective storage. Office Action at 5. However, the deduplication process of Hetzler is not based on the content of partially decrypted data structures, but is rather limited to "metadata" associated with chunks in the form of the deduplication "information," such as chunk length and chunk identifiers: "For a chunking deduplication, the deduplication information 446 is used with the chunk metadata 428 to identify data chunks that are duplicates. For example, the deduplication manager 424 compares the pointers, signatures, chunk lengths, etc., from the [] deduplication information 446 to any pointers, signatures, chunk lengths, etc., stored in the chunk metadata 428." Hetzler at   [0099] (emphasis added). Using metadata of encrypted data to perform deduplication is not the same as selectively storing information based on the content of the encrypted data. Therefore, independent claim 1 is allowable over the cited references for a seventh reason.

	As noted above, rejection, as discussed above, teaches “partial decryption”, and the rest of the previous rejection clearly teaches the selective storing of another data structure based on a comparison between the first data structure and the second data structure. Thus, the rejection clearly teaches the above features of the claim.



As noted above, the updated rejection, address the features of the “first key” which is shared between the client and server side. This feature is common to the independent claims.
Ninth, amended independent claim 17 recites a unique combination wherein the one or more processors are configured to "further encrypt] [a] first data structure commutatively using the common key" (emphasis added). The Office Action relies on the storage ephemeral key 440 of Hetzler as corresponding to the claimed "first key," and the client secret encryption key 404 as corresponding to the claimed "common key." Office Action at 16-17. However, these two keys in Hetzler are used to encrypt entirely different information, and therefore fail to teach or suggest "further' encrypting data using one after the other. The storage ephemeral key 440 of Hetzler is used to encrypt deduplication "information," which Hetzler refers to as mere "metadata." Hetzler at[0094] ("[T]he meta-generator 406 computes deduplication information (e.g., metadata) 446 associated with the write data 444 ... [T]he deduplication information 446 may include chunk start locations, chunk lengths, chunk signatures, similarity information, etc.... The deduplication information 446 may be encrypted with the storage ephemeral key 440 by the ephemeral key encrypter 410 and sent to the storage system 420." (emphasis added). The client secret encryption key 404 of Hetzler, on the other hand, is used to encrypt chunks themselves. See, e.g., Hetzler at   [0137] ("Chunk A may be the only piece of data encrypted with client secret encryption key 404"). Therefore, independent claim 17 is allowable over the cited references for this additional reason. Amended independent claim 23 includes similar recitations ("the data structure is encrypted with a first key and a common key") and is allowable for at least the same reason. 

As noted above, the updated rejection, address the features of the “first key” which is shared between the client and server side, and the previous rejection clearly teaches the “common key” which is not shared with the server.
Tenth, amended independent claim 17 recites a unique combination wherein the one or more processors are configured to "transmit[], to a remote device, the further encrypted first data structure along with the first key' (emphasis added). Under the Office Action's interpretation, Hetzler’s client secret encryption key 404 corresponds to the claimed "first key." Hetzler does not transmit this key: "The client secret encryption key 404 never leaves client 1 side 402." Hetzler at    [0074], [0108], [0181] (emphasis added). Applicant maintains that, contrary to the Office Action's assertions, transmitting a key is not the same as transmitting 

As noted above, the present rejection, clearly teaches the above features of the storage server / remote device.

Eleventh, with respect to independent claim 23, as amended it recites a unique combination wherein the one or more processors are configured to "decrypt[] the received data structure using the received first key and the received common key' (emphasis added). As previously discussed, Hetzler does not disclose receiving both a first key and a common key. In absence of such teaching, it further fails to teach or suggest decrypting a data structure using a received first key and a received common key. Therefore, in addition to the other reasons identified above, independent claim 23 is allowable over the cited references.

As noted above, the updated rejection, clearly teaches the encryption key (“first key”) being transmitted by the client to the storage server / remote device and the previous rejection (included again below) includes the teaching of the “common key.”

Response to Examiner’s Arguments Regarding New Claim 24
V.   New Claim 24
New dependent claim 24 depends from independent claim 1 and therefore includes all the elements of claim 1. As set forth above, the cited references do not teach or suggest the elements of amended claim 1, and thus new claim 24 is allowable for at least the reasons set forth above with respect to claim 1. Furthermore, none of the cited references disclose "indexing the stored partially decrypted first data structure and the first key to a first client device identifier," as recited in new claim 24. Nor do the cited references disclose "indexing the stored partially decrypted first data structure and the second key to a second client device identifier when the content of the partially decrypted first data structure corresponds to content of the partially decrypted second data structure," as recited in claim 24. Therefore, new claim 24 is allowable for these additional reasons. Support for this new claim may be found, for example, at paragraph [073] of the Specification.

The Examiner has addressed the features of new claim 24 in a rejection, based on a newly cited reference, that is included below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 9-10, and 13-16 are rejected under 35 U.S.C. 103 as being unpatentable over US 2021/0056223 to Hetzler et al. (hereinafter referred to as “Hetzler”) and in view of US 2015/0186403 Srivastava et al. (hereinafter referred to as “Srivastava”).
Regarding claim 1 recites,
A system for maximizing storage of encrypted content in a storage system comprising: 
Hetzler’s Abstract describes an invention with a similar purpose to the features described in the applicant’s specification and the features recited in the applicant’s claims. 
Hetzler’s Abstract states, “receiving deduplication information at a storage system. The deduplication information is accessible to the storage system for performing operations thereon. The deduplication information includes signatures associated with portions of client data. The method also includes receiving the client data encrypted with a client secret key. The client secret key is unavailable to the storage system. The method includes deduplicating data chunks stored in the storage system against chunks of the client data, wherein the client data chunks are selected from the client data for deduplication using the deduplication information.” (emphasis added)
one or more processors; and 
a storage medium storing instructions (The Examiner asserts that processors and memory are an inherent part of storage 420 in Hetzler figs. 4-5) that, when executed, cause the one or more processors to perform operations comprising: 
The examiner includes the following explanation paragraph, which describes the features recited below: The “first key” is a key that is shared with the server (i.e., “storage system”) allowing the server (storage system 420 of Hetzler) to “partially” decrypt the “first data structure.” However, the “common key” is common between the “first client device” and the “second client device” and is not shared with the server (“storage system”), thus, the server cannot fully decrypt the “first data structure.” By not being able to fully decrypt the “first data structure” using the server, digital copyright laws regarding the content of the “first data structure” (i.e., a portion of a copyrighted movie) are not violated. Also, partial encryption allows the information to be passed to the server securely, and for some information to be viewed (i.e., information not encoded using the “common key”)
receiving, from a first client device, (Client Side 1 of Hetzler) an encrypted first data structure that is encrypted commutatively with at least a first key and a common key, (emphasis added, the “commutative” feature discussed further below)
Client encryption key 404 of Hetzler corresponds to the “common key” that is not shared with the server (i.e., “storage system” or storage system 420 of Hetzler) For example, Hetzler in [0095] states, “Data 450 is opaque to the storage system 420 (e.g., the client secret encryption key 404 is not available to the storage system 420)”
The examiner asserts that the “ephemeral key” in [0132-133] teaches a “first key” that is used during TLS encryption of the data communication discussed above. Hetzler in [0133] states, “The ephemeral key 504 may be a stand transport encryption (e.g., transport layer security (TLS)).” Hetzler also describes encrypting signatures of the data 450, and the TLS tunnel provides encryption for the signatures and additional encryption (double encryption) for the data 450 that has been encrypted.
Alternatively, the examiner interprets the “first data structure” as including metadata and that partial decryption would include decrypting the metadata.  Hetlzer in [0097-98] clearly teaches using the “ephemeral key” to decrypt metadata of Hetlzer.  
Hetzler in [0097] states, “In a preferred approach, the deduplication manager 424 receives the encrypted write data 444 (e.g., data encrypted with a key that is not available to the storage system 420) and the encrypted deduplication information 446 (e.g., metadata encrypted with a key that is available to the storage system 420). [0098] In one configuration, the deduplication manager 424 includes an ephemeral key decrypter. The ephemeral key decrypter may decrypt data encrypted with the storage ephemeral encryption key 440 as would be understood by one having ordinary skill in the art upon reading the present disclosure.
Examiner admits that Hetzler does not teach,
… encrypted commutatively …
However, Srivastava teaches the above recitation, because Srivastava in [0105] describes the use of a commutative encryption. Srivastava in [0105] states, “"Under the rule of commutative encryption, the encrypted user IDs can be compared on the basis that E1(E2(UID))=E2(E1(UID)). Thus, the encryption of user IDs present in both databases will match after the double encryption is completed. In this manner, matches between user records of the panelists and user records of the database proprietor (e.g., identifiers of registered social network users) can be compared without the partner entities needing to reveal user IDs to one another.”
wherein the one or more processors do not have access to the common key; (See above, Client Encryption Key 404 (“common key”) that is not available to the server (i.e., “storage system” or storage system 420 of Hetzler))  
	receiving the first key; (See ephemeral key of Hetzler used by TLS, discussed above. TLS includes the passing of a number of keys, thus, receiving of key is inherent in TLS.)
using the first key, partially decrypting the encrypted first data structure; (See ephemeral key of Hetzler used by TLS, discussed above.)
storing the partially decrypted first data structure;
receiving, from a second client device, an encrypted second data structure that is encrypted commutatively with a second key and the common key; 
Hetzler in [0136] (further included below and discussed below in final element of the claim) teaches comparing two different encrypted data from at least two clients having a common signature and different key IDs, which corresponds to the “encrypted first data structure” and “encrypted second data structure.”
receiving the second key; 
using the second key, partially decrypting the encrypted second data structure; and 
The TLS of Hetzler is used to encrypt in a manner similar to the manner described above with regards to the “first key.” Partial decryption may be interpreted as decrypting double encrypted data or decrypting part of the data (i.e., metadata) in the data structure.
selectively storing a copy of the partially decrypted second data structure based on whether content of the partially decrypted first data structure corresponds to content of the partially decrypted second data structure.  
The key ID in Hetzler is used to identify the client secret encryption key (“common key” of claim 1) and the chunk signature (first and second “segment identifier” of claim 9) is used to identify the data chunk. Hetzler in [0135-136] included below, takes encrypted data from two different clients, and de-duplicates the data if they have a common signature (e.g., hash of data) and the same key ID’s (same encryption coding, same “common key” identifier), which allows the same data to be decrypted.  
Hetzler in [0135-136] states, “In the context of data privacy, the key ID is not the key itself. For example, the key ID provided may be a cryptographic hash, such as SHA256 of a client secret encryption key 404. In another example, the key ID may be a unique index number for a client secret encryption key 404. Storage system 420 may create an internal reference key ID. For example, the storage system 420 may create an index table of keys for the ID of client secret encryption key 404.  [0136] In response to encrypted data from at least two clients having a common signature and different key IDs, the deduplication manager 424 does not dedupe the encrypted data because both the signatures and the key IDs must match to perform the deduplication.” See also Hetzler in [0169] which describes only data chunks of new signatures being written to the storage system.”
The Examiner interprets de-duplicating in Hetzler as corresponding to selectively storing in claim 1 because in Hetzler when both the signatures (i.e., hash of the data) and the key IDs (i.e., hash of the client key, where the client key is not shared with the server), the information is de-duplicated.  For example, in Hetzler de-duplication is not performed if both the signature and the key ID are not the same.  However, in Hetzler if the signatures are the same and the data is the same (i.e., the key IDs are the same), then both clients may decrypt the data because they both possess the same key, and thus, the de-duplication is performed.  Additionally, Hetzler further describes the above recited features in [0100] which states, “Any remaining data chunks associated with a new signatures (e.g., non-pre-existing in the chunk metadata 428) which are not deduplicated are written 454 to the chunk storage 426.”
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hetzler to incorporate the teachings of Srivastava (as described above), because they are in the same field of deduplication of encrypted data being stored on a remote server storage.
One of ordinary skill in the art would have been motivated to make this modification in order to provide commutative encryption using two different keys, where the order of the encryption (1st key then 2nd key, or 2nd key then 1st key) does not affect the order of the decryption.   

Regarding claim 2, the combination of Hetzler and Srivastava teach, 
The system of claim 1, wherein at least one of the first key, the second key, or the common key comprise a symmetrical encryption key.  
Hetzler in [0071] states, “At least some of the operations described herein may be used with symmetric key encryption and/or asymmetric encryption (e.g., public key infrastructure (PKI)). It should be understood by one having ordinary skill in the art that PKI encryption may be performed according any configurations known in the art. For example, a public key in PKI is not a secret key, and encrypting data with the public key requires a corresponding secret private key to decrypt.” Hetzler further describes symmetric keys in [0073-74] and [0084] [0107-108].

Regarding claim 3, the combination of Hetzler and Srivastava teach, 
The system of claim 1, 
wherein the operations further comprise: 
receiving a request for content of the partially decrypted first data structure from the first client device or the second client device,
Hetzler describes in [0125-126] the Client 1 sending a request 502 and a read request 508 to the storage 420 in order to receive “returned data chunks.” See also Hetzler fig. 5.
retrieving the partially decrypted first data structure; 
Hetzler in [0126] states, “In a preferred approach, the deduplication manager 424 identifies data chunks associated with the read request 508 using chunk metadata 428.”
re-encrypting the first data structure by encrypting the partially decrypted first data structure using the first key or the second key based on which of the first client device or the second client device sent the request; and 
Hetzler in [0127] states, “The output 516 of the storage secret key decrypter 432 may be sent to the storage ephemeral key encrypter 434.” Where the ephemeral key encrypter 434 is located inside the storage 420, as shown in fig. 5 of Hetzler.
returning the re-encrypted first data structure to the first client device or the second client device.  
	The corresponding features of Hetzler are shown in fig. 5 and described in [0128] which states, “the output 518 of the storage ephemeral key encrypter 434 may be sent to the dechunker 412. An indicator that the output 518 is encrypted with the ephemeral key 504 may sent to the dechunker 412. The dechunker 412 may dechunk data chunks received from the storage system where the data chunks are encrypted with multiple encryption keys.”

Regarding claim 4, the combination of Hetzler and Srivastava teach, 
The system of claim 3, wherein the one or more processors transmit the first key or the second key with the re-encrypted first data structure.  
	In fig. 6 and [0142-145] of Hetzler, the client public key 606 (i.e., “first key or second key” of claim 1) is used to encrypt data and is sent 616 to the storage system in [0145] of Hetzler.  Hetzler in Fig. 5 shows ephemeral key 504 being returned by the storage 420 to the client 402 and in [0125] states, “The ephemeral key may be for encrypting returned data chunks. An ephemeral key 504 may be returned in response 506 to the request 502.”

Regarding claim 9, the combination of Hetzler and Srivastava teach, 
The system of claim 1, wherein the operations further comprise; 
receiving a first segment identifier associated with the encrypted first data structure; 
receiving a second segment identifier associated with the encrypted second data structure; and 
Hetzler in [0136] discusses the Deduplication manager 424 comparing data that is received from two different clients, with a common signature (“identifier(s)” of claim 9).
determining whether content of the encrypted first data structure corresponds to content of the encrypted second data structure based on the first segment identifier associated with the encrypted first data structure and the second segment identifier associated with the encrypted second data structure.  
The “identifier” of claim 9 correspond to the signatures of Hetzler.  Hetzler in [0134] states, “In preferred approaches, in contrast to conventional deduplication operations, additional chunk metadata is associated with each data chunk to indicate the key in which a chunk is encrypted. Different clients may have data chunks that are the same (e.g., duplicates with identical signatures).” Hetzler in [0136] further states, “In response to encrypted data from at least two clients having a common signature and different key IDs, the deduplication manager 424 does not dedupe the encrypted data because both the signatures and the key IDs must match to perform the deduplication.”

Regarding claim 10, the combination of Hetzler and Srivastava teach, 
The system of claim 9, wherein the operations further comprise receiving the first segment identifier from the first client device or receiving the second segment identifier from the second client device.  
Hetzler in fig. 4 depicts a meta-generator 406 inside of Client 1 and signatures in Hetzler correspond to “identifier” of claim 10. Hetzler in [0110] states, “The meta-generator 406 identifies and/or calculates deduplication signatures (e.g., rolling min hashes, cryptographic hashes, etc.).”

Regarding claim 13, the combination of Hetzler and Srivastava teach, 
The system of claim 1, wherein the one or more processors receive the encrypted first data structure from a first portion of the first client device and the first key from a second portion of the first client device.  
Hetzler in figures 4-5 depicts a storage ephemeral key 440 and meta-generator 406 which includes write data 444.  These components are shown as being separate and Hetzler discloses these features being implemented by different hardware or software components.  Hetzler in [0202] states, “It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts or carry out combinations of special purpose hardware and computer instructions.”

Regarding claim 14, the combination of Hetzler and Srivastava teach, 

Hetzler in figures 4-5 depicts a storage ephemeral key 440 and meta-generator 406 which includes write data 444.  These components are shown as being separate and Hetzler discloses these features being implemented by different hardware or software components. Hetzler in [0202] states, “It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts or carry out combinations of special purpose hardware and computer instructions.”

Regarding claim 15, the combination of Hetzler and Srivastava teach, 
The system of claim 13, wherein the first portion and the second portion comprise distinct software components executed as isolated application instances.  
	Hetzler in [0058] [0061] [0203] describe software components or layers that are distinct from one another performing different aspects of the structures shown in the figures. Hetzler in [0203] states, “By executable by the processor, what is meant is that the logic is hardware logic; software logic such as firmware, part of an operating system, part of an application program; etc., or some combination of hardware and software logic that is accessible by the processor and configured to cause the processor to perform some functionality upon execution by the processor. Software logic may be stored on local and/or remote memory of any memory type, as known in the art. Any processor known in the art may be used, such as a software processor module and/or a hardware processor such as an ASIC, a FPGA, a central processing unit (CPU), an integrated circuit (IC), a graphics processing unit (GPU), etc.”

Regarding claim 16, the combination of Hetzler and Srivastava teach, 
The system of claim 1, 

Hetzler in [0084] and [0108] discloses exchanging an ephemeral key 440, using a first network, that is provided by the storage 420 to the client 1 402.  Then, the ephemeral key 440 is used to establish a second encrypted connection / network that allows for the data to be securely exchanged between the storage 420 and the client 1. Hetzler in [0092] establishes a session between the client 1 and the storage 420.  Additionally, Hetzler in [0133] describes the ephemeral key being used to establish a standard transport encryption.

Claims 5-7, 17-18, and 20-23 are rejected under 35 U.S.C. 103 as being unpatentable over Hetzler, in view of Srivastava, in view of US 8,812,874 Clifford (hereinafter referred to as “Clifford”). 
Regarding claim 5, Hetzler and Srivastava teach features of claim 1 and 3, as discussed above. Except, Hetzler and Srivastava fail to specifically teach, the recitation of, 
The system of claim 3, wherein the operations further comprise: 
receiving at least one of proof to access or a license to use the content of the requested partially decrypted first data structure with the request from the first client device or the second client device; 
However, Clifford teaches the above recitation, because Clifford in (49) states, “In the method of FIG. 4 an ERM-aware application may request a user license for the ERM-protected data from an RMS, as in 400. In various embodiments, such a request may identify the user of the ERM-aware application (i.e., the principal). In various embodiments, the request may include the publishing license of the ERM-protected data.” Clifford in (50) further describes the RMS (license server 12) determining if the user should be granted access to the data based on a license.  See also (22), (30), (36), and (40) of Clifford.    
Clifford also teaches the following recitation of,

receiving at least one of proof to access or a license to use the content of the requested partially decrypted first data structure with the request from the first client device or the second client device; 
extracting the first key or the second key from the at least one of proof or a license; and 
Clifford in (39) states, “In some embodiments, the publishing license may include one or more decryption keys and/or identifiers corresponding to segments of the data, as in 260. As described above, in various embodiments a symmetric encryption algorithm may be used to encrypt the data in 230.”
encrypting the partially decrypted first data structure using the extracted first key or the second key.  
Clifford in (39) states, “As described above, in various embodiments a symmetric encryption algorithm may be used to encrypt the data in 230.” Additionally, claim 5 of Clifford includes an encrypted data segment that is included in the storage system (i.e., server), thus, the data is encrypted by the storage system 130. Also, Clifford in (51) encrypts the license.)  
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hetzler to incorporate the teachings of Clifford to incorporate the ability for a third party licensing server to supply / verify licenses which are used to determine if a user has access to copy-write protected data.  Doing so would aid in reducing piracy of protected information.  
Additionally, Hetzler, Srivastava, and Clifford are all considered to be analogous to the claimed invention because they are in the same field of deduplication of encrypted data being stored on a remote server storage, as further discussed below. 
For example, Clifford in the Abstract and figure 1 of describe and depict an ERM-aware application (in a client) that segments a file, where the file data may already be stored on a storage system (server) that interacts with a license server that grants access to the file data. Additionally, the storage system (server) also implements deduplication in order to prevent from storing multiple files.
Similarly, Hetzler’s Abstract states, “A computer-implemented method includes receiving deduplication information at a storage system. The deduplication information is accessible to the storage system for performing operations thereon. The deduplication information includes signatures associated with portions of client data. The method also includes receiving the client data encrypted with a client secret key. The client secret key is unavailable to the storage system. The method includes deduplicating data chunks stored in the storage system against chunks of the client data, wherein the client data chunks are selected from the client data for deduplication using the deduplication information.”
Similarly, Srivastava in the Abstract states, “Methods and apparatus to de-duplicate impression information are disclosed. An example method to de-duplicate media impression information includes determining an overlap between cookies of a first database proprietor and cookies of a second database proprietor on client computers; determining duplicate impression information based on first impression information associated with the first database proprietor.” Further, Srivastava’s specification describes encrypted data being identified despite its encryption.

Regarding claim 6, the combination of Hetzler, Srivastava, and Clifford teach,
The system of claim 3, wherein the operations further comprise: 
based on the request, sending a challenge to the first client device or the second client device; and
Clifford in (48) describes a user attempting to access ERM-protected data which corresponds to a “challenge” of claim 6.
based on a response to the challenge, determining that the first client device or the second client device has had access to or has a license to use the content of the requested partially decrypted first data structure, 
Clifford describes a license server 120 of fig. 1 that provides the ability to determine whether access to data is allowed.  See Clifford (49-50) which states, “If the publishing license does not permit the user to access the data, as indicated by the negative exit from 420, the RMS may deny a user license to the principal, as in 430. However, if the user license does permit the principal to access the data, as in the affirmative exit from 420, then the RMS may create a user license, as in 440, and sent it to the requesting ERM-aware application, as in 450.” See also the more detailed rejection of claim 7 below
wherein the one or more processors return the re-encrypted first data structure in response to the determination.  
Clifford in (51) describes the RMS of the license server 120 returning an (encrypted) user license to the client computer 110 (ERM-aware app) that allows access to “the data.”  “The data” in Clifford is described in (47) as residing in the storage system 130, which corresponds to a server or storage system of claim 1. Thus, Clifford teaches a license server that provides a license to a client that allows the client to access and/or decrypt data on a storage server.

Regarding claim 7, the combination of Hetzler, Srivastava, and Clifford teach,
The system of claim 6, wherein determining that the first client device or the second client device has had access to or has a license to use the content of the requested partially decrypted first data structure comprises: 
contacting a third party configured to verify licenses to digital content; and 
The RMS of the license server 120 (“third party” of claim 7) in Clifford is contacted by the ERM-aware application of the client computer 110 to obtain a license.  Clifford in (49-50) states, “a request may identify the user of the ERM-aware application (i.e., the principal). In various embodiments, the request may include the publishing license of the ERM-protected data. In some embodiments, the request may comprise a public encryption key of the ERM-aware application for the licensing server to use for encrypting communications with the ERM-aware application. (50) According to the illustrated embodiment, the RMS may receive and analyze the request, as in 410. For example, in 410, if the public key of the RMS was used to encrypt the publishing license then the RMS may decrypt the publishing license using its private key. The RMS may then analyze the decrypted publishing license to determine if the given principal may access the data, as in 420.”
receiving, from the third party, the determination.  
Clifford in (50) further states, “If the publishing license does not permit the user to access the data, as indicated by the negative exit from 420, the RMS may deny a user license to the principal, as in 430. However, if the user license does permit the principal to access the data, as in the affirmative exit from 420, then the RMS may create a user license, as in 440, and sent it to the requesting ERM-aware application, as in 450.” Thus, the license server 120 of fig. 1 of Clifford makes the determination. See also, Hetzler in [0066] where a third party key service has access to keys.

Regarding claim 17, the combination of Hetzler, Srivastava, and Clifford teach,
A system for uploading encrypted data structures to a remote storage comprising: 
one or more processors; (The Examiner asserts that processors and memory are an inherent part of storage 420 in Hetzler figs. 4-5) and a storage medium storing instructions that, when executed, cause the one or more processors to perform operations comprising:
Hetzler’s Abstract describes an invention with a similar purpose to the features described in the applicant’s specification and the features recited in the applicant’s claims.  Please see the rejection of claim 1 for a copy of Hetzler’s abstract with relevant features emphasized.
6Application No. 16/660,761 Attorney Docket No.: 15036.0006-00000 
a storage medium storing instructions that, when executed, cause the one or more processors to perform operations comprising: 
receiving a license to access a first data structure, (Clifford in (49) states, “(49) In the method of FIG. 4 an ERM-aware application may request a user license for the ERM-protected data from an RMS, as in 400. In various embodiments, such a request may identify the user of the ERM-aware application (i.e., the principal). In various embodiments, the request may include the publishing license of the ERM-protected data.” Clifford in (50) further describes the RMS (license server 12) determining if the user should be granted access to the data based on a license.  See also (22), (30), (36), and (40) of Clifford.) the first data structure encrypted with a first key; 
receiving the first key; 
Hetlzer’s “ephemeral key 440” (“first key”) is created / generated then received by a memory and is also transmitted to another device. 

Client encryption key 404 of Hetzler corresponds to the “common key” that is not shared with the server (i.e., “storage system” or storage system 420 of Hetzler). For example, Hetzler in [0095] states, “Data 450 is opaque to the storage system 420 (e.g., the client secret encryption key 404 is not available to the storage system 420)”
further encrypting the first data structure commutatively using the common key without decrypting the first data structure using the first key; and (emphasis added, see discussion below of commutative encryption)
See discussion above regarding claim 1 and the “first key” and “common key” being used to create an encrypted “first data structure.”
Srivastava in [0105], as discussed above in detail with regards to the rejection of claim 1, teaches the features of commutative encryption and Hetzler teaches the other recited features. For example, Hetzler in [0092] states, “ephemeral key may be for encrypting data such that the storage system 420 may decrypt data sent from the client 1 side 402” (where the “first key” of claim 17 corresponds to the ephemeral key of Hetzler). Hetzler in [0095] also states, “client secret encryption key 404. The client key encrypted data 450 and the key ID associated with the client secret encryption key 404 may be sent to the storage system 420. (where the “common key” of claim 17 corresponds to the client key used to create the client key encrypted data) Additionally, Hetzler in [0107] states, “a read operation comprises receiving data chunks which are encrypted with at least two keys, e.g., a client secret encryption key and a storage ephemeral key.”
transmitting, to a remote device, the further encrypted first data structure along with the first key, 
Hetzler in [0134] describes a chunk identifier that includes information regarding the key used to encrypt the data. The Examiner interprets the information regarding the key as information regarding the ephemeral key (“first key” of claim 17) because the chunk identifier further includes a key ID that is associated with the client encryption key 404 (“common key” of claim 17).

Hetzler in [0095] states, “The client key encrypted data 450 and the key ID associated with the client secret encryption key 404 may be sent to the storage system 420 (e.g., the deduplication manager 424). In another approach, the write data 444 is sent to the client secret key encrypter 408 and encrypted with the client secret encryption key 404. The write data 444 and the key ID associated with the client secret encryption key 404 may be sent to the storage system 420 (e.g., the deduplication manager 424). Data 450 is opaque to the storage system 420 (e.g., the client secret encryption key 404 is not available to the storage system 420)”. Data 450 is opaque to the storage system 420 (e.g., the client secret encryption key 404 is not available to the storage system 420)” in [0095] of Hetzler (emphasis added).  
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hetzler to incorporate the teachings of Srivastava (as described above), because they are in the same field of deduplication of encrypted data being stored on a remote server storage.
One of ordinary skill in the art would have been motivated to make this modification in order to provide simultaneous encryption of two different keys, otherwise known as commutative double encryption. 
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hetzler to incorporate the teachings of Clifford to incorporate the ability for a third party licensing server to supply / verify licenses which are used to determine if a user has access to copy-write protected data.  Doing so would aid in reducing piracy of protected information.  
Additionally, Hetzler, Srivastava, and Clifford are all considered to be analogous to the claimed invention because they are in the same field of deduplication of encrypted data being stored on a remote server storage, as further discussed below. 
For example, Clifford in the Abstract and figure 1 of describe and depict an ERM-aware application (in a client) that segments a file, where the file data may already be stored on a storage system (server) that interacts with a license server that grants access to the file data. Additionally, the storage system (server) also implements deduplication in order to prevent from storing multiple files.
Similarly, Hetzler’s Abstract states, “A computer-implemented method includes receiving deduplication information at a storage system. The deduplication information is accessible to the storage system for performing operations thereon. The deduplication information includes signatures associated with portions of client data. The method also includes receiving the client data encrypted with a client secret key. The client secret key is unavailable to the storage system. The method includes deduplicating data chunks stored in the storage system against chunks of the client data, wherein the client data chunks are selected from the client data for deduplication using the deduplication information.”
Similarly, Srivastava in the Abstract states, “Methods and apparatus to de-duplicate impression information are disclosed. An example method to de-duplicate media impression information includes determining an overlap between cookies of a first database proprietor and cookies of a second database proprietor on client computers; determining duplicate impression information based on first impression information associated with the first database proprietor.” Further, Srivastava’s specification describes encrypted data being identified despite its encryption.

Regarding claim 18, the combination of Hetzler, Srivastava, and Clifford teach,
The system of claim 17, wherein the license comprises a digital rights management (DRM) data structure.  
	Clifford’s Abstract describes an enterprise rights management (ERM) system that enables effective data deduplication of ERM protected data. Examiner interprets the ERM system of Clifford as corresponding to the “DRM data structure” of claim 18.

Regarding claim 20, the combination of Hetzler, Srivastava, and Clifford teach,
The system of claim 17, wherein the operations further comprise: 
sending a request for the first data structure to the remote device; and 
Hetzler describes in [0125-126] the Client 1 sending a request 502 and a read request 508 to the storage 420 in order to receive “returned data chunks.” See also Hetzler fig. 5
receiving the first data structure encrypted with the common key.
Hetzler in describes a storage system encrypting using a client secret key (“common key”), in [0095] and [0107] of Hetzler, as discussed above. This encrypted data may then be sent by the storage to the client.  

Regarding claim 21, the combination of Hetzler, Srivastava, and Clifford teach,
The system of claim 20, wherein: 
the received first data structure is further encrypted with the first key; and 
Hetzler in [0097] states, “In a preferred approach, the deduplication manager 424 receives the encrypted write data 444 (e.g., data encrypted with a key that is not available to the storage system 420) and the encrypted deduplication information 446 (e.g., metadata encrypted with a key that is available to the storage system 420). [0098] In one configuration, the deduplication manager 424 includes an ephemeral key decrypter. The ephemeral key decrypter may decrypt data encrypted with the storage ephemeral encryption key 440 as would be understood by one having ordinary skill in the art upon reading the present disclosure.
the operations further comprise, in response to the request, receiving the first key.  
Hetzler describes in [0125-126] the Client 1 sending a request 502 and a read request 508 to the storage 420 in order to receive “returned data chunks.” See also Hetzler fig. 5.  Hetzler in Fig. 5 shows ephemeral key 504 being returned by the storage 420 to the client 402 and in [0125] states, “The ephemeral key may be for encrypting returned data chunks. An ephemeral key 504 may be returned in response 506 to the request 502.”

Regarding claim 22, the combination of Hetzler, Srivastava, and Clifford teach,
The system of claim 20, wherein the operations further comprise: 
responding to a challenge from the remote device; and 
Clifford in (48) describes a user attempting to access ERM-protected data which corresponds to a “challenge” of claim 22.
receiving the first data structure or a denial message based on whether the response can be verified by the remote device.  
Clifford describes a license server 120 of fig. 1 that provides the ability to determine whether access to data is allowed.  See Clifford (49-50) which states, “If the publishing license does not permit the user to access the data, as indicated by the negative exit from 420, the RMS may deny a user license to the principal, as in 430. However, if the user license does permit the principal to access the data, as in the affirmative exit from 420, then the RMS may create a user license, as in 440, and sent it to the requesting ERM-aware application, as in 450.” (emphasis added) See also the more detailed rejection of claim 7 above.

Regarding claim 23, the combination of Hetzler, Srivastava, and Clifford teach,
A system for receiving encrypted data structures from a remote storage comprising: 
one or more processors; and 
a storage medium storing instructions that, (The Examiner asserts that processors and memory are an inherent part of storage 420 in Hetzler figs. 4-5) when executed, cause the one or more processors to perform operations comprising: 
sending, to a remote device, a request for an encrypted data structure along with at least one of proof of access to the data structure or a license to access the data structure; 
Clifford in (49) states, “(49) In the method of FIG. 4 an ERM-aware application may request a user license for the ERM-protected data from an RMS, as in 400. In various embodiments, such a request may identify the user of the ERM-aware application (i.e., the principal). In various embodiments, the request may include the publishing license of the ERM-protected data.” Clifford in (50) further describes the RMS (license server 12) determining if the user should be granted access to the data based on a license.  See also (22), (30), (36), and (40) of Clifford.
in response to the request and from the remote device, receiving the encrypted data structure, wherein the data structure is encrypted (Hetzler in [0093] “client 1 side 402 may encrypt the write data 444” (emphasis added)) with a first key and a common key, (emphasis added, see discussion below)
Hetzler in [0095] states, “client secret encryption key 404. The client key encrypted data 450 and the key ID associated with the client secret encryption key 404 may be sent to the storage system 420 (e.g., the deduplication manager 424). In another approach, the write data 444 is sent to the client secret key encrypter 408 and encrypted with the client secret encryption key 404. The write data 444 and the key ID associated with the client secret encryption key 404 may be sent to the storage system 420 (e.g., the deduplication manager 424).” Additionally, Hetzler in [0107] states, “a read operation comprises receiving data chunks which are encrypted with at least two keys, e.g., a client secret encryption key and a storage ephemeral key.” These features are then decrypted with the storage 420.
the common key accessible by the system and not by the remote device; 
Hetzler in [0095] states, “Data 450 is opaque to the storage system 420 (e.g., the client secret encryption key 404 is not available to the storage system 420)”
receiving the first key; (See Hetzler’s ephemeral key, discussed above in rejection of claim 1)   
receiving the common key; and 
Client encryption key 404 of Hetzler corresponds to the “common key” that is not shared with the server (i.e., “storage system” or storage system 420 of Hetzler) For example, Hetzler in [0095] states, “Data 450 is opaque to the storage system 420 (e.g., the client secret encryption key 404 is not available to the storage system 420)”
decrypting the received data structure using the received first key and the received common key. 
See the deduplication manager 424 which also performs ephemeral key decryption, as discussed in [0098] of Hetzler.
Hetzler with regards to figure 6 depicts a storage 608 sending chunks to a client public key encrypter 640, where the chunks are already encrypted with a client private key.  This data is sent to Client 1 602, which uses client private key decrypter 642 to decrypt the encrypted data from the Storage 608. 
Hetzler in [0162] states, “The output 706 of the storage private key decrypter 638 may be sent to the client public key encrypter 640. The client public key encrypter 640 may encrypt data with the client public key 606 as would be understood by one having ordinary skill in the art upon reading the present disclosure. The output 708 of the client public key encrypter 640 may be sent to the dechunker 614. In contrast to the symmetric key implementation, all the data chunks sent to the dechunker 614 are encrypted with the client public key 606. The dechunker 614 may perform any decompression on the data chunks. In a preferred approach, the dechunker 614 merges all the data chunks into a merged data set 710 and sends the merged data set 710 to the client private key decrypter 642. The client private key decrypter 642 may decrypt the merged data set 710 as would be understood by one having ordinary skill in the art upon reading the present disclosure. The output 712 of the client private key decrypter 642 comprises any data chunks associated with the initial read request 702.”
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hetzler to incorporate the teachings of Srivastava (as described above), because they are in the same field of deduplication of encrypted data being stored on a remote server storage.
One of ordinary skill in the art would have been motivated to make this modification in order to provide simultaneous encryption of two different keys, otherwise known as commutative double encryption. 
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hetzler to incorporate the teachings of Clifford to incorporate the ability for a third party licensing server to supply / verify licenses which are used to determine if a user has access to copy-write protected data.  Doing so would aid in reducing piracy of protected information.  
Additionally, Hetzler, Srivastava, and Clifford are all considered to be analogous to the claimed invention because they are in the same field of deduplication of encrypted data being stored on a remote server storage, as further discussed below. 
For example, Clifford in the Abstract and figure 1 of describe and depict an ERM-aware application (in a client) that segments a file, where the file data may already be stored on a storage system (server) that interacts with a license server that grants access to the file data. Additionally, the storage system (server) also implements deduplication in order to prevent from storing multiple files.
Similarly, Hetzler’s Abstract states, “A computer-implemented method includes receiving deduplication information at a storage system. The deduplication information is accessible to the storage system for performing operations thereon. The deduplication information includes signatures associated with portions of client data. The method also includes receiving the client data encrypted with a client secret key. The client secret key is unavailable to the storage system. The method includes deduplicating data chunks stored in the storage system against chunks of the client data, wherein the client data chunks are selected from the client data for deduplication using the deduplication information.”
Similarly, Srivastava in the Abstract states, “Methods and apparatus to de-duplicate impression information are disclosed. An example method to de-duplicate media impression information includes determining an overlap between cookies of a first database proprietor and cookies of a second database proprietor on client computers; determining duplicate impression information based on first impression information associated with the first database proprietor.” Further, Srivastava’s specification describes encrypted data being identified despite its encryption.

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Hetzler, in view of Srivastava, and further in view of US 2020/0320046 Narayanamurthy et al. (hereinafter referred to as “Narayanamurthy”). 
Regarding claim 11, Hetzler and Srivastava teach features of claims 1 and 9, as discussed above. Except, Hetzler and Srivastava fail to specifically teach, the recitation of, 
The system of claim 9, wherein the operations further comprise instructing the second client device not to transmit the encrypted second data structure when the first segment identifier associated with the encrypted first data structure and the second segment identifier associated with the encrypted second data structure comprise a fuzzy match.  
However, Narayanamurthy teaches the above recitation, because Narayanamurthy in fig. 4G depicts hashed data 434 (“identifier” of claim 11) that is used to determine if the data already exists in the remote data store 404, and the remote data store 404 determines whether to request data 406 from the second computing device 430 based on matching of the hashed data 434. For example, Narayanamurthy in [0061] states, “The remote data store 404 may determine whether the hashed data 434 generated by the second computing device 430 of user (B) matches the hashed data 412 within the metadata 410 generated by the computing device 402 of user (A). If the hashed data 434 does not match the hashed data 412 within the metadata 410 (or any other hashed data within metadata maintained by the remote data store 404 for deduplication), then the remote data store 404 may instruct the second computing device 430 to transmit the data 406.” (emphasis added)
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hetzler to incorporate the teachings of Narayanamurthy to incorporate a determination that data already exists in a data store (i.e., server storage). Doing so would aid in reducing bandwidth used by a client because the client would not send the data to a server storage due to the data already being identified as being located on the data storage.  
Additionally, Hetzler, Srivastava, and Narayanamurthy are all considered to be analogous to the claimed invention because they are in the same field of deduplication of encrypted data being stored on a remote server storage, as further discussed below. 
For example, Narayanamurthy Abstract states, “Techniques are provided for deduplicating encrypted data. For example, a device has data to store in an encrypted state within a remote data store. A key is used to encrypt the data to create encrypted data. The data is hashed to create hashed data and the encrypted data is hashed to create hashed encrypted data.” 
Similarly, Hetzler’s Abstract states, “A computer-implemented method includes receiving deduplication information at a storage system. The deduplication information is accessible to the storage system for performing operations thereon. The deduplication information includes signatures associated with portions of client data. The method also includes receiving the client data encrypted with a client secret key. The client secret key is unavailable to the storage system. The method includes deduplicating data chunks stored in the storage system against chunks of the client data, wherein the client data chunks are selected from the client data for deduplication using the deduplication information.”
Similarly, Srivastava in the Abstract states, “Methods and apparatus to de-duplicate impression information are disclosed. An example method to de-duplicate media impression information includes determining an overlap between cookies of a first database proprietor and cookies of a second database proprietor on client computers; determining duplicate impression information based on first impression information associated with the first database proprietor.” Further, Srivastava’s specification describes encrypted data being identified despite its encryption.

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Hetzler, in view of Srivastava, and further in view of US 2013/0305039 to Gauda (hereinafter referred to as “Gauda”). 
Regarding claim 12, Hetzler, and Srivastava teach features of claim 1 and 9, as discussed above. Except, Hetzler and Srivastava fail to specifically teach, the recitation of, 
wherein the segment identifiers comprise a universally unique identifier (UUID) or a certificate. 
However, Gauda teaches the above recitation, because Gauda in [0099] and [0101] describes the use of universally unique identifiers to identify portions of data stored in a cloud storage system.  According to Gauda the CFS client module generates the UUIDs. Additionally, the use of a hash of data by the CFS client module is discussed.  
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hetzler to incorporate the teachings of Gauda to incorporate the universally unique identifier (UUID) in order to use a standardized data segment identifier.   
Additionally, Hetzler, Srivastava, and Gauda are all considered to be analogous to the claimed invention because they are in the same field of deduplication of encrypted data being stored on a remote server storage, as further discussed below. 
For example, Gauda’s Abstract states, “A cloud storage system supporting user agnostic encryption and deduplication of encrypted files is described. Further the cloud storage system enables users to share a file, a group of files, or an entire file system with other users without a user sending each file to the other users. The cloud storage system further allows a client device to minimize the utilization of bandwidth by determining whether the encrypted data to transfer is already present in the cloud storage system.” 
Similarly, Hetzler’s Abstract states, “A computer-implemented method includes receiving deduplication information at a storage system. The deduplication information is accessible to the storage system for performing operations thereon. The deduplication information includes signatures associated with portions of client data. The method also includes receiving the client data encrypted with a client secret key. The client secret key is unavailable to the storage system. The method includes deduplicating data chunks stored in the storage system against chunks of the client data, wherein the client data chunks are selected from the client data for deduplication using the deduplication information.”
Similarly, Srivastava in the Abstract states, “Methods and apparatus to de-duplicate impression information are disclosed. An example method to de-duplicate media impression information includes determining an overlap between cookies of a first database proprietor and cookies of a second database proprietor on client computers; determining duplicate impression information based on first impression information associated with the first database proprietor.” Further, Srivastava’s specification describes encrypted data being identified despite its encryption.

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Hetzler, in view of Srivastava, in view Clifford and further in view of US 2011/0161680 Grube et al. (hereinafter referred to as “Grube”). 
Regarding claim 19, Hetzler, Srivastava, and Clifford teach features of claim 17, as discussed above. Except, Hetzler, Srivastava, and Clifford fail to specifically teach, the recitation of, 
wherein at least one of the first key or the common key comprise a self-inverse encryption key.  
However, Grube teaches an inverse function that produces encoded slices (portions) of data.  Grube in [0085] states, “A data de-duplication method begins by a processing module receiving a plurality of data storage requests from a plurality of requesting devices wherein a data storage request includes the data and a requester identifier (ID). The method continues with the processing module obtaining a data identifier (ID) for the data. For each of the plurality of data storage requests, the method continues with the processing module producing a requester storage record, dispersed storage error encoding the requester storage record to produce a set of encoded requester storage record slices, and sending the set of encoded requester storage record slices to a dispersed storage network (DSN) memory for storage therein. The method continues with the processing module dispersed storage error encoding at least a portion of the data to produce a set of encoded data slices and sending the set of encoded data slices to the DSN memory for storage therein.”
It would have been prima facie obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hetzler, Srivastava, and Clifford to incorporate the teachings of Grube to include the inverse function that produces encoded slices (portions) of data.   
Additionally, Hetzler, Srivastava, Clifford and Grube are all considered to be analogous to the claimed invention because they are in the same field of deduplication of encrypted data being stored on a remote server storage, as further discussed below. 
For example, Clifford in the Abstract and figure 1 of describe and depict an ERM-aware application (in a client) that segments a file, where the file data may already be stored on a storage system (server) that interacts with a license server that grants access to the file data. Additionally, the storage system (server) also implements deduplication in order to prevent from storing multiple files.
Similarly, Hetzler’s Abstract states, “A computer-implemented method includes receiving deduplication information at a storage system. The deduplication information is accessible to the storage system for performing operations thereon. The deduplication information includes signatures associated with portions of client data. The method also includes receiving the client data encrypted with a client secret key. The client secret key is unavailable to the storage system. The method includes deduplicating data chunks stored in the storage system against chunks of the client data, wherein the client data chunks are selected from the client data for deduplication using the deduplication information.”
Similarly, Srivastava in the Abstract states, “Methods and apparatus to de-duplicate impression information are disclosed. An example method to de-duplicate media impression information includes determining an overlap between cookies of a first database proprietor and cookies of a second database proprietor on client computers; determining duplicate impression information based on first impression information associated with the first database proprietor.” Further, Srivastava’s specification describes encrypted data being identified despite its encryption.
Similarly, Grube’s Abstract states, “A data de-duplication method begins by a processing module receiving a plurality of data storage requests from a plurality of requesting devices wherein a data storage request includes the data and a requester identifier (ID). The method continues with the processing module obtaining a data identifier (ID) for the data. For each of the plurality of data storage requests, the method continues with the processing module producing a requester storage record, dispersed storage error encoding the requester storage record to produce a set of encoded requester storage record slices, and sending the set of encoded requester storage record slices to a dispersed storage network (DSN) memory for storage therein. The method continues with the processing module dispersed storage error encoding at least a portion of the data to produce a set of encoded data slices and sending the set of encoded data slices to the DSN memory for storage therein.”

Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over Hetzler, in view of Srivastava, and further in view of US 2020/0057752 Tofano (hereinafter referred to as “Tofano”). 
Regarding claim 24, Hetzler, and Srivastava teach features of claim 1, as discussed above. Except, Hetzler, and Srivastava fail to specifically teach, the recitation of, 
The system of claim 1, 
wherein the operations further comprise: 
indexing the stored partially decrypted first data structure and the first key to a first client device identifier; and 
indexing the stored partially decrypted first data structure and the second key to a second client device identifier when the content of the partially decrypted first data structure corresponds to content of the partially decrypted second data structure.
However, Tofano teaches these features because Tofano in [0026] (included below, with emphasis) teaches a deduplication index that is used to lookup data portion identifiers and includes keys. Tofano [0023] (not included below) also teaches storing keys in the searching index.
	Tofano in [0026] states, “As mentioned above, in some examples, the global deduplication index may be distributed across a plurality of computing devices in a cluster as a plurality of index components that are local to the respective computing devices to which they are assigned and are managed thereby as local deduplication indexes. Each local deduplication index may include a shard of the global deduplication index. Each shard may include at least one temporal index log that stores index items as the index items are added to that portion of the index log, such as in the order in which the index items are received or otherwise routed to the shard. In some examples, there may be a respective index log corresponding to each slice of each shard. For each index log, the local deduplication index may also include a lookup structure that includes relatively short surrogate lookup keys that are derived from or otherwise based on the data-portion identifiers in the index log. The lookup structure may include, for each surrogate key, a pointer to a location in the index log of the corresponding data-portion identifier. As discussed additionally below, the lookup structure may be searched more quickly than the log itself. Thus, the index log may support a first classification layer and the lookup structure may support an alternate classification layer, thereby enabling two alternative lookup paths that may be used for attempting to locate matching data-portion identifiers.” (emphasis added)

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571) 272-3942.  The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571)272-3739.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/B.W.A./

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495