Detailed Action

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Remarks
	In Remarks filed on 10/4/2021, no claims were cancelled; claims 1, 2, 8, 9, 15, 16 were amended; no new claims were added. Claims 1-20 are pending of which claims 1, 8, and 15 are in independent form.
Response to Arguments
Applicant’s arguments in view of amendment of claims have been considered carefully and respectfully but they are not persuasive.
On pages 9 and 10, applicant argues that “the object store services layer 306 and the key provisioning service 370 are not independent from each other in both structure and functionality.” 
The examiner notes that amended independent claims include partial limitations from succeeding dependent claims (2, 9, 16) – “each slice by using a different data key acquired from a key management system, wherein the cloud storage system and the key management system are two independent systems adopting different identification and authentication modes”.
The examiner respectfully disagrees with applicant. Shetty being used in claim 2 rejection under 35 USC 103. It is noted that the customer’s HSM, remote from the server (in terms of proxies) providing the key management system and the cloud storage system, encrypts the master key of the customer (master key was used for encrypting the object keys used in the encryption of the objects.). As shown in Fig. 8, 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cidon et al. (US 2014/0013112 A1) hereinafter Cidon, in view of Shetty et al. (US 2017/0286698 A1) hereinafter Shetty.
As to claim 1, Cidon teaches a method for processing data, the method comprising: 
management server 100 in Fig. 1; see para. [0102] “The management server 100 can be regarded as a broad term to describe the complete software system which is responsible for encrypting files in the cloud and enforcing secure access to these cloud files by providing the right decryption keys to the right users.”), a series of slices obtained by dividing a to-be-stored file (see para. [0057] “…a management server that may be arranged to retrieve the file from a storage service; segmenting the file into multiple file segments; calculate a file segment signature for each of the multiple file segments to provide multiple file segment signatures; encrypt each of the multiple file segments to provide multiple encrypted file segments by using encryption keys that may be in response to the multiple file segment signatures; wherein the multiple encrypted file segments form an encrypted file; and send the multiple encrypted file segments to the storage service.”); 
encrypting, by the cloud storage system (e.g., management server), each slice by using a different data key acquired from a key management system (see para. [0057], [0308], and [0313] “Calculating each encryption key in response to a file segment signature associated with a file segment that is encrypted by the encryption key 1662”); and 
storing, by the cloud storage system, an encrypted data ciphertext in the cloud storage system (see para. [0309]), wherein the method is performed by at least one hardware processor (see para. [0102] and [0103]; It is noted that the management server comprising combination of hardware and software components is responsible for the encryption of files, secure storage and retrieval of encry0tion keys, and enforcing of access policy for the file.).
Cidon does not explicitly teach but Shetty teaches -  “wherein the cloud storage sytem and the key management system are two independent systems adopting different identification and authentication modes” (see para. [0036] and [0168] “key provisioning service 370A can be employed in the other embodiments of the invention discussed above, particularly where object keys are encrypted using the customer's HSM (e.g., FIGS. 11A and 11B). For example, in some embodiments, key provisioning service 370A can make requests for key processing (e.g., to encrypt a plaintext object key, to decrypt an encrypted object key, etc.) to an HSM proxy 704 on behalf of upload service 320 and download service 326 via HSM proxy interface 1216.”; The examiner considers the combination of CSM (customer security module) responsible for release of master key and the key provisioning service 370 A (part of object store services layer 306 form Fig. 3) as being equivalent to the instant application’s a key management system. The examiner considers the object as being equivalent to the instant application’s slice.) 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Cidon and Shetty before him or her, to modify the scheme of Cidon by including Shetty for uploading streamed objects to a cloud storage system. The suggestion/motivation for doing so would have been to take advantage of the key provisioning service 370 of Shetty by providing the advantage that a pool of usable encryption keys (and initialization vectors) being created that can be consumed on demand by upload service 320 such that the object store's upload processes are not delayed by the key generation process, as well as keys being readily accessible from a cache for a limited time of period, as briefly described in Shetty para. [0106]-[0108].
As to other independent claims 8 and 15, claims 8 and 15 include limitations similar to those of claim 1 and thus claims 8 and 15 are rejected under the same rationale.
As to claim 2, in view of claim 1, Cidon does not explicitly teach but Shetty teaches the following limitation – “the method further comprises: in response to determining that any data ciphertext needs to be decrypted, decrypting, by the cloud storage system, the data ciphertext according to a data key corresponding to the data ciphertext and acquired from the key management system” (e.g., network services layer 302, client services layer 304, and object store services layer 306 in Fig. 3 being conducive to cloud storage system 102; see also para. [0081]-[0084] “Object store services layer 306 includes a set of services that provide the object storage functionality of object store 102 as well as other cloud maintenance services. Object store services layer 306 includes an upload service 320 and distributor service 322 that cause a digital object (e.g., a file) to be uploaded to object store 102. Responsive to an upload request from a client application 314 of client services layer 304, upload service 320 causes an object to be received from client services layer 304, encrypted using any of various key services described below, stored (replicated) on a plurality of filers 222(1-n), and a new object record to be created in an object database 324.”; see para. [0104] “Object store services layer 306 includes a set of services that provide the object storage functionality of object store 102 as well as other cloud maintenance services. Object store services layer 306 includes an upload service 320 and distributor service 322 that cause a digital object (e.g., a file) to be uploaded to object store 102. Responsive to an upload request from a client application 314 of client services layer 304, upload service 320 causes an object to be received from client services layer 304, encrypted using any of various key services described below, stored (replicated) on a plurality of filers 222(1-n), and a new object record to be created in an object database 324.”; see para. [0107] “Upload interface 408 provides an interface between upload service 320 and control and coordination module 402. Responsive to a new object being uploaded to cloud object store 102 (e.g., from a remote client 126, from a local cloud 104, etc.), upload service 320 calls key provisioning service 370 to fetch an available unique encryption key and IV for that object. Responsive to such a request, control and coordination module 402 fetches a unique key and associated IV from unused key cache 406, and provides the encryption key and IV to upload service 320 via upload interface 408. Module 402 then removes (e.g., deletes, deletes and logs, etc.) the unique encryption key and associated IV from cache 406.”; see para. [0168] “key provisioning service 370A can be employed in the other embodiments of the invention discussed above, particularly where object keys are encrypted using the customer's HSM (e.g., FIGS. 11A and 11B). For example, in some embodiments, key provisioning service 370A can make requests for key processing (e.g., to encrypt a plaintext object key, to decrypt an encrypted object key, etc.) to an HSM proxy 704 on behalf of upload service 320 and download service 326 via HSM proxy interface 1216.”; The examiner considers the key provisioning service 370 A (part of object store services layer 306 form Fig. 3) as being equivalent to the instant application’s a key management system. The examiner considers the object as being equivalent to the instant application’s slice.) 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of Cidon and Shetty before him or her, to modify the scheme of Cidon by including Shetty for uploading streamed objects to a cloud storage system. The suggestion/motivation for doing so would have been to take advantage of the key provisioning service 370 of Shetty by providing the advantage that a pool of usable encryption keys (and initialization vectors) being created that can be consumed on demand by upload service 320 such that the object store's upload processes are not delayed by the key generation process, as well as keys being readily accessible from a cache for a limited time of period, as briefly described in Shetty para. [0106]-[0108].
Claims 9 and 16 include similar limitations as claim 2 and thus are rejected under the same rationale as claim 2.
As to claim 3, in view of claim 2, Shetty teaches wherein, the method further comprises: buffering, by the cloud storage system, the data key acquired from the key management system, wherein the buffered data key comprises: an unused data key (see para. [0106] for unused key cache 406) and a used data key (see para. [0158] for object records 504, “…control and coordination module 1202 (via Odb interface 1212) encrypts the existing plaintext object keys 534 associated with the customer's objects and stores those the encrypted object keys in fields 538 of their associated object records 504, and thereafter deletes their plaintext object keys 534”); 

in response to determining that any slice needs to be encrypted, encrypting, by the cloud storage system, using the buffered unused data key on the slice (see para. [0106]); and 
in response to determining that any data ciphertext needs to be decrypted, and in response to determining that the data key corresponding to the data ciphertext is buffered (e.g., stored in the object keys table 500c in para. [0111]), decrypting, by the cloud storage system, using the buffered data key on the data ciphertext (see para. [0117] “In a first step 652, download service 326 (FIG. 3) receives a request to download an object from a client application 314 in communication with a client device associated with a customer. In response, in a second step 654, download service 326 accesses the object record 504 associated with the requested object in object database 324, determines the object key ID from object key ID field 512 of the object record 504, and then retrieves the plaintext object key 534 and initialization vector 536 from the corresponding object key record 530 in table 500C. Download service 326 also determines the filers 222 on which the requested object is stored using filer ID fields 518(1-x) in the object record 504. Accordingly, in a third step 656, download service 326 retrieves the requested object from one of filers 222 via a get request to an associated storage node service 340. In a fourth step 658, download service 326 causes the object to be decrypted using the encryption key 534 and initialization vector 536 retrieved for the object, for example, as part of an inline Java decryption routine.
Claims 10 and 17 include similar limitations as claim 3 and thus are rejected under the same rationale as claim 3.
As to claim 4, in view of claim 3, Shetty teaches wherein, the method further comprises: dynamically adjusting, by the cloud storage system, the buffered data key (see para. [0106] “Control and coordination module 402 also monitors the number of unused keys in cache 406 and instructs key generator 404 to generate more keys when the number of keys in cache 406 gets too low (e.g., below a predetermined threshold determined by the cloud service provider).”. ; It is noted that the as soon as the object key is used to encrypt an object, the object key is deleted from the cache 406 as well.)

Claims 11 and 18 include similar limitations as claim 4 and thus are rejected under the same rationale as claim 4.
As to claim 5, in view of claim 2, Shetty teaches wherein, the method further comprises: in response to performing data writing, encrypting, by the cloud storage system, existing data in a buffer, while writing data into the buffer, and writing encrypted data ciphertext into a back-end (e.g., object store 102 in para. [0083] as being interpreted as the data buffer; see also para. [109]-[0110] for object records in table 500A); It is noted that the client applications 314 sends object or slice or segment of specific size matching, for example, AES key length in a continuous manner.; see para. [0107] “Upload interface 408 provides an interface between upload service 320 and control and coordination module 402. Responsive to a new object being uploaded to cloud object store 102 (e.g., from a remote client 126, from a local cloud 104, etc.), upload service 320 calls key provisioning service 370 to fetch an available unique encryption key and IV for that object. Responsive to such a request, control and coordination module 402 fetches a unique key and associated IV from unused key cache 406, and provides the encryption key and IV to upload service 320 via upload interface 408. Module 402 then removes (e.g., deletes, deletes and logs, etc.) the unique encryption key and associated IV from cache 406.”); and 
in response to performing data reading, decrypting, by the cloud storage system, existing data in a buffer, while writing data into the buffer, and returning decrypted data plaintext to a user (see para. [0117] “Download service 326 also determines the filers 222 on which the requested object is stored using filer ID fields 518(1-x) in the object record 504. Accordingly, in a third step 656, download service 326 retrieves the requested object from one of filers 222 via a get request to an associated storage node service 340. In a fourth step 658, download service 326 causes the object to be decrypted using the encryption key 534 and initialization vector 536 retrieved for the object, for example, as part of an inline Java decryption routine. In a fifth step 660, download service 326 serves the decrypted object to the client application 314, which in turn serves it to the requesting client device. As will be apparent, method 650 is also used for each subsequent object download request associated with the customer.”; It is noted that download service 326 can continuously request the required encrypted slices to be retrieved and perform decryption on the retrieved slices as they arrives in a continuous manner.). 
Claims 12 and 19 include similar limitations as claim 5 and thus are rejected under the same rationale as claim 5.
As to claims 6, 13, and 20, in view of claims 2, 9, and 16, Shetty teaches wherein, each data key in the key management system is encrypted using a master key and stored in a form of ciphertext (see para. [0146]-[0147] “[0146] After a master key is provisioned by cloud object store 102, each digital object associated with the particular workgroup is encrypted using a unique object key as discussed above. However, instead of storing the plaintext object key for each object directly in the object database 324, the plaintext object key for each object is itself encrypted using the plaintext master key assigned to the customer. (The plaintext master key may first have to be fetched from a customer's HSM 702 using the encrypted master key). The encrypted object key is then stored in object database 324 in encrypted object key field 538 of the associated object key record 530. [0147] Thus, a unique key per object is still used, but the cloud-assigned master key is the same for all objects and is one per customer. When a request is made to download an object, the object store first fetches the plaintext master key from the customer-managed HSM 702.”);
each master key is encrypted using a root master key and stored in a form of ciphertext (see para. [0145] “Subsequently, cloud object store 102 provides its plaintext master key and HSM key ID 1013 to the customer-managed HSM 702, which encrypts the cloud's master key using its HSM key that corresponds to the HSM key ID 1013, and then provides the encrypted master key back to cloud object store 102. Thereafter, cloud object store 102 stores the encrypted master key in object database 324 at the workgroup (customer) level in field 1012. ”; The examiner notes that the object key is encrypted with master key and the master key is encrypted with HSM key or hardware root key. However, the examiner notes that two or more levels of hierarchy of key encryption up to the HSM key can be introduced.); and 
each root master key is encrypted and stored using a hardware encryptor (see para. [0145] “The HSM customer 814 will also provision an associated HSM key in its HSM 702 that is dedicated to cloud object store 102 as discussed above, and provide an associated HSM key ID to cloud object store 102, which will be stored in HSM key ID field 1013. Subsequently, cloud object store 102 provides its plaintext master key and HSM key ID 1013 to the customer-managed HSM 702, which encrypts the cloud's master key using its HSM key that corresponds to the HSM key ID 1013”)
As to claims 7 and 14, in view of claims 6 and 13, respectively, Shetty teaches wherein, in response to determining that any slice needs to be encrypted, acquiring, by the cloud storage system, a data key in a form of plaintext and a data key in a form of ciphertext corresponding to the slice from the key management system, encrypting the slice using the data key in the form of plaintext (see para. [0159] and [0160] “[0159]…an exemplary method 1320 for uploading an object to cloud object store 102 when the associated customer employs master key encryption. A first step 1322 of method 1318 comprises performing the first six steps of method 600 of FIG. 6A. This involves upload service 320 fetching a new object key for the object from key provisioning service 370A, creating an object record for the object, storing the object, and encrypting the stored object using the object key. In a second step 1324, upload service 320 requests the plaintext master key for the customer that is associated with the object upload from key provisioning service 370A, which returns the plaintext master key to upload service 320 as will be explained in more detail in FIG. 13D. Then in a third step 1326, upload service 320 encrypts the object key used to encrypt the uploaded object using the plaintext master key. In a fourth step 1328, upload service 320 stores the encrypted object key in encrypted object key record 538 of the associated object record 530. However, upload service 320 does not store the plaintext version of the object key in field 534 of the object record 530. Additionally, although not shown, upload service 320 can store an initialization vector associated with the master key-object key encryption in the object key record 530 should an initialization vector be utilized by the encryption algorithm. Upload service 320 then discards (deletes) any copy of the plaintext master key it created, but leaving the plaintext master key in master key cache 1218. 
[0160] FIG. 13C is a flowchart summarizing an exemplary method 1332 for an object download process when the customer uses master key encryption. In a first step 1334, download service 326 receives a request to download an object from object store 102 from a client application 314. In a second step 1336, download service 326 requests the plaintext master key for the workgroup associated with the object to be downloaded from key provisioning service 370A, which returns the plaintext master key. In a third step 1338, download service 326 accesses the object record 504 associated with the requested object in object database 324, obtains the encrypted object key ID from field 512 of the object record 504, and then retrieves the encrypted object key 538 (and optionally an initialization vector used during object key encryption) for the object. In a fourth step 1340, download service 320 decrypts the encrypted object key using the plaintext master key to obtain the plaintext object key.”; It is noted that in case of the plaintext encryption, the download service would obtain encrypted object key for making changes to the text and in case of simple write operation, a brand new plaintext data/object key would be obtained.), and storing encrypted data ciphertext and the data key in the form of ciphertext (see para. [0159]); and 
in response to determining that any data ciphertext needs to be decrypted, sending, by the cloud storage system, the data key in the form of ciphertext stored together with the data ciphertext to the key management system, acquiring the data key in the form of plaintext returned by the key management system, and decrypting the data ciphertext according to the data key in the form of plaintext (see para. [0160]). 
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HEE K SONG whose telephone number is (571)270-3260. The examiner can normally be reached on M-F 9:00 am – 5:00 pm. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867 .  The fax phone number for the organization where this application or proceeding is assigned is 571-273-7291.



/HEE K SONG/Examiner, Art Unit 2497