DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This office action is in response to the amendment filed on 11/10/2021.
Claims 1-20 are pending for examination. Applicant amends claims 1, 6, 8, 11, 13, 15, and 17-18. The amendments have been fully considered and entered.
Amendments to claims 6, 11, and 15 regarding the claim objections have been accepted and the claim objections have been withdrawn.
Amendment to claim 18 regarding the 35 U.S.C. § 112(b) rejection has been accepted, however, there are still 35 U.S.C. § 112(b) issues as explained below in the 112(b) section.

Response to Arguments
For convenience, the newly introduced limitations, as made by amendments, are marked as underlined.
Applicant's arguments, see Remarks, filed 11/10/2021, with respect to claims 1-20 under 35 U.S.C. § 103 have been considered but are moot in light of the new reference(s) used in the current rejection. The new reference(s) was/were necessitated by the amendment filed by the applicant. The rejection is presented below.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 8 and 18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 8 recites the limitation “the server” in line 7.  There is insufficient antecedent basis for this limitation in the claim.
Claim 18 recites the limitation "an encrypted data encryption key" in line 6.  It is not clear whether this encrypted data encryption key is the same as the encrypted data encryption key of claim 17 in lines 6-7. Examiner suggests to amend this limitation to “the encrypted data encryption key” to obviate this rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 4-6, 8, 10-11, 13, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Schmahmann (US 20180062852 A1; hereinafter “Schmahmann”) in view of Chiueh et al. (US 20130159695 A1; hereinafter “Chiueh”).
As per claims 1, 8, and 13, Schmahmann discloses a method, cloud-based storage system, and non-transitory computer readable storage medium, the cloud-based storage system comprising:
a memory (Schmahmann, [0130], memory); and 
a processing device operatively coupled to the memory (Schmahmann, [0130], processor), the processing device to: 
receive first encrypted data from a first client device (Schmahmann, [0109], collaboration platform server receives a document update operation from a first client, [0063], wherein the operation update is encrypted (i.e., first encrypted data)); 
determine a document of the plurality of documents that is associated with the first encrypted data (Schmahmann, [0112], collaboration platform adds update operation to an operation sequence for the corresponding document (i.e., determines the document associated with the update operation)), and wherein the first encrypted data represents an edit to a portion of the document (Schmahmann, [0063], wherein the operation content/update includes edits to document content which are encrypted); 
determine a plurality of user accounts of collaborators of the document (Schmahmann, [0110], collaboration platform server is able to see the access control data for the document and is able to determine the user identifiers affiliated with the document (i.e., user accounts of collaborators of the document)), the plurality of user 
provide the first encrypted data to one or more other client devices that are each associated with one of the plurality of user accounts, excluding the first user account (Schmahmann, [0115], collaboration platform server transmits the operation update to a second client that has a user identifier affiliated with the document).
Schmahmann does not explicitly disclose, however, Chiueh teaches or suggests: wherein the cloud-based storage system stores a plurality of documents in an encrypted form (Chiueh, [0020]-[0021], remote server is a cloud server that stores a plurality of documents); and 
wherein the server is unable to decrypt the document in the encrypted form (Chiueh, [0011] and [0028], remote server does not have the keys, therefore, cannot decrypt the encrypted document).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of Schmahmann to include storing a plurality of encrypted documents in the cloud server and not allowing the cloud server to have the keys used to encrypt the documents as taught by Chiueh for the benefit of enhancing information security of the document stored on the remote server (Chiueh, [0028]).

As per claims 4 and 10, claims 1 and 8 are incorporated and the modified Schmahmann discloses: configuring a second user account from the plurality of user (n) that is configured for collaborative editing of the document merges the one or more local change events with the collaborator change events from other users, [0079] and [0092], wherein the operations are combined in chronological order).
While the modified Schmahmann discloses: merging edits from different users (Schmahmann, [0094]-[0097]), Schmahmann does not explicitly disclose generating second encrypted data based on the combined edits. However, in another embodiment, Schmahmann teaches encrypting edits (Schmahmann, [0063]). 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Schmahmann to include encrypting merged edits as suggested by a different embodiment of Schmahmann for the benefit of efficiently protecting the edits from a plurality of users instead of encrypting each edit from each user which would require more processing.

As per claim 5, claim 4 is incorporated and the modified Schmahmann discloses: wherein the determining of the plurality of user accounts of collaborators of the document comprises determining that the first user account corresponds to a user account other than the second user account (Schmahmann, [0061] and [0110], plurality 
the providing of the first encrypted data comprises providing the first encrypted data to the second client device that is associated with the second user account, the second client device being one of the one or more other client devices (Schmahmann, [0115], collaboration platform server transmits the encrypted operation update to a second client that has a user identifier affiliated with the document).

As per claim 6, claim 4 is incorporated and the modified Schmahmann discloses wherein: the determining of the plurality of user accounts of collaborators of the document comprises determining that the first user account corresponds to the second user account (Schmahmann, [0110], access control data for the document is seen by the collaboration platform and is able to see user accounts that correspond to each other with regard to document access); and 
the providing of the first encrypted data comprises providing the first encrypted data to the one or more other client devices that are each associated with one of the plurality of user accounts other than the second user account, wherein the first encrypted data corresponds to the second encrypted data (Schmahmann, [0115], encrypted operation is transmitted to a second client or other client excluding the first client, [0094]-[0097], wherein the encrypted operation comprises encrypted merged edits).

As per claim 11, claim 10 is incorporated and the modified Schmahmann discloses: wherein to provide the first encrypted data, the processing device is to: responsive to determining that the first user account corresponds to a user account other than the second user account, provide the first encrypted data to the second client device that is associated with the second user account, the second client device being one of the one or more other client devices (Schmahmann, [0061] and [0110], plurality of different user/accounts identified using a user/account identifier, where a first user account is different than a second user account, [0115], collaboration platform server transmits the encrypted operation update to a second client that has a user identifier affiliated with the document); and
responsive to determining that the first user account corresponds to the second user account, provide the first encrypted data to the one or more other client devices that are each associated with one of the plurality of user accounts other than the second user account, wherein the first encrypted data corresponds to the second encrypted data (Schmahmann, [0110], access control data for the document is seen by the collaboration platform and is able to see user accounts that correspond to each other with regard to document access, [0115], encrypted operation is transmitted to a second client or other client excluding the first client, [0094]-[0097], wherein the encrypted operation comprises encrypted merged edits).

As per claim 15, claim 13 is incorporate and the modified Schmahmann discloses: the processing device is to further: configure a second user account from the plurality of user accounts of collaborators to coordinate with the server for collaborative (n) that is configured for collaborative editing of the document merges the one or more local change events with the collaborator change events from other users, [0079] and [0092], wherein the operations are combined in chronological order); 
responsive to determining that the first user account corresponds to a user account other than the second user account, provide the first encrypted data to the second client device that is associated with the second user account, the second client device being one of the one or more other client devices (Schmahmann, [0061] and [0110], plurality of different user/accounts identified using a user/account identifier, where a first user account is different than a second user account, [0115], collaboration platform server transmits the encrypted operation update to a second client that has a user identifier affiliated with the document); and 
responsive to determining that the first user account corresponds to the second user account, provide the first encrypted data to the one or more other client devices that are each associated with one of the plurality of user accounts other than the second user account, wherein the first encrypted data corresponds to the second encrypted data (Schmahmann, [0110], access control data for the document is seen by the collaboration platform and is able to see user accounts that correspond to each other with regard to document access, [0115], encrypted operation is transmitted to a second client or other client excluding the first client, [0094]-[0097], wherein the encrypted operation comprises encrypted merged edits).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Schmahmann to include encrypting merged edits as suggested by a different embodiment of Schmahmann for the benefit of efficiently protecting the edits from a plurality of users instead of encrypting each edit from each user which would require more processing.

Claims 2-3, 7, 9, 12, 14, and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Schmahmann in view of Chiueh and further in view of Lim et al. (US 20180048464 A1; hereinafter “Lim”).
As per claim 2, claim 1 is incorporated and the modified Schmahmann discloses: wherein the first encrypted data includes: the edit to the portion of the document encrypted based on a data encryption key (Schmahmann, [0063] and [0045], operation content/update is encrypted with a symmetric key (i.e., data encryption key)).
While the modified Schmahmann teaches encrypting the symmetric data encryption key (Schmahmann, [0045]), the modified Schmahmann does not disclose, however, Lim teaches or suggests: the data encryption key encrypted based on a key encryption key, wherein the key encryption key is not accessible to the server (Lim, [0111], content encryption key (i.e., data encryption key) is provided to the key 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Schmahmann to include having a key management server encrypt the data encryption key using a key encryption key that is not accessible to the file server as taught by Lim for the benefit of protecting the plurality of documents from unauthorized access and use (Lim, [0335]).

As per claim 3, claim 2 is incorporated and the modified Schmahmann does not disclose, however, Lim teaches or suggest: wherein the key encryption key is provided by another server not connected to the server and connected to the first client device and the one or more other client devices (Lim, [0111] and Figs. 19 and 24, the key encryption key is provided by the key management server and is not connected to the file server or cloud storage).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Schmahmann to include having a key management server encrypt the data encryption key using a key encryption key that is not accessible to the file server as taught by Lim for the benefit of protecting the plurality of documents from unauthorized access and use (Lim, [0335]).

As per claim 7, claim 3 is incorporated and the modified Schmahmann discloses: wherein the first client device is to perform operations comprising: 
generating the data encryption key (Schmahmann, [0045], “generating a random symmetric key”); 
encrypting the edit based on the data encryption key (Schmahmann, [0045], “encrypt the data with a symmetric scheme using the generated random symmetric key”); and 
combining the encrypted edit with the encrypted data encryption key to generate the first encrypted data (Schmahmann, [0045], “encrypt the generated random symmetric key with an asymmetric key, and pair the symmetrically encrypted block of data with the asymmetrically encrypted key”).
The modified Schmahmann does not disclose, however, Lim teaches or suggests: providing the data encryption key to the another server (Lim, [0111], content encryption key (i.e., data encryption key) is provided to the key management server (i.e., another server) and is encrypted at the key management server (i.e., another server) using a key encryption key); 
obtaining the encrypted data encryption key based on encryption of the data encryption key using the key encryption key provided by the another server (Lim, [0111], encrypted content encryption key is returned back to the computing device (i.e., first client device) after being encrypted using the key encryption key provided by the key management server ( i.e., another server)).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the 

As per claims 9 and 14, claim 8 and 13 are incorporated respectively and the modified Schmahmann discloses: wherein the first encrypted data includes: the edit to the portion of the document encrypted based on a data encryption key (Schmahmann, [0063] and [0045], operation content/update is encrypted with a symmetric key).
While the modified Schmahmann teaches encrypting the symmetric data encryption key (Schmahmann, [0045]), the modified Schmahmann does not disclose, however, Lim teaches or suggests: the data encryption key encrypted based on a key encryption key, wherein the key encryption key is not accessible to the cloud-based storage system (Lim, [0111], content encryption key (i.e., data encryption key) is provided to the key management server (i.e., another server) and is encrypted at the key management server (i.e., another server) using a key encryption key that is not accessible to the file server (see Fig. 19)) and 
wherein the key encryption key is provided by another server not connected to the cloud-based storage system and connected to the first client device and the one or more other client devices (Lim, [0111] and Figs. 19 and 24, the key encryption key is provided by the key management server and is not connected to the file server or cloud storage).


As per claims 12 and 16, claims 9 and 14 are incorporated, respectively, and the modified Schmahmann discloses: wherein the first client device is to perform operations comprising: 
generating the data encryption key (Schmahmann, [0045], “generating a random symmetric key”); 
encrypting the edit based on the data encryption key (Schmahmann, [0045], “encrypt the data with a symmetric scheme using the generated random symmetric key”); and 
combining the encrypted edit with the encrypted data encryption key to generate the first encrypted data (Schmahmann, [0045], “encrypt the generated random symmetric key with an asymmetric key, and pair the symmetrically encrypted block of data with the asymmetrically encrypted key”).
The modified Schmahmann does not disclose, however, Lim teaches or suggests: providing the data encryption key to the another server (Lim, [0111], content encryption key (i.e., data encryption key) is provided to the key management server 
obtaining the encrypted data encryption key based on encryption of the data encryption key using the key encryption key provided by the another server (Lim, [0111], encrypted content encryption key is returned back to the computing device (i.e., first client device) after being encrypted using the key encryption key provided by the key management server ( i.e., another server)).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Schmahmann to include having a key management server encrypt the data encryption key using a key encryption key and return the encrypted data encryption key back to the client device as taught by Lim for the benefit of protecting the plurality of documents from unauthorized access and use (Lim, [0335]).

As per claim 17, Schmahmann discloses: a method comprising: 
providing a graphical user interface (GUI) for online collaborative editing of a document in association with a first server of a cloud-based storage system (Schmahmann, [0051], “collaboration client 230 (i.e., GUI) generates a document view to provide to the document editing application 226,” [0058], “the collaboration client 230 includes an add-in module 236 for use with a document editing application 226 that provides a representation of document content as that content is presented to a user. When the user modifies the content, the add-in module 236 detects the edits in real-time, or in near real-time,” Fig. 2B, collaboration client 230 being associated with 
receiving an edit to a portion of the document via the GUI (Schmahmann, [0058]); 
generating encrypted data representing the edit, wherein the encrypted data includes the edit encrypted based on a data encryption key (Schmahmann, [0061] and [0063], operation content/update, which includes the edits to the document, is encrypted (i.e., first encrypted data), [0063] and [0045], operation content/update is encrypted with a symmetric key (i.e., data encryption key)); and 
providing the encrypted data to the first server (Schmahmann, [0109], collaboration platform server receives a document content/update operation from a first client, [0063], wherein the operation content/update is encrypted (i.e., first encrypted data)).
Schmahmann does not explicitly disclose, however, Chiueh teaches or suggests: wherein the first server is unable to decrypt the encrypted data (Chiueh, [0011] and [0028], remote server does not have the keys, therefore, cannot decrypt the encrypted document).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of Schmahmann to include storing a plurality of encrypted documents in the cloud server and not allowing the cloud server to have the keys used to encrypt the documents as taught by Chiueh for the benefit of enhancing information security of the document stored on the remote server (Chiueh, [0028]).

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of Schmahmann to include having a key management server encrypt the data encryption key using a key encryption key that is not accessible to the file server as taught by Lim for the benefit of protecting the plurality of documents from unauthorized access and use (Lim, [0335]).

As per claim 18, claim 17 is incorporated and the modified Schmahmann discloses: wherein the generating of the encrypted data comprising: 
generating the data encryption key (Schmahmann, [0045], “generating a random symmetric key”); 
encrypting the edit based on the data encryption key (Schmahmann, [0045], “encrypt the data with a symmetric scheme using the generated random symmetric key”); and 
combining the encrypted edit with the encrypted data encryption key to generate the encrypted data (Schmahmann, [0045], “encrypt the generated random symmetric 
The modified Schmahmann does not disclose, however, Lim teaches or suggests: providing the data encryption key to the second server (Lim, [0111], content encryption key (i.e., data encryption key) is provided to the key management server (i.e., another server) and is encrypted at the key management server (i.e., another server) using a key encryption key); 
obtaining an encrypted data encryption key generated based on encryption of the data encryption key using the key encryption key provided by the second server (Lim, [0111], encrypted content encryption key is returned back to the computing device (i.e., first client device) after being encrypted using the key encryption key provided by the key management server ( i.e., another server)).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Schmahmann to include having a key management server encrypt the data encryption key using a key encryption key and return the encrypted data encryption key back to the client device as taught by Lim for the benefit of protecting the plurality of documents from unauthorized access and use (Lim, [0335]).
 
As per claim 19, claim 17 is incorporated and the modified Schmahmann discloses: receiving second encrypted data from the first server of the cloud-based storage system, the second encrypted data representing a second edit to the portion of the document made by a collaborator of the document, wherein the second encrypted 
obtaining the second edit from the second encrypted data by decrypting the encrypted second edit using the second data encryption key (Schmahmann, [0096]-[0098], the second data/edit is obtained from decrypting the second encrypted operation using the symmetric key used to encrypt the operation data initially); and 
updating the document provided on the GUI based on the second edit (Schmahmann, [0096]-[0098], the document is updated with all the edits, including the operation change event made by the second collaborator).
The modified Schmahmann does not disclose, however, Lim teaches or suggests: the second data encryption key encrypted based on the key encryption key and decrypting the encrypted second data encryption key using the key encryption key (Lim, [0111], content encryption key (i.e., data encryption key) is provided to the key management server (i.e., another server) and is encrypted at the key management server (i.e., another server) using a key encryption key, [0115], decrypting the encrypted content encryption key using the key encryption key).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Schmahmann to include having a key management server encrypt the data 

As per claim 20, claim 19 is incorporated and the modified Schmahmann discloses: receiving third encrypted data from the first server of the cloud-based storage system, the third encrypted data representing a third edit to the portion of the document made by another collaborator of the document (Schmahmann, [0094]-[0097], collaborative client 230 of a second client device 120(n) that is configured for collaborative editing of the document merges the one or more local change events with the collaborator change events from other users, [0079] and [0092], wherein the operations are combined in chronological order); 
generating fourth encrypted data based on a combination of the second edit and the third edit in a chronological order (Schmahmann, [0079] and [0092], wherein the operations are combined in chronological order), wherein the operations are combined in chronological order); and 
providing the fourth encrypted data to the first server of the cloud-based storage system (Schmahmann, [0060], distributing the encrypted edit by uploading to the collaboration platform).




Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Madden (US 20130007464 A1) teaches a server that never has access to plaintext document because there is no key stored at the server to decrypt the document ([0028]).
Follis et al. (US 20150312227 A1) teaches a tracking server that does not have access to the key used to protect an electronic document ([0069]).	

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEXANDER R LAPIAN whose telephone number is (571)272-7552.  The examiner can normally be reached on M-F 9:30-6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


ALEXANDER R. LAPIAN
Examiner
Art Unit 2437



/ALEXANDER R LAPIAN/Examiner, Art Unit 2437   


/MATTHEW SMITHERS/Primary Examiner, Art Unit 2437