Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
2. The information disclosure statement (IDS) submitted on 01/04/2022, 04/23/2021, and 10/29/2021 was filed after the mailing date of the non-final rejection on 07/21/2021. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. 

Reasons for Allowance
3.	 Claims 14-20 are cancelled. Claims 1, 3-13, 21 and 22 including all of the limitations of the base claim and any intervening claims are allowed.

Closest Prior Art:
U.S. Publication No. 20130091350 discloses on paragraph 0027 “In exemplary embodiments, the firewall application 118 utilizes one or more cryptographic keys and/or algorithms to encrypt the user input data before transmitting it to the application server 102. In accordance with one or more embodiments, the firewall application 118 performs one or more algorithms to analyze the user input data to determine if any portions of the user input data are to be encrypted. In this regard, the virtual application 104 may provide the firewall application 118 with context information and/or other logic that may be utilized to identify the type(s) of user input data provided by the user, wherein the firewall application 118 determines if any of the types of received user input data should be encrypted, based on, for example, data residency rules, regulations or other restrictions provided for the jurisdiction where the proxy server 108 and/or the client device 106 resides. For example, the proxy server 108 and/or the client device 106 may reside in a jurisdiction where a user's government issued personal identification number (e.g., a Social Security number or the like) cannot be electronically transmitted and/or stored outside the jurisdiction without being encrypted, and the virtual application 104 may identify a particular data input field as corresponding to the government issued personal identification number, wherein the firewall application 118 identifies and encrypts received user input data corresponding to the user's government issued personal identification number. The firewall application 118 continues by adding or otherwise appending the unique identifier or other authentication information corresponding to the firewall application 118 and/or the proxy server 108 to the encrypted user input data before transmitting the encrypted user input data to the application server 102. For example, the firewall application 118 may construct a message that contains the encrypted user input data and has a message header that includes the unique identifier associated with the firewall application 118 and/or proxy server 108.

U.S. Publication No. 20110225431 discloses on paragraph 0049 “As described above, a designated cryptographic function and/or key may be based on a security policy. A security policy for information handling system 102 may define whether an encryption or decryption task is to be executed and the designated cryptographic function and/or encryption key to be used in connection with such an encryption or decryption task based on one or more of: a user logged into information handling system 102, characteristics of a storage resource 114 associated with the task, or characteristics regarding the directory path of the data to be written or read (e.g., folder/directory, file, etc.). Among the characteristics of a storage resource 114 upon which a policy may be based are a port to which the particular storage resource 114 is coupled, the type of storage resource 114 (e.g., USB, FireWire, SATA, PCI/PCMCIA, etc.), manufacturer of storage resource 114, model of storage resource 114, serial number of storage resource 114, and a file type of the data to be encrypted or decrypted (e.g., based on file extension and/or type of data to be stored, such as image file, video file, text file, executable file, etc.) and/or any other suitable characteristic. In some embodiments, such a policy may be established by an administrator or other person at a management console remote from information handling system 102, from which it may be communicated to information handling system 102 and/or other information handling systems, where such policy may be enforced, as described herein.”

U.S. Publication No. 20140122868 discloses on paragraph 0004 “In one embodiment, a method performed by a proxy for securing cloud-stored data is provided. The method includes receiving, by the proxy from a client node, a file to be stored by a cloud storage server, where the proxy and the client node are part of a private network that does not include the cloud storage server. The method further includes retrieving, by the proxy, an encryption key associated with a user of the client node and encrypting the file using the encryption key. The proxy then transmits the encrypted file to the cloud storage server.” content is typically created on a workstation and uploaded into the web server using FTP or HTTP, The process of releasing web content can be controlled by placing a proxy, for the appropriate protocol, between the web authoring application and the web server. This encryption proxy needs access to the all the group encryption keys, so it can encrypt a released file in accordance with its ACE. The encryption proxy is trusted to allow the group encryption keys to be modified only under strictly controlled circumstances. In addition, the proxy keeps the encryption keys private, though this is less important.”

U.S. Publication No. 20020078381 discloses on paragraph 0018 “The secure remote server 108 performs several functions. The remote server 108 generates encryption keys 114 for each document section, maintains decryption keys 118 for registered encrypted documents 112, authenticates requests for viewing a document section, grants access to registered documents 112 by providing decryption keys 118 and associated access policies to authorized viewing users 118, and maintains an encrypted secure central database which provides association between registered authoring users, registered documents, associated decryption keys, associated policies for each document, options for each user and document, and associated registered viewing users. The remote server 106 does not store or receive the actual document, either encrypted or unencrypted." Fig, 4, paragraph 0083 "Referring now also to FIG. 4, if the remote server 108 authorizes a key lease tor the document 112, it retrieves the associated key(s) 118 and access policies from its various databases and combines the same into a voucher 400. The keys 118 are for the document 112 or portion of the document 112 for which the user has authorized access. Remote server 108 will preferably not insert keys in voucher 400 for which the user is not authorized. Not limiting examples of access policies include an ID for the associated encrypted document 112, watermarks and associated text, limitations on the encrypted document 112 (e.g., printing limitations, copy limitations), etc," disclosure provides the desired restricted access to the private key for decrypting sensitive information without sacrificing the convenience of retrieving access to the private key should it ever be lost. In a preferred embodiment, this result is achieved by separating the private key access management from the storage and encryption of the data. In one exemplary embodiment, a directed identity, typically implemented using OpenID, is used to symmetrically encrypt the user’s private key that is used to decrypt and retrieve sensitive information. This sensitive information is stored with a data host, and it may be asymmetrically encrypted with the user’s public key. As such, the directed identity provider provides the private key access management by giving the user a password and password reset functionality, including changing of the password over time. Correspondingly, it is no longer necessary for the data host to maintain and store a copy of the private key because the possibility of a lost key has been eliminated. As described, neither the data host nor the directed identity provider can violate the privacy of its users without collusion because the data host does not have the private key and the directed identity provider does not have the encrypted data." diagrammatic representation of one embodiment of a data encryption policy in which a type of encryption may be designated. Initiator device 110 associated with WWNN.sub.1 may
have an encryption policy to encrypt data according to Type 1 encryption 610a and initiator device 110 associated with WWNM.sub.2 may have an encryption policy to encrypt data according to Type 3 encryption 610b. Initiator device 110 associated with WWNN.sub.3 may have an encryption policy 210 to not encrypt data. Thus, if WWNN.sub.1 sends data to target 130, an encryption policy associated with WWNN.sub.1 may require a selected level of encryption, a selected algorithm, or the like. If WWNN.sub.2 sends data to target 130, the data may be encrypted according to the encryption policy associated with WWNN.sub.2. If WWNN.sub.3 sends data to target 130, the data may be encrypted according to a default encryption policy or may be based on an encryption level associated with target 130 because WWNN.sub.3 does not have a specified encryption type 810c. Those skilled in the art will appreciate that encryption policies may be combined, such as by using information from a combination of FIGS. 2-6. Encryption policies can be maintained as a table, file object, database entry or according to other data storage format. Preferably, encryption policies are maintained in RAM memory or processor caches during operation for speed of access.”

The following is an Examiner’s Statement of Reasons for Allowance:
Claims 1, 3-13, 21 and 22 are allowable over prior art references taken individually or in combination fails to particularly disclose, fairly suggests or render obvious are argued by the applicant which examiner considers persuasive as set forth above.
Although the prior art discloses obtaining, in connection with a first request from one or more computing devices, the request submitted to the first web service interface
to store data, data; analyzing the data to make a determination whether the data satisfies at least one criterion of a data loss prevention policy, no one or two references anticipates or obviously suggest at least one of the plurality of criteria identifying a data format corresponding to data determined to be sensitive; and processing the first request in accordance with the determination, the determination indicating that the data satisfies the at least one criterion, by at least using a key maintained inaccessible to a second data storage service to encrypt the data to produce, at least in part, a data object comprising the data encrypted by the key and an encrypted version of the key, the key selected from a plurality of keys that provide different levels of encryption strength for encrypted data at least based on the analysis of the data and at least one requirement of the data loss prevention policy, the at least one requirement identifying a data type and the key, and the second data storage service: including a second web service interface that receives web service requests transmitted to the second data storage service.
Therefore, operating to process, using a plurality of data storage devices, the web service requests transmitted to the second web service interface; and transmitting the data object to the second data storage service by submitting a second request to the first web service interface.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GARY S GRACIA/           Primary Examiner, Art Unit 2491