DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1. The following is a non-Final Office Action in response to applicant’s arguments/filing filed on September 23, 2019
Claims 1-22 are pending 

Examiner’s Note: Paragraph 0037 of the specification defines a data store to be any persistent data storage device. Additionally, paragraphs 0030 and 0141 of the specification define a processor as being a CPU, GPU, and/or ASICS that may have singular or multiple cores. Therefore, the terms, “data store” and “processor” are interpreted to be hardware. 

Examiner’s Note: The term “computing device” is defined in paragraph 0028 of the specification to include desktop computers, laptops, smartphones, tablets, etc. Therefore, a computing device is interpreted as hardware.



Information Disclosure Statement
The information disclosure statement (IDS) submitted on 7/19/2021 was filed prior to the mailing date of the first office action on 1/18/2022.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

The information disclosure statement (IDS) submitted on 2/11/2021 was filed prior to the mailing date of the first office action on 1/18/2022.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

The information disclosure statement (IDS) submitted on 11/9/2020 was filed prior to the mailing date of the first office action on 1/18/2022.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

The information disclosure statement (IDS) submitted on 10/23/2019 was filed prior to the mailing date of the first office action on 1/18/2022.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Drawings
Acknowledgment is made of applicant’s drawings submitted on 9/23/2019.

Oath/Declaration
Acknowledgment is made of applicant’s oath submitted on 9/15/2020

Application Data Sheet
Acknowledgment is made of applicant’s application data sheet submitted on 9/23/2019.








Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.1.) Claims 1-3, 7, 8, 10-12, and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over US 20150293896, Runkis in view of US 20080260159, Osaki
 	In regards to claim 1, Runkis teaches a system to provide redundancy in a virtualized storage device replicated across at least a first and second zone of a plurality of zones, wherein the plurality of zones are in communication via a communication network but are electrically and physically isolated from one another, and wherein the virtualized storage device comprises a first volume in the first zone and a second volume in the second zone, the system comprising: 
a first computing system associated with the first zone, the first computing system including at least a first computing device and a second computing device that collectively implement the first volume, wherein data written to the first volume is encrypted using a first encryption key (see US 20150293896, Runkis, para. 0064, 0071, 0116 and fig. 2, where a first system, comprising a PC, laptop and PDA, has a first zone[232] containing devices having storage volumes, wherein the volumes may be configured to be shared among computing devices and may be encrypted using different key for each volume[para. 0049]);  	a second computing system associated with the second zone, the second computing system including at least a first computing device and a second computing device that collectively implement the second volume, wherein data written to the second volume is encrypted using a second encryption key(see US 20150293896, Runkis, para. 0049, 0071 and 0073 and fig. 2, where a second system, comprising one or more workstations is part of a second zone[244], sharing storage volume, wherein the volume may be encrypted); and 
 	one or more computing devices implementing an encryption service configured to: obtain data written to the first volume encrypted using a first encryption key(see US 20150293896, Runkis, para. 0049, where data may be encrypted using key information) and submitted from the first volume for replication to the second volume(see US 20150293896, Runkis, para. 0064, where data information may me redundantly allocated);
	Runkis does not teach using the first encryption key, decrypt the data to result in decrypted data; using the second encryption key, encrypt the decrypted data to result in reencrypted data; 
transmit the reencrypted data to the second volume; obtain an acknowledgement from the second volume of receipt of the reencrypted data; and 
subsequent to the acknowledgement from the second volume of receipt of the reencrypted data, acknowledge to the first volume receipt of the data at the encryption service; 
wherein the first volume is configured to acknowledge to a client device the data written to the first volume only after receiving acknowledgement of receipt of the data at the encryption service 	However, Osaki teaches using the first encryption key, decrypt the data to result (see US 20080260159, Osaki, para. 0009, where key data is used for performing a decryption); using the second encryption key, encrypt the decrypted data to result in reencrypted data(see US 20080260159, Osaki, para. 0075, where a change in key data[i.e. 2nd encryption key] necessitates re-encryption of volume data); 
transmit the reencrypted data to the second volume(see US 20080260159, Osaki, para. 0128, where a 2nd volume is used to store a subsequently encrypted[i.e. re-encrypted] data with a 2nd key); obtain an acknowledgement from the second volume of receipt of the reencrypted data(see US 20080260159, Osaki, para. 0051, where a “write done” response[i.e. acknowledgement] is received where data has been written to a volume[i.e. 2nd volume]); and 
subsequent to the acknowledgement from the second volume of receipt of the reencrypted data, acknowledge to the first volume receipt of the data at the encryption service(see US 20080260159, Osaki, para. 0051, where a “write done” response[i.e. acknowledgement] is received when data has been written to a volume[i.e. 1st volume]); 
wherein the first volume is configured to acknowledge to a client device the data written to the first volume only after receiving acknowledgement of receipt of the data at the encryption service(see US 20080260159, Osaki, para. 0050 and 0051, where a write command containing the encrypted data[i.e. an acknowledgement of an encryption performance] is sent to the volume management controller[i.e. client]. In response, the volume management controller sends the acknowledgement that data was written).
	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of Runkis with the teaching of Osaki because a user would have been motivated to enhance data security, taught by Runkis, by applying rekeying methods, taught by Osaki, in order to protect a system from data leakage(see Osaki, para. 0006)
  
 	In regards to claim 2, the combination of Runkis and Osaki teach the system of Claim 1, wherein the virtualized storage device represents a block storage device of a virtual machine instance(see US 20150293896, Runkis, para. 0006 and fig. 5, virtual machine data centers for storing information).
  
 	In regards to claim 3, the combination of Runkis and Osaki teach the system of Claim 1, wherein the one or more computing devices implementing the encryption service are configured to store the decrypted data only in transient memory(see US 20080260159, Osaki, para. 0132, where a second journal volume temporarily[i.e. transient] stores a copy of data written to it, wherein decrypted data is transferred to the second journal volume).  	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of Runkis with the teaching of Osaki because a user would have been motivated to enhance data security, taught by Runkis, (see Osaki, para. 0006)
 
 	In regards to claim 7, Runkis teaches a computer-implemented method to provide redundancy in a virtualized storage device replicated across at least a first and second zone of a plurality of zones, wherein the plurality of zones are in communication via a communication network but are isolated from one another, and wherein the virtualized storage device comprises a first volume in the first zone and storing data encrypted according to a first encryption key and a second volume in the second zone and storing data encrypted according to a second encryption key(see US 20150293896, Runkis, para. 0064, 0071, 0116 and fig. 2, where a first system, comprising a PC, laptop and PDA, has a first zone[232] containing devices having storage volumes, wherein the volumes may be configured to be shared among computing devices and may be encrypted using different key for each volume[para. 0049]), the computer-implemented method comprising: 
obtaining from a client device a write of data to the first volume and encrypted using a first encryption key(see US 20150293896, Runkis, para. 0049, where data may be encrypted using key information); 
	Runkis does not teach prior to acknowledging the write to the client device: 
using the first encryption key, decrypting the data to result in decrypted data; 
using the second encryption key, encrypting the decrypted data to result in reencrypted data; 
transmitting the reencrypted data to the second volume; and  

subsequent to the acknowledgement from the second volume of receipt of the reencrypted data, acknowledging write to the client device 	However, Osaki teaches prior to acknowledging the write to the client device: 
using the first encryption key, decrypting the data to result in decrypted data(see US 20080260159, Osaki, para. 0009, where key data is used for performing a decryption); 
using the second encryption key, encrypting the decrypted data to result in reencrypted data; 
transmitting the reencrypted data to the second volume(see US 20080260159, Osaki, para. 0075, where a change in key data[i.e. 2nd encryption key] necessitates re-encryption of volume data); and  
79obtaining an acknowledgement from the second volume of receipt of the reencrypted data(see US 20080260159, Osaki, para. 0051, where a “write done” response[i.e. acknowledgement] is received where data has been written to a volume[i.e. 2nd volume]); and 
subsequent to the acknowledgement from the second volume of receipt of the reencrypted data, acknowledging write to the client device(see US 20080260159, Osaki, para. 0051, where a “write done” response[i.e. acknowledgement] is received each time data has been written to a volume[i.e. 1st and 2nd volume]). 
 	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of Runkis with the teaching of Osaki (see Osaki, para. 0006) 

In regards to claim 8, the combination of Runkis and Osaki teach the computer-implemented method of Claim 7, wherein the first volume is designated by as a primary volume for the virtualized storage device, the primary volume having authority to accept writes to the virtualized storage device and responsibility for replicating writes to the second volume(see US 20150293896, Runkis, para. 0064, where the cloud computing zones provide for a virtual computing environment that provides for information redundancy).

 	In regards to claim 10, the combination of Runkis and Osaki teach the computer-implemented method of Claim 7 further comprising storing the decrypted data only in transient memory(see US 20080260159, Osaki, para. 0132, where a second journal volume temporarily[i.e. transient] stores a copy of data written to it, wherein decrypted data is transferred to the second journal volume). 
	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of Runkis with the teaching of Osaki because a user would have been motivated to enhance data security, taught by Runkis, by applying rekeying methods, taught by Osaki, in order to protect a system from data leakage(see Osaki, para. 0006)
 
(see US 20080260159, Osaki, para. 0051, where a “write done” response[i.e. acknowledgement] is received each time data has been written to a volume[i.e. 1st and 2nd volume]).  	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of Runkis with the teaching of Osaki because a user would have been motivated to enhance data security, taught by Runkis, by applying rekeying methods, taught by Osaki, in order to protect a system from data leakage(see Osaki, para. 0006)
 
 	In regards to claim 12, the combination of Runkis and Osaki teach the computer-implemented method of Claim 7 further comprising storing the data to the first volume prior to acknowledging write to the client device(see US 20080260159, Osaki, para. 0051, where a “write done” response[i.e. acknowledgement] is received when data has been written to a volume[i.e. 1st volume]).  
	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of Runkis with the teaching of Osaki because a user would have been motivated to enhance data security, taught by Runkis, by applying rekeying methods, taught by Osaki, in order to protect a system from data leakage(see Osaki, para. 0006)

 	In regards to claim 15, Runkis teaches a system to provide redundancy in a virtualized storage device replicated across at least a first and second zone of a plurality of zones, wherein the plurality of zones are in communication via a communication network but are isolated from one another, and wherein the virtualized storage device comprises a first volume in the first zone and associated with a first encryption key and a second volume in the second zone and associated with a second encryption key, the system comprising: 
a data store including computer-executable instructions(see US 20150293896, Runkis, para. 0029, software instructions are stored in memory); and  
80one or more processors configured to execute the computer-executable instructions(see US 20150293896, Runkis, para. 0029, where control processing unit execute software instructions) to: 
obtain data written by a client device to the first volume and encrypted using the first encryption key(see US 20150293896, Runkis, para. 0049, where data may be encrypted using key information); 
 	Runkis does not teach using the first encryption key, decrypt the data to result in decrypted data; 
using the second encryption key, encrypt the decrypted data to result in reencrypted data; 
transmit the reencrypted data to the second volume for storage; and 
cause acknowledgement of the write to the client device 	However, Osaki teaches using the first encryption key, decrypt the data to result (see US 20080260159, Osaki, para. 0009, where key data is used for performing a decryption); 
using the second encryption key, encrypt the decrypted data to result in reencrypted data(see US 20080260159, Osaki, para. 0075, where a change in key data[i.e. 2nd encryption key] necessitates re-encryption of volume data); 
transmit the reencrypted data to the second volume for storage(see US 20080260159, Osaki, para. 0128, where a 2nd volume is used to store a subsequently encrypted[i.e. re-encrypted] data with a 2nd key); and 
cause acknowledgement of the write to the client device(see US 20080260159, Osaki, para. 0051, where a “write done” response[i.e. acknowledgement] is received when data has been written to a volume[i.e. 1st volume]). 
	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of Runkis with the teaching of Osaki because a user would have been motivated to enhance data security, taught by Runkis, by applying rekeying methods, taught by Osaki, in order to protect a system from data leakage(see Osaki, para. 0006)
 
 	In regards to claim 16, the combination of Runkis and Osaki teach the system of Claim 15, wherein the one or more processors are configured to cause acknowledgement of the write to the client device only after receiving acknowledgement from the second volume of receipt of the reencrypted data(see US 20080260159, Osaki, para. 0051, where a “write done” response[i.e. acknowledgement] is received each time data has been written to a volume[i.e. 1st and 2nd volume]).  (see Osaki, para. 0006)

 	In regards to claim 17, the combination of Runkis and Osaki teach the system of Claim 15, wherein the one or more processors are configured to cause acknowledgement of the write to the client device prior to receiving acknowledgement from the second volume of receipt of the reencrypted data(see US 20080260159, Osaki, para. 0051, where a “write done” response[i.e. acknowledgement] is received each time data has been written to a volume[i.e. 1st and 2nd volume]). 	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of Runkis with the teaching of Osaki because a user would have been motivated to enhance data security, taught by Runkis, by applying rekeying methods, taught by Osaki, in order to protect a system from data leakage(see Osaki, para. 0006)
 
 	In regards to claim 18, the combination of Runkis and Osaki teach the system of Claim 15, wherein the one or more processors are configured to cause acknowledgement of the write to the client device by acknowledging the write to the first volume, and wherein the first volume acknowledges the write to the client device(see US 20080260159, Osaki, para. 0051, where a “write done” response[i.e. acknowledgement] is received each time data has been written to a volume[i.e. 1st and 2nd volume]).
	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of Runkis with the teaching of Osaki because a user would have been motivated to enhance data security, taught by Runkis, by applying rekeying methods, taught by Osaki, in order to protect a system from data leakage(see Osaki, para. 0006)
  
 	In regards to claim 19, the combination of Runkis and Osaki teach the system of Claim 15, wherein data written to the first volume is encrypted using the first encryption key(see US 20150293896, Runkis, para. 0049, where data may be encrypted using key information). 


2.) Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over US 20150293896, Runkis in view of US 20080260159, Osaki and further in view of US 20180232524, Allo

 	In regards to claim 4, the combination of Runkis and Osaki teaches the system of Claim 1. The combination of Runkis and Osaki do not teach wherein the first and second encryption keys are provided to the first and second volumes by a key management service, and wherein the one or more computing devices implementing the encryption service are configured to obtain the first and second encrypted keys from  (see US 20180232524, Allo, para. 0013 and 0014, where an authentication is required prior to a cloud server[i.e. key management] providing keys such that a first key is used to encrypt data stored on a first volume and a second key is used to encrypt data stored on a second volume).  
 	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of the combination of Runkis and Osaki with the teaching of Allo because a user would have been motivated to enhance data security, taught by Runkis and Osaki, by necessitating authentication prior to performing information exchanges between entities(see Allo, para. 0002)


3.) Claims 5 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over US 20150293896, Runkis in view of US 20080260159, Osaki and further in view of US 7080221, Todd

 	In regards to claim 5, the combination of Runkis and Osaki teach the system of Claim 1. The combination do not teach wherein the one or more computing devices  (see US 7080221, Todd, col. 17, lines 48-54, where a device may be locked from being accessed). 	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of the combination of Runkis and Osaki with the teaching of Todd because a user would have been motivated to improve data sharing efficiency, taught by Runkis and Osaki, by making available local cache storage for each device in order to improve operational performance(see Todd, col. 2, lines 4-18)
 
 	In regards to claim 6, the combination of Runkis and Osaki teach the system of Claim 1. The combination of Runkis and Osaki do not teach wherein the one or more computing devices implementing the encryption service and the second volume utilize intercompatible application programming interfaces, and wherein the one or more computing devices implementing the encryption service obtain the data written to the first volume by presenting to the first volume as a secondary volume 	However, Todd teaches wherein the one or more computing devices implementing the encryption service and the second volume utilize intercompatible application programming interfaces, and wherein the one or more computing devices implementing the encryption service obtain the data written to the first volume by presenting to the first volume as a secondary volume(see US 7080221, Todd, col. 38, lines 57-67, where an API may be used to write data between volumes). 	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of the combination of Runkis and Osaki with the teaching of Todd because a user would have been motivated to improve data sharing efficiency, taught by Runkis and Osaki, by making available local cache storage for each device in order to improve operational performance(see Todd, col. 2, lines 4-18) 
 
 
4.) Claims 9, 13, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over US 20150293896, Runkis in view of US 20080260159, Osaki and further in view of US 20130339818, Baker

In regards to claim 9, the combination of Runkis and Osaki teach the computer-implemented method of Claim 7. The combination of Runkis and Osaki do not teach further comprising assigning to the write of data a write sequence number and transmitting the write sequence number to the second volume 	However, Baker teaches further comprising assigning to the write of data a write sequence number and transmitting the write sequence number to the second volume (see US 20130339818, Baker, para. 0035, where objects written to a memory are recorded sequentially in an index[i.e. sequence number], wherein each storage node includes an index of information stored on a disk).   	It would have been obvious to one of ordinary skill in the art before the effective (see Baker, para. 0002)

 	In regards to claim 13, the combination of Runkis and Osaki teach the computer-implemented method of Claim 7. The combination of Runkis and Osaki do not teach wherein storing the data to the first volume comprises generating a log entry within a write journal, and wherein the method further comprises persisting the data to a data store 	However, Baker teaches wherein storing the data to the first volume comprises generating a log entry within a write journal, and wherein the method further comprises persisting the data to a data store (see US 20130339818, Baker, para. 0035, where a journal made be used for recording information stored[i.e. written] to storage, wherein the journal is stored within persistent storage). 	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of the combination of Runkis and Osaki with the teaching of Baker because a user would have been motivated to enhance data protection, taught by Runkis and Osaki, by providing a means for recovery of lost data due to a failed storage volume by using erasure coding(see Baker, para. 0002) 
 
(see US 20130339818, Baker, para. 0012, where information stored may be in erasure coding format).  	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of the combination of Runkis and Osaki with the teaching of Baker because a user would have been motivated to enhance data protection, taught by Runkis and Osaki, by providing a means for recovery of lost data due to a failed storage volume by using erasure coding(see Baker, para. 0002)


5.) Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over US 20150293896, Runkis in view of US 20080260159, Osaki and further in view of US 20170316075, Deshmukh

 	In regards to claim 20, the combination of Runkis and Osaki teach the system of Claim 15. The combination of Runkis and Osaki do not teach wherein the first encryption key is a negotiated key based on communication between the first volume and the one or more processors 	However, Deshmukh teaches wherein the first encryption key is a negotiated key based on communication between the first volume and the one or more processors (see US 20170316075, Deshmukh, para. 0057, where an encryption key is negotiated that is to be used by a first volume). 	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of the combination of Runkis and Osaki with the teaching of Deshmukh because a user would have been motivated to enhance access control to data, taught by Runkis and Osaki, by using an access policy, taught by Deshmukh, in order to better control how data may be accessed(see Deshmukh, para. 0023)
  

6.) Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over US 20150293896, Runkis in view of US 20080260159, Osaki and further in view of US 20070245105, Suzuki

In regards to claim 21, the combination of Runkis and Osaki teaches the system of Claim 15. The combination of Runkis and Osaki teaches wherein the one or more processors are configured to obtain data written by the client device to the first volume from the first volume via a first secure communication channel, and wherein the one or more processors are configured to transmit the renecrypted data to the second volume via a second communication channel 	However, Suzuki teaches wherein the one or more processors are configured to obtain data written by the client device to the first volume from the first volume via a first secure communication channel, and wherein the one or more processors are configured  (see US 20070245105, Suzuki, fig. 1, para. 0053 and 0054, where primary and secondary-side channels are configured to communicate/transfer data information between primary and secondary-side volumes, respectively).  	It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to modify the teaching of the combination of Runkis and Osaki with the teaching of Suzuki because a user would have been motivated to improve data restoration times, taught by Runkis and Osaki, by using journals, taught by Suzuki, in order to reduce the intervals between data restoration points(see Suzuki, para. 0008)


7.) Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over US 20150293896, Runkis in view of US 20080260159, Osaki and further in view of US 20070245105, Suzuki and further in view of US 20100153702, Loveless

In regards to claim 22, the combination of Runkis, Osaki, and Suzuki teach the system of Claim 21. The combination of Runkis, Osaki, and Suzuki do not teach wherein the first and second communication channel are Transport Layer Security (TLS) compliant 	However, Loveless teaches wherein the first and second communication channel are Transport Layer Security (TLS) compliant (see US 20100153702, Loveless, para. 0038, where a communication channel to storage is via TLS).
(see Loveless, para. 0004)


CONCLUSION
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY LANE whose telephone number is (571)270-7469.  The examiner can normally be reached on 571 270 7469 from 8:00 AM to 6:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Taghi Arani, can be reached on 571 272 3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. 
/GREGORY A LANE/Examiner, Art Unit 2438                                                                                                                                                                                                        


/TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438