Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restrictions
2.    NO restrictions warranted at initial time of filing for patent.

Priority
3.    Applicant claims domestic priority under 35 USC 119e to provisional application filed on 16/711,060.
Information Disclosure Statement
4.    The information disclosure statement (IDS) submitted on 09/30/2020, 01/22/2021, 06/22/2021, 08/30/2021, 10/22/2021, and 12/22/2021, the submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Oath/Declaration
5.    Applicant’s Oath was filed on 09/30/2020.

Drawings
6.    Applicant’s drawings filed on 09/30/2020 has been inspected and is in compliance with MPEP 608.01.
Specification
7.    Applicant’s specification filed on 09/30/2020 has been inspected and is in compliance with MPEP 608.02.
Claim Objections
8.    NO objections warranted at initial time of filing for patent.

Remarks
9.	Examiner request Applicant review relevant prior art under the conclusion of this office action.


Claim Rejections - 35 USC § 102
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

10.	Claims 1-6, 8-13 and 15-20 are rejected under 35 U.S.C. 102(a)(1)/(a)(2) as being anticipated by U.S. Patent No. 10102356 hereinafter Sahin.

As per claim 1, Sahin discloses:
A method (Col. 1 Lines 47-51 “In accordance with one aspect of the techniques described herein is a method of processing control commands comprising: receiving first information identifying a first portion of one or more 
detecting, by the data protection system, a request to perform a restricted operation with respect to a recovery dataset configured to be used by a storage system to recover (Col. 9 Lines 27-47 “The control path, also sometimes referred to as the management path, may be characterized as the path or flow of data management or control commands through a system. For example, the control or management path may be the logical flow through hardware and software components or layers in connection with issuing data storage management command to and/or from a data storage system, and also receiving responses (possibly including requested data) to such control or management commands. Such commands may be, for example, to establish or modify data services, provision storage, perform user account management, and the like. For example, commands may be issued over the control path to provision storage for LUNs, create a snapshot, delete a snapshot, define or establish local and/or remote replication services, define or modify a schedule for snapshot or other data replication services, define a RAID group, obtain data storage management and configuration information for display in a graphical user interface of a data storage management program or application, generally modify one or more aspects of a data storage system configuration, and the like .” Col. 19 Lines 4-17 “At step 402, a subset of data storage entities, such as a subset of defined LUNs and associated snapshots of such LUNs, for which secure authentication of the control path is required for execution of control 
from a data corruption event within the storage system (Col. 10 Lines 41-52 “In a case where only the data path is compromised in connection with a system having LUNs and snapshots thereof such as mentioned above, malicious commands may be issued over the compromised data path causing data corruption of the source LUN and/or its snapshot LUN. For example, the data path may be compromised whereby malicious I/O commands are issued to the source LUN and/or its snapshot such as to overwrite existing valid customer data with bad, corrupt or invalid data. Once discovered, data recovery to an earlier point in time copy of the source LUN may be possible such as by restoring the source LUN to an earlier snapshot of the LUN.”)
monitoring, by the data protection system in response to the request, for an occurrence of a predetermined set of one or more authorization events performed with one or more hardware tokens (Col. 19 Lines 20-29 “In step 406, the pass code provider is configured to require two-factor authentication of a user requesting a pass code. As described elsewhere herein, step 406 may include configuring a particular hardware token or fob having an associated seed used to Col. 19 Lines 30-32 “At step 408, a user connects to the pass code provider and is authenticated by the pass code provider using two-factor authentication. At step 409, a determination is made as to whether user authentication in step 408 was successful. .”); 
and preventing, by the data protection system, the restricted operation from being executed until the each of the one or more authorization events included in the predetermined set occurs (Col. 19 Lines 32-57 “It step 409 evaluates to no, control proceeds to step 411 to return an authentication failure message to the user. If step 409 evaluates to yes, control proceeds to step 410 where the pass code provider generates a pass code in accordance with one or more criteria and provides the generated pass code to the user. At step 412, over the control path, the user issues a control command to the data storage system and also provides the pass code. The control command in step 412 may be one of the control commands in the subset of control commands defined via steps 402 and 404 that requires a valid pass code in order for the data storage system to execute the control commands. At step 414, the data storage system receives the pass code and control command. In step 416, the data storage system determines a computed pass code for the control command received using the same algorithm and one or more criteria used by the pass code provider in generating the pass code in step 410. In 

As per claim 2, Sahin discloses:
The method of claim 1, further comprising: detecting, by the data protection system while performing the monitoring, that each of the one or more authorization events included in the predetermined set occurs; and allowing, by the data protection system, the restricted operation to be executed (Col. 19 Lines 30-52).

As per claim 3, Sahin discloses:
The method of claim 2, wherein the allowing the restricted operation to be executed comprises performing the restricted operation (Col. 19 Lines 30-52).

As per claim 4, Sahin discloses:
The method of claim 2, wherein the allowing the restricted operation to be executed comprises directing the storage system to perform the restricted operation (Col. 9 Lines 27-47 and Col. 19 Lines 4-52).

As per claim 5, Sahin discloses:
The method of claim 2, wherein: the recovery dataset is stored within an additional storage system remote from the storage system; and the allowing the restricted operation to be executed comprises directing the additional storage system to perform the restricted operation (Col. 9 Lines 27-47).

As per claim 6, Sahin discloses:
The method of claim 1, wherein the occurrence of the predetermined set of one or more authorization events comprises a communicative coupling of the one or more hardware tokens with one or more hardware token readers associated with the data protection system (Col. 11 Lines 47-54).

As per claim 8, Sahin discloses:
The method of claim 1, wherein: a total of N hardware tokens are authorized to be used with the data protection system, where N is an integer greater than two; and the predetermined set of one or more authorization events comprises authorization events performed by at least M hardware tokens included in the N hardware tokens, where M is an integer greater than one (Col. 12 Lines 58- Col. 13 Line 21).

As per claim 9, Sahin discloses:
The method of claim 1, wherein: the monitoring further comprises monitoring for an occurrence of a predetermined additional set of one or more 

As per claim 10, Sahin discloses:
The method of claim 1, further comprising preventing, by the data protection system, the restricted operation from being executed unless the one or more authorization events occur within a predetermined amount of time (Col. 11 Lines 55- Col. 12 Line 2 and 12 Lines 58- Col. 13 Line 21).

As per claim 11, Sahin discloses:
The method of claim 1, further comprising: detecting, by the data protection system prior to the request, an anomaly associated with the storage system; and directing, by the data protection system prior to the request and in response to detecting the anomaly, the storage system to generate the recovery dataset (Col. 9 Line 64- Col. 10 Line 30).

As per claim 12, Sahin discloses:
The method of claim 1, further comprising: directing, by the data protection system, the storage system to generate a plurality of recovery datasets over time, the recovery datasets usable to restore data maintained by the storage system to a state corresponding to a selectable point in time; wherein the 

As per claim 13, Sahin discloses:
The method of claim 1, wherein the restricted operation is configured to perform at least one of a deletion of the recovery dataset, a modification of the recovery dataset, or a modification of a parameter included in a data protection parameter set associated with a recovery dataset (Col. 9 Lines 27-47).

As per claim 15, Sahin discloses:
The method of claim 1, wherein the data protection system is implemented by a controller within the storage system (Figs. 1 and 3).

As per claim 16, Sahin discloses:
The method of claim 1, wherein the data protection system is implemented by a computing system communicatively coupled to the storage system by way of a network (Figs. 1 and 3).

As per claim 17, Sahin discloses:
The method of claim 1, wherein the recovery dataset comprises a snapshot of a storage structure within the storage system (Col. 9 Line 64- Col. 10 Line 30).

As per claim 18, the implementation of the method of claim 1 will execute the system of claim 18. The claim is analyzed with respect to claim 1.

As per claim 19, the claim is analyzed with respect to claim 2. 

As per claim 20, the implementation of the method of claim 1 will execute the non-transitory computer-readable medium (Col. 20 Lines 40-45) of claim 20. The claim is analyzed with respect to claim 1.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

7 is rejected under 35 U.S.C. 103 as being unpatentable over Sahin in view of U.S. Publication No. 20160352518 hereinafter Ford.

As per claim 7, Sahin discloses:
The method of claim 1, further comprising: the recovery dataset (Figs. 1 and 3)

	Sahin does not disclose:
encrypting, by the data protection system, the recovery dataset with a key that is then encrypted with a public key; wherein the occurrence of the predetermined set of one or more authorization events comprises a transmission of a private key corresponding to the public key from the one or more hardware tokens to the data protection system

	Ford discloses:
encrypting, by the data protection system, the recovery dataset with a key that is then encrypted with a public key (para 0100 “The process then decrypts (at 1240) the master recovery object encrypted with the public key to which the recovered private key corresponds using that private recovery key received from the HSM, which reveals the master recovery key (or master recovery key data).”); 
wherein the occurrence of the predetermined set of one or more authorization events comprises a transmission of a private key corresponding to Fig 12, para 0095 “As shown, the process 1200 begins by providing (at 1205) a user interface for the user to enter data for backup recovery. In some embodiments, this interface includes a list of devices that have registered escrow objects for the cloud services account with which the new device has been associated. When the user selects one of the established devices from the list, the new device provides the user with an interface via which the user can enter the passcode for the selected device, from which the escrow key can be generated. The device then receives (at 1210) the user-entered backup recovery code (e.g., the passcode). I.” Para 0096 “Based on the user-entered backup recovery code, the process generates (at 1215) a private escrow key, and escrow key verification data from the private escrow key. As mentioned, the key generation process and subsequent verification data generation process are deterministic, such that if given the same seed data, the process will produce the same key and subsequently the same verification data. Thus, if the user enters the passcode that was used on the selected established device, the new device will generate the correct private escrow key that will unlock the escrow object registered by the selected established device. The process 1200 then sends (at 1220) the generated private escrow key verification data to the HSM with which the escrow object is registered.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of processing control commands of Sahin to include encrypting, by the data 
The motivation would have been to properly control access to backup data by securely decrypting the backup data with an authorized key.

12.	Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Sahin in view of U.S. Publication No. 20180375826 hereinafter Chang.

As per claim 14, Sahin discloses:
The method of claim 1, wherein the data corruption event (Col. 10 Lines 24-30)

	Sahin does not disclose:
data corruption event comprises a ransomware attack against a storage system

	Chang discloses:
data corruption event comprises a ransomware attack against a storage system (para 0016 “The third embodiment of the present invention is an active network backup device having the function of ruling out 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of processing control commands of Sahin to include data corruption event comprises a ransomware attack against a storage system, as taught by Chang.
The motivation would have been to protect any data corruption and properly restore data.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
U.S. Publication No. 20190288840 discloses on paragraph 0045 “A solution to securing large volumes of data-at-rest includes using a single master password as a key to decrypt numerous data objects stored in a container (e.g., a folder) stored in memory. This type of data security system is vulnerable to attack and, if compromised, will expose the numerous data objects with the single master password. For example, password manager tools such as DASHLANE and LASTPASS utilize a single password which, if compromised, would provide an attacker with access to all the data encrypted with that single password. The risk grows exponentially due to increased efforts in computer hacking and the proliferation of viruses, malware, and ransomware developed by bad actors to exploit vulnerabilities of existing key and password management tools.” Paragraph 0074 “In some embodiments, the cryptographic key is optionally encrypted using a backup public key to create an encrypted cryptographic key that can be decrypted using a backup private key. The backup keys are generally created and stored in an offline environment. For example, a file system (FS) can encrypt the target data by using the cryptographic key. The FS can store the encrypted key shards with the encrypted target data in an archive file on disk. In addition, if a backup public key was created, it may be used to encrypt the cryptographic key, which may then be added to the archive file.”


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GARY S GRACIA/Primary Examiner, Art Unit 2491