Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted is/are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1 and 14 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims of U.S. Patent No. 10671748 and 10127399 in view of Ford et al (US 20160352518), hereafter Ford.
Instant App. 16870084
Pat. #: 10671748
Pat. #: 10127399
1. A method for managing keys for objects stored in a cloud service that stores objects, the method comprising: storing keys at a key server in the cloud service, wherein the keys stored at the key server are always encrypted at the cloud service; associating the keys with a manifest at the key server, wherein the manifest identifies objects associated with the keys stored at the key server; storing a master key at a client, wherein all decryption of the keys stored at the key server occurs at the client such that the keys are never exposed in an unencrypted form at the cloud service; accessing the keys and the objects from the cloud service in an encrypted form; and decrypting the keys and the objects at the client, wherein the master key is used decrypt the keys needed to decrypt the encrypted objects accessed from the cloud service.
14. A non-transitory computer readable medium comprising computer executable instructions for performing operations, the operations including: storing keys at a key server in the cloud service, wherein the keys stored at the key server are always encrypted at the cloud service; associating the keys with a manifest at the key server, wherein the manifest identifies objects associated with the keys stored at the key server; storing a master key at a client, wherein all decryption of the keys stored at the key server occurs at the client such that the keys are never exposed in an unencrypted form at the cloud service; accessing the keys and the objects from the cloud service in an encrypted form; and decrypting the keys and the objects at the client, wherein the master key is used decrypt the keys needed to decrypt the encrypted objects accessed from the cloud service.
1. A method for protecting data associated with a client, the method comprising: encrypting first objects with a first key and second objects with a second key; encrypting the first key with a first master key and the second key with a second master key; uploading the first objects, the second objects, the encrypted first key and the encrypted second key to a cloud service, wherein the cloud service includes: a first appliance associated with a first storage and a second appliance associated with a second storage, wherein at least one of the first appliance and the second appliance is configured as a key server that is configured to provide a key management service to the client and manage a plurality of encrypted keys including the encrypted first key and the encrypted second key; and a manifest that associates the encrypted first and second objects with the encrypted first and second keys, wherein the encrypted first key is associated with hashes of the encrypted first objects in the manifest and the encrypted second key is associated with hashes of the encrypted second objects in the manifest, wherein the cloud service performs load balancing for the first and second objects such that the encrypted first objects are stored by the first appliance in the first storage and the encrypted second objects are stored by the second appliance in the second storage.
11. A non-transitory computer readable medium comprising computer executable instructions for performing operations, the operations including: encrypting first objects with a first key and second objects with a second key;
encrypting the first key with a first master key and the second key with a second master key; uploading the first objects, the second objects, the encrypted first key and the encrypted second key to a cloud service, wherein the cloud service includes: a first appliance associated with a first storage and a second appliance associated with a second storage, wherein at least one of the first appliance and the second appliance is configured as a key server that is configured to provide a key management service to the client and manage a plurality of encrypted keys including the encrypted first key and the encrypted second key; and a manifest that associates the encrypted first and second objects with the encrypted first and second keys, wherein the encrypted first key is associated with hashes of the encrypted first objects in the manifest and the encrypted second key is associated with hashes of the encrypted second objects in the manifest, wherein the cloud service performs load balancing for the first and second objects such that the encrypted first objects are stored by the first appliance in the first storage and the encrypted second objects are stored by the second appliance in the second storage.

1. A method for accessing an encrypted object stored in a cloud service accessed over a network, the method comprising:
sending a request for the encrypted object to the cloud service over a network connection by a client, wherein the cloud service includes a key server configured to provide a key management service to the client and manage a plurality of encrypted keys for the client and a server configured to manage a plurality of encrypted objects, wherein each of the encrypted objects is associated with at least one of the encrypted keys, wherein the plurality of encrypted objects and the plurality of encrypted keys are stored on storage devices associated with the cloud service; after the cloud service identifies the encrypted object from the request and identifies an encrypted key associated with the encrypted object using a manifest that identifies which of the plurality of encrypted keys are associated with which of the plurality of encrypted objects, receiving the encrypted object from the cloud service and receiving the encrypted key associated with the encrypted object from the cloud service; decrypting the encrypted key with a master key at the client to obtain a decrypted key, wherein the master key is generated at the client and the cloud service initiates the generation of the master key, wherein the master key is one of a plurality of master keys, wherein a first master key included in the plurality of master keys is configured to decrypt certain encrypted keys included in the plurality of encrypted keys, maintained by the cloud service, that cannot be decrypted by a second master key included in the plurality of master keys; and decrypting the encrypted object with the decrypted key at the client to obtain a decrypted object, wherein the decrypted object and the decrypted key are never in clear to the cloud service and are never transmitted unencrypted to the cloud service.
11.	A method for storing an object at a cloud service from a client, the method comprising:
encrypting the object with a key to generate an encrypted object at the client; encrypting the key to generate an encrypted key at the client, wherein the key is encrypted with a master key known only to the client, wherein the master key is generated at the client and wherein the cloud service initiates generation of the master key; and
uploading, by the client, the encrypted key and the encrypted object to the cloud service without exposing the key or the encrypted object to the cloud service, wherein the cloud service provides a key management service to the client that includes a key server configured to store and manage a plurality of encrypted keys on one or more storage devices and wherein the cloud service includes a server configured to manage a plurality of encrypted data objects that are stored on one or more storage devices, wherein the cloud service maintains a manifest that includes associations between the plurality of encrypted keys and the plurality of encrypted data objects, wherein the manifest allows the cloud service to identify the encrypted key with the encrypted object; and storing the encrypted key by the key server and storing the encrypted data object by the server, wherein both the encrypted key and the encrypted data object are downloaded to the client and decrypted at the client whenever the encrypted data object is requested by the client such that the key is never transmitted unencrypted to the cloud service, wherein the plurality of encrypted keys are associated with a plurality of related master keys, wherein the plurality of related master keys are associated with multiple users based on rights of the users such that access to the encrypted object is controlled at least by the rights of the users and the plurality of related master keys, wherein a first master key included in the plurality of related master keys is configured to decrypt certain encrypted keys included in the plurality of encrypted keys, maintained by the cloud service, that cannot be decrypted by a second master key included in the plurality of related master keys.



But the analogous art Ford teaches storing keys at a key server in the cloud service, wherein the keys stored at the key server are always encrypted at the cloud service; ([002] store (i) the set of backup data encrypted with a set of data encryption keys, (ii) the set of data encryption keys encrypted with a master recovery key, and (iii) several copies of master recovery key data [039] in a remote backup server. Each of the copies of the master recovery key data is encrypted with a recovery key, which is twice-encrypted on a set of secure servers).
Therefore it is prima facie obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined inventions of 10671748 and 10127399 to include the idea of storing encrypted set of keys at the secure servers as taught by Ford so that the new device uses the private escrow key to decrypt the recovery key and then decrypt one of the copies of the master recovery key stored with the backup ([007]).
Therefore the corresponding dependent claims are also rejected for the same rationale.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1 – 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ford et al (US 20160352518), hereafter Ford and Nair et al (US 20150229471), hereafter Nair.
Claim 1: Ford teaches a method for managing keys for objects stored in a cloud service that stores objects, the method comprising: storing keys at a key server in the cloud service, wherein the keys stored at the key server are always encrypted at the cloud service; ([002] store (i) the set of backup data encrypted with a set of data encryption keys, (ii) the set of data encryption keys encrypted with a master recovery key, and (iii) several copies of master recovery key data [039] in a remote backup server. Each of the copies of the master recovery key data is encrypted with a recovery key, which is twice-encrypted on a set of secure servers);
associating the keys with a manifest at the key server, wherein the manifest identifies objects associated with the keys stored at the key server; ([0114] process identifies the set of keychain (or other data (i.e., manifest)) items synchronized between the subset of devices that share the particular set of criteria. Each keychain item is tagged as belonging to one or more views, based on the type of data and [0117] process then encrypts the item keys and stores the encrypted keybag in the designated location);
storing a master key at a client, wherein all decryption of the keys stored at the key server occurs at the client such that the keys are never exposed in an unencrypted form at the cloud service; ([094, 99-102] the user device first decrypts the recovery object using the private escrow key, then decrypts the master recovery object, then uses the master recovery key to decrypt the encrypted backup keybag, then uses the keys in the recovered backup keybag to decrypt the backup keychain data..., and the use of the verification data securely protects the private recovery key without the recovery key ever being sent unencrypted between the secure servers and the user device);
accessing the keys and the objects from the cloud service in an encrypted form; ([0004] each of the pieces of confidential data is encrypted with a data encryption key. Recovering the stored backup also requires access to the data encryption keys. These are stored in a keybag, along with the backup, that is itself encrypted with a master recovery key and [062] the process encrypts the item keys using the public master recovery key and stores the encrypted keybag and the entire keybag storage structure is encrypted);
Ford is silent on and decrypting the keys and the objects at the client, wherein the master key is used decrypt the keys needed to decrypt the encrypted objects accessed from the cloud service.
But analogous art teaches and decrypting the keys and the objects at the client, wherein the master key is used decrypt the keys needed to decrypt the encrypted objects accessed from the cloud service. ([0031] once the Content Encryption Key (CEK) has been acquired, the system decrypts the CEK using the KEK that is stored in secure storage on the user device. Once the CEK is decrypted, decrypting the requested content as it is provided, using the decrypted CEK. After decryption of the content, the received content is displayed).
Therefore it is prima facie obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ford to include the idea of master key is used for decryption as taught by Nair so that in order to ensure the security of user device and thus the security of encrypted content that is provided using user device, it is necessary to establish and maintain a trust relationship between the service provider and the user device ([051]).
Claim 14: Ford teaches a non-transitory computer readable medium comprising computer executable instructions for performing operations, the operations including (Fig. 22): storing keys at a key server in the cloud service, wherein the keys stored at the key server are always encrypted at the cloud service; associating the keys with a manifest at the key server, wherein the manifest identifies objects associated with the keys stored at the key server; storing a master key at a client, wherein all decryption of the keys stored at the key server occurs at the client such that the keys are never exposed in an unencrypted form at the cloud service; accessing the keys ([002] store (i) the set of backup data encrypted with a set of data encryption keys, (ii) the set of data encryption keys encrypted with a master recovery key, and (iii) several copies of master recovery key data [039] in a remote backup server. Each of the copies of the master recovery key data is encrypted with a recovery key, which is twice-encrypted on a set of secure servers; [0114] process identifies the set of keychain (or other data (i.e., manifest)) items synchronized between the subset of devices that share the particular set of criteria. Each keychain item is tagged as belonging to one or more views, based on the type of data and [0117] process then encrypts the item keys and stores the encrypted keybag in the designated location; [094, 99-102] the user device first decrypts the recovery object using the private escrow key, then decrypts the master recovery object, then uses the master recovery key to decrypt the encrypted backup keybag, then uses the keys in the recovered backup keybag to decrypt the backup keychain data..., and the use of the verification data securely protects the private recovery key without the recovery key ever being sent unencrypted between the secure servers and the user device; [0004] each of the pieces of confidential data is encrypted with a data encryption key. Recovering the stored backup also requires access to the data encryption keys. These are stored in a keybag, along with the backup, that is itself encrypted with a master recovery key and [062] the process encrypts the item keys using the public master recovery key and stores the encrypted keybag and the entire keybag storage structure is encrypted).
Ford is silent on and decrypting the keys and the objects at the client, wherein the master key is used decrypt the keys needed to decrypt the encrypted objects accessed from the cloud service.
([0031] once the CEK has been acquired, the system decrypts the CEK using the KEK that is stored in secure storage on the user device. Once the CEK is decrypted, decrypting the requested content as it is provided, using the decrypted CEK. After decryption of the content, the received content is displayed).
Therefore it is prima facie obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ford to include the idea of master key is used for decryption as taught by Nair so that in order to ensure the security of user device and thus the security of encrypted content that is provided using user device, it is necessary to establish and maintain a trust relationship between the service provider and the user device ([051]).
Claim 2: the combination of Ford and Nair teaches the method of claim 1, further comprising storing the keys in hierarchical form at the cloud service. (Ford: [140] application-specific keys enable access to application-related data stored with a cloud service, via a hierarchy of nested keys).
Claim 3: the combination of Ford and Nair teaches the method of claim 1, further comprising a set of master keys at the client. (Ford: [041] the backup creating device (the first device) stores (i) encrypted backup data, (ii) a keybag encrypted with a master recovery key).
Claim 4: the combination of Ford and Nair teaches the method of claim 3, wherein the set of master keys are stored on a storage device, a removable device, a smart card protected by a personal identification number, a hardware token, or an electronic key ring. (Ford: [0127]  local storage is representative of the various local non-volatile and/or volatile memory that stores the keychain data, item keys, public/private key pairs of the device, public keys of the related devices, etc).
Claim 5: the combination of Ford and Nair teaches the method of claim 1, wherein an object is re-encrypted with associated keys and reuploaded to the cloud service when use of an object is completed. (Ford: [0130, 134-135] the process adds item keys for the new items to the keybag and removes item keys that are no longer needed… re-encrypts the updated keybag with the master recovery key and stores the encrypted keybag in the backup storage location).
Claim 6: the combination of Ford and Nair teaches the method of claim 1, wherein the objects are stored as de-duplicated blocks and wherein each of the de-duplicated blocks is associated with a key. (Nair: [096-100] KEY3 is used to verify the signature of other code blobs of the boot ROM including the OS. Lpriv is a fourth 2048-bit RSA private key that is unique to the device).
Therefore it is prima facie obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ford to include the idea of having de-duplicated blocks associated with key as taught by Nair so that in order to ensure the security of user device and thus the security of encrypted content that is provided using user device, it is necessary to establish and maintain a trust relationship between the service provider and the user device ([0051]).
Claim 7: the combination of Ford and Nair teaches the method of claim 1, further comprising identifying keys needed to decrypt an object once the object is requested by the client. (Ford: [0114] the process then identifies the set of keychain (or other data) items synchronized between the subset of devices that share the particular set of criteria. Each keychain item is tagged as belonging to one or more views, based on the type of data).
Claim 8: the combination of Ford and Nair teaches the method of claim 1, wherein the keys are stored on multiple key servers or appliances. (Ford: [056] creating a backup for a set of confidential data items shared among multiple associated devices (a set of devices associated with the same cloud services account).
Claim 9: the combination of Ford and Nair teaches the method of claim 1, wherein the key server provided by the cloud service is a key management server or appliance configured to manage keys. (Ford: [002] the recovery key for each particular device is first encrypted with an escrow key of the particular device to create a recovery object, which is encrypted with a key associated with the secure servers to create an escrow object stored with the set of secure servers).
Claim 10: the combination of Ford and Nair teaches the method of claim 1, wherein the key server performs a data protection operation to backup the keys to another storage device or service. (Ford: [006, 144] each of the devices also registers its recovery key as a secure object stored with a set of secure servers, even if the owner of the cloud services is the same as the owner of the secure escrow service, a brute force attempt to access the recovery key will be protected by the HSMs and the limited number of attempts allowed by the highly secure hardware security modules (HSMs)).
Claim 11: the combination of Ford and Nair teaches the method of claim 1, further comprising generating, by the client, a new key, encrypting an object with the new key, encrypting the new key with the master key, and providing the encrypted object and the encrypted key to the key server. (Ford: [0133-136] the device updating the backup specifically adds the new keychain items to the backup storage as part of the keychain, process also adds item keys for the new items to the keybag. For each new item, the item is encrypted with an item key, and the corresponding decryption key must be accessible as part of the keybag, the process encrypts the updated keybag with the master recovery key and stores the encrypted keybag in the backup storage location).
Claim 12: the combination of Ford and Nair teaches the method of claim 1, wherein the key server initiates the generation of a new key by instructing the client to generate a new key. (Ford: [002] recovery key for each particular device is first encrypted with an escrow key of the particular device, generated based on user-entered data, to create a recovery object, which is encrypted with a key associated with the secure servers to create an escrow object stored with the set of secure servers).
Claim 13: the combination of Ford and Nair teaches the method of claim 1, further comprising storing the master keys in hierarchical form at the client. (Ford: [0058, Figs. 4, 18A-B] the application-specific keys provide access to a hierarchy of keys and data stored in a [060] backup storage such as an internal drive owned by the user).
Claim 15: the combination of Ford and Nair teaches the non-transitory computer readable medium of claim 14, further comprising storing the keys in hierarchical form at the cloud service. (Ford: [140] application-specific keys enable access to application-related data stored with a cloud service, via a hierarchy of nested keys).
Claim 16: the combination of Ford and Nair teaches the non-transitory computer readable medium of claim 14, further comprising a set of master keys at the client. (Ford: [041] the backup creating device (the first device) stores (i) encrypted backup data, (ii) a keybag encrypted with a master recovery key).
Claim 17: the combination of Ford and Nair teaches the non-transitory computer readable medium of claim 16, wherein the set of master keys are stored on a storage device, a removable device, a smart card protected by a personal identification number, a hardware token, or an electronic key ring. (Ford: [0127]  local storage is representative of the various local non-volatile and/or volatile memory that stores the keychain data, item keys, public/private key pairs of the device, public keys of the related devices, etc).
Claim 18: the combination of Ford and Nair teaches the non-transitory computer readable medium of claim 14, wherein an object is re-encrypted with associated keys and reuploaded to the cloud service when use of an object is completed. (Ford: [0130, 134-135] the process adds item keys for the new items to the keybag and removes item keys that are no longer needed… re-encrypts the updated keybag with the master recovery key and stores the encrypted keybag in the backup storage location).
Claim 19: the combination of Ford and Nair teaches the non-transitory computer readable medium of claim 14, where the objects are stored as de-duplicated blocks and wherein each of the de-duplicated blocks is associated with a key. (Nair: [096-100] KEY3 is used to verify the signature of other code blobs of the boot ROM including the OS. Lpriv is a fourth 2048-bit RSA private key that is unique to the device).
Therefore it is prima facie obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ford to include the idea of having de-duplicated blocks associated with key as taught by Nair so that in order to ensure the security of user device and thus the security of encrypted content that is provided using user device, it is necessary to establish and maintain a trust relationship between the service provider and the user device ([0051]).
Claim 20: the combination of Ford and Nair teaches the non-transitory computer readable medium of claim 14, further comprising identifying keys needed to decrypt an object once the object is requested by the client. (Ford: [0114] the process then identifies the set of keychain (or other data) items synchronized between the subset of devices that share the particular set of criteria. Each keychain item is tagged as belonging to one or more views, based on the type of data).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See form PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Badri -- Champakesan whose telephone number is (571)270-3867. The examiner can normally be reached M-F: 8:30am-5pm (EST). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on 5712727624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and 






/BADRINARAYANAN /Examiner, Art Unit 2496.