Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



DETAILED ACTION
This action is in response to the communication filed on 04/08/2020.
Claims 1-20 are under examination.
The Information Disclosure Statements filed on 08/27/2020 has been entered and considered.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-7 are rejected under 35 U.S.C. 101 because the claimed invention is not directed to patent eligible subject matter.  Based upon consideration of all of the relevant factors with respect to the claim as a whole, claim(s) 1-7 are determined to be directed to an abstract idea.  The rationale for this determination is explained below:  Claims 1-7 recite a method. However, these claims do not recite a machine to execute the said method. Therefore, claim(s) 1-7 are determined to be directed to an abstract idea.

Claims 8-14 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because Claims 8-14 recite an encryption proxy plugin which is not a process, machine, manufacture or composition of matter.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1) and El-Moussa et al. (US 2019/0034645 A1).
Regarding claim 1, Cain discloses A method of operating an intermediate service to perform encryption on a storage volume, the method comprising: [[intercepting]] a request transferred from a container orchestrator to a container storage interface plugin [par. 0018, “The container orchestrator 122 may also include a standardized container storage interface 123. The container storage interface 123 has a plug-in architecture and can provision storage in the form of a persistent volume from a storage source using a corresponding one of a plurality of available container storage interface plug-ins 128”, par. 0022, “ The container orchestrator 122 may use the container storage interface 123 to send the request to the storage virtualization system 130 through the container storage interface API 144 of the control plane 140 (with interface 144 acting as a server)”]; encrypting the storage volume [par. 0020, “The control plane 140 may also maintain a list of characteristics of the storage associated with each of those available plug-ins 128, such as performance characteristics (e.g. latency, IOPS or Input/Output Operations per Second, etc.), security characteristics (e.g., encryption, isolation, etc.)…”]; and transferring the intercepted request to the container storage interface plugin [par. 0018, “The container orchestrator 122 may also include a standardized container storage interface 123. The container storage interface 123 has a plug-in architecture and can provision storage in the form of a persistent volume from a storage source using a corresponding one of a plurality of available container storage interface plug-ins 128”, par. 0022, “ The container orchestrator 122 may use the container storage interface 123 to send the request to the storage virtualization system 130 through the container storage interface API 144 of the control plane 140 (with interface 144 acting as a server)”].
Cain does not explicitly disclose intercepting the request, transferring the intercepted request to the intermediate service; examining the request to determine if encryption is needed; in response to encryption being needed, encrypting the storage volume.
However El-Moussa et al. teaches intercepting the request, transferring the intercepted request to the intermediate service; examining the request to determine if encryption is needed; in response to encryption being needed, encrypting the storage volume [abs, “A data storage device providing secure data storage for a software application executed by an operating system in a computer system including a file system operation interceptor that detects requests for file system operations in respect of data for the application; a file system operation analyzer that is responsive to the interceptor and that analyses an intercepted file system operation request to identify attributes associated with the file system operation; a comparator that compares the attributes with a predefined security policy definition; a cryptographic unit that encrypts and/or decrypts data using one or more cryptographic functions; wherein the cryptographic unit is operable in response to the comparator to perform an encryption or decryption operation on the data and effect the performance of the requested file system operation by the operating system”, fig. 3, par. 0039, “At 306 the comparator 218 compares the attributes of the requested file system operation with the security policy 216. Where criteria of the security policy are satisfied at 308 the method performs an appropriate cryptographic operation”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of El-Moussa et al. into the teaching of Cain with the motivation of providing secure data storage for a software application as taught by El-Moussa et al. [El-Moussa et al.: abs.].
Regarding claim 3, the rejection of claim 1 is incorporated.
Cain further discloses the request comprises a request to create the storage volume [par. 0010, “receives a request for storage from a containerized application, acquires a plurality of different storage mounts from local and remote storage types in accordance with the request, creates a virtual persistent volume that aggregates the plurality of different storage mounts”].
Regarding claim 7, the rejection of claim 1 is incorporated.
Cain further discloses the storage volume comprises a persistent storage volume [par. 0018, “The container storage interface 123 has a plug-in architecture and can provision storage in the form of a persistent volume from a storage source using a corresponding one of a plurality of available container storage interface plug-ins 128”].

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1) and El-Moussa et al. (US 2019/0034645 A1) as applied to claims 1, 3 and 7 above, and further in view of Dixit et al. (US 2020/0226107 A1).
Regarding claim 2, the rejection of claim 1 is incorporated.
Cain and El-Moussa et al. disclose a request from a container orchestrator to a container storage interface plugin. 
They do not explicitly disclose the request comprises a remote procedure call.
However Dixit et al. teaches the request comprises a remote procedure call [pars. 0018, 0022,  container orchestrator, par. 0025, “The interfaces 200 can include one or more application programming interfaces (APIs), such as a restful state transfer (REST) API, remote procedure calls (e.g., gRPC Remote Procedure Call (gRPC))”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Dixit et al. into the teaching of Cain and El-Moussa et al. with the motivation such that the interfaces can provide for interoperability between the storage data services layer, other elements of the distributed storage data platform, and external elements as taught by Dixit et al. [Dixit et al.: par. 0025].

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1) and El-Moussa et al. (US 2019/0034645 A1) as applied to claims 1, 3 and 7 above, and further in view of Shtivelman et al. (US 2020/0356498 A1).
Regarding claim 4, the rejection of claim 1 is incorporated.
Cain and El-Moussa et al. disclose a request from a container orchestrator to a container storage interface plugin. 
They do not explicitly disclose a request to attach the storage volume.
However Shtivelman et al. teaches a request to attach the storage volume [par. 0046, “a discovery request may be in the form of a request from an orchestrator to attach a specified volume to a specified host”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Shtivelman et al. into the teaching of Cain and El-Moussa et al. with the motivation to facilitate mapping a target volume of the target storage system which is connected to the host as taught by Shtivelman et al. [Shtivelman et al.: par. 0019].

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1) and El-Moussa et al. (US 2019/0034645 A1) as applied to claims 1, 3 and 7 above, and further in view of Swartz et al. (US 2007/0180509 A1).
Regarding claim 5, the rejection of claim 1 is incorporated.
Cain and El-Moussa et al. disclose performing the encryption. 
They do not explicitly disclose performing the encryption comprises performing the encryption using cryptsetup library.
However Swartz et al. teaches performing the encryption comprises performing the encryption using cryptsetup library [par. 0548, “This mechanism may also be used to setup a file as an encrypted virtual block device by using the cryptsetup utility (for example) to map a layer of encryption on top of a loop device that has been mapped to a file using the losetup utility”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Swartz et al. into the teaching of Cain and El-Moussa et al. with the motivation to make it more difficult to reverse engineer or make unauthorized modifications to bypass license restrictions and copy protection enforcement as taught by Swartz et al. [Swartz et al.: par. 0174].

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1) and El-Moussa et al. (US 2019/0034645 A1) as applied to claims 1, 3 and 7 above, and further in view of Egorov et al. (US 2017/0323114 A1).
Regarding claim 6, the rejection of claim 1 is incorporated.
Cain and El-Moussa et al. disclose performing the encryption. 
They do not explicitly disclose performing the encryption comprising making the storage volume accessible to a node.
However Egorov et al. teaches performing the encryption comprising making the storage volume accessible to a node [par. 0009, “the ciphertexts are obtained by the distributed storage and processing application encrypted with a data-owner encryption key of a data owner that caused data in the ciphertexts to be loaded to the distributed storage and processing application… accessing a transformation key with a first computing node among the cluster of nodes in the distributed storage and processing application… accessing the transformed ciphertext and the temporary access key with a second computing node among the cluster of nodes in the distributed storage and processing application”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Egorov et al. into the teaching of Cain and El-Moussa et al. with the motivation of securing data in a distributed storage and processing application as taught by Egorov et al. [Egorov et al.: par. 0009].

Claims 8, 10 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1), El-Moussa et al. (US 2019/0034645 A1) and Upton (US 2003/0097574 A1).
Regarding claim 8, it recites limitation similar to claim 1. The reason for the rejection of claim 1 is incorporated herein. Cain teaches the encryption unit as hardware or software [par. 0036].
They do not explicitly disclose the encryption proxy plugin.
However Upton teaches the encryption proxy plugin [par. 0127,  proxy plug-in 316 (in which case the proxy may also provide additional functionality, such as, for example, secure socket layer (SSL) encryption 318)].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Upton into the teaching of Cain and El-Moussa et al. with the motivation to provide for server security and entitlement processing that allows security and business logic plugins to be inserted into a security service hosted by a server as taught by Upton [Upton: par. 0101].
Regarding claim 10, the rejection of claim 8 is incorporated.
Cain further discloses the request comprises a request to create the storage volume [par. 0010, “receives a request for storage from a containerized application, acquires a plurality of different storage mounts from local and remote storage types in accordance with the request, creates a virtual persistent volume that aggregates the plurality of different storage mounts”].
Regarding claim 14, the rejection of claim 1 is incorporated.
Cain further discloses the storage volume comprises a persistent storage volume [par. 0018, “The container storage interface 123 has a plug-in architecture and can provision storage in the form of a persistent volume from a storage source using a corresponding one of a plurality of available container storage interface plug-ins 128”].

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1), El-Moussa et al. (US 2019/0034645 A1) and Upton (US 2003/0097574 A1) as applied to claims 8, 10 and 14 above, and further in view of Dixit et al. (US 2020/0226107 A1).
Regarding claim 9, the rejection of claim 1 is incorporated.
Cain and El-Moussa et al. disclose a request from a container orchestrator to a container storage interface plugin. 
They do not explicitly disclose the request comprises a remote procedure call.
However Dixit et al. teaches the request comprises a remote procedure call [pars. 0018, 0022,  container orchestrator, par. 0025, “The interfaces 200 can include one or more application programming interfaces (APIs), such as a restful state transfer (REST) API, remote procedure calls (e.g., gRPC Remote Procedure Call (gRPC))”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Dixit et al. into the teaching of Cain, El-Moussa et al. and Upton with the motivation such that the interfaces can provide for interoperability between the storage data services layer, other elements of the distributed storage data platform, and external elements as taught by Dixit et al. [Dixit et al.: par. 0025].

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1), El-Moussa et al. (US 2019/0034645 A1) and Upton (US 2003/0097574 A1) as applied to claims 8, 10 and 14  above, and further in view of Shtivelman et al. (US 2020/0356498 A1).
Regarding claim 11, the rejection of claim 8 is incorporated.
Cain and El-Moussa et al. disclose a request from a container orchestrator to a container storage interface plugin. 
They do not explicitly disclose a request to attach the storage volume.
However Shtivelman et al. teaches a request to attach the storage volume [par. 0046, “a discovery request may be in the form of a request from an orchestrator to attach a specified volume to a specified host”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Shtivelman et al. into the teaching of Cain, El-Moussa et al. and Upton with the motivation to facilitate mapping a target volume of the target storage system which is connected to the host as taught by Shtivelman et al. [Shtivelman et al.: par. 0019].

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1), El-Moussa et al. (US 2019/0034645 A1) and Upton (US 2003/0097574 A1) as applied to claims 8, 10 and 14  above, and further in view of Swartz et al. (US 2007/0180509 A1).
Regarding claim 12, the rejection of claim 8 is incorporated.
Cain and El-Moussa et al. disclose performing the encryption. 
They do not explicitly disclose performing the encryption comprises performing the encryption using cryptsetup library.
However Swartz et al. teaches performing the encryption comprises performing the encryption using cryptsetup library [par. 0548, “This mechanism may also be used to setup a file as an encrypted virtual block device by using the cryptsetup utility (for example) to map a layer of encryption on top of a loop device that has been mapped to a file using the losetup utility”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Swartz et al. into the teaching of Cain, El-Moussa et al. and Upton with the motivation to make it more difficult to reverse engineer or make unauthorized modifications to bypass license restrictions and copy protection enforcement as taught by Swartz et al. [Swartz et al.: par. 0174].

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1), El-Moussa et al. (US 2019/0034645 A1) and Upton (US 2003/0097574 A1) as applied to claims 8, 10 and 14 above, and further in view of Egorov et al. (US 2017/0323114 A1).
Regarding claim 13, the rejection of claim 8 is incorporated.
Cain and El-Moussa et al. disclose performing the encryption. 
They do not explicitly disclose performing the encryption comprising making the storage volume accessible to a node.
However Egorov et al. teaches performing the encryption comprising making the storage volume accessible to a node [par. 0009, “the ciphertexts are obtained by the distributed storage and processing application encrypted with a data-owner encryption key of a data owner that caused data in the ciphertexts to be loaded to the distributed storage and processing application… accessing a transformation key with a first computing node among the cluster of nodes in the distributed storage and processing application… accessing the transformed ciphertext and the temporary access key with a second computing node among the cluster of nodes in the distributed storage and processing application”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Egorov et al. into the teaching of Cain, El-Moussa et al. and Upton with the motivation of securing data in a distributed storage and processing application as taught by Egorov et al. [Egorov et al.: par. 0009].

Claims 15 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1), El-Moussa et al. (US 2019/0034645 A1), Upton (US 2003/0097574 A1) and Baig et al. (US 2014/0149604 A1).
Regarding claim 15, it recites limitation similar to claim 8. The reason for the rejection of claim 8 is incorporated herein.
They do not explicitly disclose perform a method to detect a duplicate address attack in a computing network.
However Baig et al. teaches perform a method to detect a duplicate address attack in a computing network [par. 0039,  duplicate address detection process to ascertain the usability of this address].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Baig et al. into the teaching of Cain, El-Moussa et al. and Upton with the motivation to allows a node to determine whether or not an address it wishes to use is already in use by another node as taught by Baig et al. [Baig et al.: par. 0059].
Regarding claim 17, the rejection of claim 15 is incorporated.
Cain further discloses the request comprises a request to create the storage volume [par. 0010, “receives a request for storage from a containerized application, acquires a plurality of different storage mounts from local and remote storage types in accordance with the request, creates a virtual persistent volume that aggregates the plurality of different storage mounts”].

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1), El-Moussa et al. (US 2019/0034645 A1), Upton (US 2003/0097574 A1) and Baig et al. (US 2014/0149604 A1) as applied to claims 15 and 17 above, and further in view of Dixit et al. (US 2020/0226107 A1).
Regarding claim 16, the rejection of claim 15 is incorporated.
Cain and El-Moussa et al. disclose a request from a container orchestrator to a container storage interface plugin. 
They do not explicitly disclose the request comprises a remote procedure call.
However Dixit et al. teaches the request comprises a remote procedure call [pars. 0018, 0022,  container orchestrator, par. 0025, “The interfaces 200 can include one or more application programming interfaces (APIs), such as a restful state transfer (REST) API, remote procedure calls (e.g., gRPC Remote Procedure Call (gRPC))”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Dixit et al. into the teaching of Cain, El-Moussa et al., Upton and Baig et al.  with the motivation such that the interfaces can provide for interoperability between the storage data services layer, other elements of the distributed storage data platform, and external elements as taught by Dixit et al. [Dixit et al.: par. 0025].

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1), El-Moussa et al. (US 2019/0034645 A1), Upton (US 2003/0097574 A1) and Baig et al. (US 2014/0149604 A1) as applied to claims 15 and 17 above, and further in view of Shtivelman et al. (US 2020/0356498 A1).
Regarding claim 18, the rejection of claim 15 is incorporated.
Cain and El-Moussa et al. disclose a request from a container orchestrator to a container storage interface plugin. 
They do not explicitly disclose a request to attach the storage volume.
However Shtivelman et al. teaches a request to attach the storage volume [par. 0046, “a discovery request may be in the form of a request from an orchestrator to attach a specified volume to a specified host”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Shtivelman et al. into the teaching of Cain, El-Moussa et al., Upton and Baig et al. with the motivation to facilitate mapping a target volume of the target storage system which is connected to the host as taught by Shtivelman et al. [Shtivelman et al.: par. 0019].

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1), El-Moussa et al. (US 2019/0034645 A1), Upton (US 2003/0097574 A1) and Baig et al. (US 2014/0149604 A1) as applied to claims 15 and 17 above, and further in view of Swartz et al. (US 2007/0180509 A1).
Regarding claim 19, the rejection of claim 15 is incorporated.
Cain and El-Moussa et al. disclose performing the encryption. 
They do not explicitly disclose performing the encryption comprises performing the encryption using cryptsetup library.
However Swartz et al. teaches performing the encryption comprises performing the encryption using cryptsetup library [par. 0548, “This mechanism may also be used to setup a file as an encrypted virtual block device by using the cryptsetup utility (for example) to map a layer of encryption on top of a loop device that has been mapped to a file using the losetup utility”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Swartz et al. into the teaching of Cain, El-Moussa et al., Upton and Baig et al. with the motivation to make it more difficult to reverse engineer or make unauthorized modifications to bypass license restrictions and copy protection enforcement as taught by Swartz et al. [Swartz et al.: par. 0174].

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Cain (US 2021/0109683 A1), El-Moussa et al. (US 2019/0034645 A1), Upton (US 2003/0097574 A1) and Baig et al. (US 2014/0149604 A1) as applied to claims 15 and 17 above, and further in view of Egorov et al. (US 2017/0323114 A1).
Regarding claim 20, the rejection of claim 15 is incorporated.
Cain and El-Moussa et al. disclose performing the encryption. 
They do not explicitly disclose performing the encryption comprising making the storage volume accessible to a node.
However Egorov et al. teaches performing the encryption comprising making the storage volume accessible to a node [par. 0009, “the ciphertexts are obtained by the distributed storage and processing application encrypted with a data-owner encryption key of a data owner that caused data in the ciphertexts to be loaded to the distributed storage and processing application… accessing a transformation key with a first computing node among the cluster of nodes in the distributed storage and processing application… accessing the transformed ciphertext and the temporary access key with a second computing node among the cluster of nodes in the distributed storage and processing application”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Egorov et al. into the teaching of Cain, El-Moussa et al., Upton and Baig et al. with the motivation of securing data in a distributed storage and processing application as taught by Egorov et al. [Egorov et al.: par. 0009].
  

 
Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure:
US 10848468 B1		In-flight Data Encryption/decryption For A Distributed Storage Platform
US 20200042214 A1		IMPLEMENTING A BASE SET OF DATA STORAGE FEATURES FOR CONTAINERS ACROSS MULTIPLE CLOUD COMPUTING ENVIRONMENTS
US 20140366155 A1		METHOD AND SYSTEM OF PROVIDING STORAGE SERVICES IN MULTIPLE PUBLIC CLOUDS
US 20090190760 A1		ENCRYPTION AND COMPRESSION OF DATA FOR STORAGE
US 7865741 B1		System And Method For Securely Replicating A Configuration Database Of A Security Appliance
US 20200004451 A1		Software Containers With Security Policy Enforcement At A Data Storage Device Level

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393.  The examiner can normally be reached on 9 AM to 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JASON CHIANG/Primary Examiner, Art Unit 2431