DETAILED ACTION
This office action is in response to the original application filed on November 06, 2020.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Claims 1-20 are pending.

Claim Objections
Claims 9-10, 13-15, 17, and 20 are objected to because of the following informalities: 

claim 9 recites the term “… turns the transportable storage stack offline in case of detecting network and virus attacks and/or hacks. It is not clear how the system turns the storage system offline when it detects network. Appropriate correction is required.

claim 10 recites the word “artitifical”. It should be presented as artificial. Appropriate correction is required.

claim 13 recites “IPs” as an abbreviation. It should be presented in full term at list once in the claim language. Appropriate correction is required.

claim 14 recites “DR” as an abbreviation. It should be presented in full term at list once in the claim language. Appropriate correction is required.

Claim 14 is missing a period “.” at the end of the claim. Appropriate correction is required.

claim 15 recites “VM” as an abbreviation. It should be presented in full term at list once in the claim language. Appropriate correction is required.

claim 17 recites the term “… multifactor multilevel authentication”. It is not clear that both multifactor and multilevel authentication or one of multifactor or multilevel authentication are used. Appropriate correction is required.

Claim 20 (last claim) is objected to because of the following informalities:  It is presented as claim 19. Appropriate correction is required.



Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 3, 7-8, and 10-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Regarding claims 1, 3, 7, 8, and 10-20, the phrases "may be"/ “such as”/”may have”/”may further haver”/”may use”/”may establish”/“for example or e.g.” renders the claim indefinite because it is unclear whether the limitation(s) following the phrase are part of the claimed invention.  See MPEP § 2173.05(d). Appropriate correction is required.

Claim 7 recites the limitation "the embedded transportable air-gapped storage stack" in line 4.  There is insufficient antecedent basis for this limitation in the claim. Appropriate correction is required. Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3 and 6-20 are rejected under 35 U.S.C. 103 as being unpatentable over Shemer (US 10,503,610) in view of Courtney (US Pub. No. 2019/0303603).

	As per claim 1 Shemer discloses:
A storage system or server, comprising: a primary storage stack (storage system 104 in fig. 2 of Shemer) that is accessible through system network (network 103 in fig. 2 of Shemer) for general use and a second transportable air-gapped storage stack (Air Gap 250 and air-gapped storage 264 in fig. 2 of Shemer) which is completely isolated from external world (the storage 264 is in isolated environment 252 in fig. 2 of Shemer); (column 6, line 18-24, management system 268, validation system 269, and recovery system 270 may represent a desktop, a laptop, a tablet, any type of hosts or servers, a mobile phone, a media player, a personal digital assistant (PDA), a personal communicator, a gaming device, a network router or hub, a wireless access point (AP) or repeater, a set-top box, or a combination thereof).
Wherein the second transportable air-gapped storage stack may be accessed by a special protocol. (Column 4, line 25-38 of Shemer, storage system 164 may provide storage services to one or more storage servers (e.g., storage system 104) via a variety of access interfaces and/or protocols such as file-based access protocols and block-based access protocols. The file-based access protocols may include the network file system (NFS) protocol, common Internet file system (CIFS) protocol, and direct access file system protocol, etc. The block-based access protocols may include the small computer system interface (SCSI) protocols, Internet SCSI or iSCSI, and Fibre channel (FC) protocol, etc. Storage system 164 may further provide storage services via an object-based protocol and Hadoop distributed file system (HDFS) protocol) and (column 5, line 40-45 of Shemer, storage system 264 may be similar to or the same as storage system 164 of FIG. 1).
Shemer teaches the method of securing the storage system by only allowing access to the storage system to authorized individuals (see column 6, line 30-40 of Shemer) but fails to disclose the method of using multiple key factor authentications to access the storage stack. 
However, in the same field of endeavor, Courtney teaches this limitation as, (Paragraph 25 of Courtney, in one embodiment, the storage drive may be configured to operate based at least in part on multi-factor authentication. Satisfying each of the factors of authentication may enable one or more features of the storage drive. In some cases, satisfying each of the factors may enable the secure mode of the storage drive).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Shemer and include the above limitation using the teaching of Courtney in order to enhance the security of storage system by using the multi-factor authentication (see paragraph 25 of Courtney).

As per claim 2 Shemer in view of Courtney discloses:
The storage system or server of claim 1 whereas the transportable airgapped storage stack can only communicate with the primary storage stack via an internal virtual network. (Column 5, line 35-40 of Shemer, network 203 may be any type of networks such as a LAN, a fiber network, a storage network, or a combination thereof, wired or wireless. Generally, network 203 is a LAN within the isolated environment 252 and does not expose access to storage system 104 and clients 101-102)

As per claim 3 Shemer in view of Courtney discloses:
The storage system or server of claim 1 whereas all communications between the primary storage stack and the transportable airgapped storage stack is done using special protocol such as SSP protocol, which is only known to these two storage stacks. Column 4, line 25-38 of Shemer, storage system 164 may provide storage services to one or more storage servers (e.g., storage system 104) via a variety of access interfaces and/or protocols such as file-based access protocols and block-based access protocols. The file-based access protocols may include the network file system (NFS) protocol, common Internet file system (CIFS) protocol, and direct access file system protocol, etc. The block-based access protocols may include the small computer system interface (SCSI) protocols, Internet SCSI or iSCSI, and Fibre channel (FC) protocol, etc. Storage system 164 may further provide storage services via an object-based protocol and Hadoop distributed file system (HDFS) protocol).

As per claim 6 Shemer in view of Courtney discloses:
The storage system or server of claim 1 whereas system can be configured so that the transportable storage stack is Write Once Read Many (WORM). (Column 7, line 50-55 of Shemer, backup software 310 may be stored on a read-only memory (ROM), for example a non-volatile memory of storage system 264 ….. the non-volatile memory may be an optical storage media (e.g., CD-ROM), a write once read many (WORM) device (e.g., CD-R, DVD-R), or a semiconductor-based device, such as programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), and electrically programmable read-only memory (EEPROM)).

As per claim 7 Shemer discloses:
An embedded transportable storage stack system, comprising: a virtual or physical storage system which can be either internal or externa! to the system as well as in the cloud: (storage 264 in fig. 2 of Shemer).
Wherein the embedded transportable air-gapped storage stack (Air Gap 250 and air-gapped storage 264 in fig. 2 of Shemer) may be accessed by a special protocol. (Column 4, line 25-38 of Shemer, storage system 164 may provide storage services to one or more storage servers (e.g., storage system 104) via a variety of access interfaces and/or protocols such as file-based access protocols and block-based access protocols. The file-based access protocols may include the network file system (NFS) protocol, common Internet file system (CIFS) protocol, and direct access file system protocol, etc. The block-based access protocols may include the small computer system interface (SCSI) protocols, Internet SCSI or iSCSI, and Fibre channel (FC) protocol, etc. Storage system 164 may further provide storage services via an object-based protocol and Hadoop distributed file system (HDFS) protocol) and (column 5, line 40-45 of Shemer, storage system 264 may be similar to or the same as storage system 164 of FIG. 1) and (column 6, line 18-24, management system 268, validation system 269, and recovery system 270 may represent a desktop, a laptop, a tablet, any type of hosts or servers, a mobile phone, a media player, a personal digital assistant (PDA), a personal communicator, a gaming device, a network router or hub, a wireless access point (AP) or repeater, a set-top box, or a combination thereof).
Shemer teaches the method of securing the storage system by only allowing access to the storage system to authorized individuals (see column 6, line 30-40 of Shemer) but fails to disclose the method of using multiple key factor authentications to access the storage stack. 
However, in the same field of endeavor, Courtney teaches this limitation as, (Paragraph 25 of Courtney, in one embodiment, the storage drive may be configured to operate based at least in part on multi-factor authentication. Satisfying each of the factors of authentication may enable one or more features of the storage drive. In some cases, satisfying each of the factors may enable the secure mode of the storage drive).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Shemer and include the above limitation using the teaching of Courtney in order to enhance the security of storage system by using the multi-factor authentication (see paragraph 25 of Courtney).

As per claim 8 Shemer in view of Courtney discloses:
The system of claim 7, uses an automation so that the transportable storage stack may be offline or online at specific times (e.g. time sensitive} based on schedule or manual intervention. (Column 7, line 15-25 of Shemer, air gap 250 is deactivated, with one or more physical and/or logical ports being closed, to prevent storage system 264 from establishing an external connection with storage system 104, thereby physically isolating the storage system 264 from storage system 104, and thus, network 103).

As per claim 9 Shemer in view of Courtney discloses:
The system of claim 7, automatically turns the transportable storage stack offline in case of detecting network and virus attacks and/or hacks. (Column 6, line 30-40 of Shemer, the administrator can provision and manage storage resources based on a set of policies, rules, and/or service level agreements. In some embodiments, the administrator may configure management system 268 to only allow access of storage system 264 and/or management system 268 to authorized individuals, and perform security measures, such as disabling or locking down storage system 264, management system 268, validation system 269 and/or recovery system 270), when security of the isolated environment 252 has been compromised).

As per claim 10 Shemer in view of Courtney discloses:
The system of claim 7, may have awareness or decide based on artificial intelligence engine that environment is not safe and therefore turns itself offline or move out on its own. (Column 6, line 30-40 of Shemer, the administrator can provision and manage storage resources based on a set of policies, rules, and/or service level agreements. In some embodiments, the administrator may configure management system 268 to only allow access of storage system 264 and/or management system 268 to authorized individuals, and perform security measures, such as disabling or locking down storage system 264, management system 268, validation system 269 and/or recovery system 270), when security of the isolated environment 252 has been compromised) and (column 4, line 53-65 of Shemer, the virtual storage resources can be provisioned, allocated, and/or defined by an administrator or automatically by the storage manager based on a set of software-defined policies. The virtual storage resources may be represented in one or more virtual machines (e.g., virtual storage systems) managed by one or more virtual machine managers (VMMs). Each of the virtual machines can be provisioned to provide a particular type of storage services (e.g., file-based, block-based, object-based, or HDFS) to a client based on a storage policy or service level agreement associated with that particular client as part of software-defined storage services).

As per claim 11 Shemer in view of Courtney discloses:
The system of claim 7, may have threat and environment awareness and take a plurality of actions based on the nature of threat and potential risks. (Column 6, line 30-40 of Shemer, the administrator can provision and manage storage resources based on a set of policies, rules, and/or service level agreements. In some embodiments, the administrator may configure management system 268 to only allow access of storage system 264 and/or management system 268 to authorized individuals, and perform security measures, such as disabling or locking down storage system 264, management system 268, validation system 269 and/or recovery system 270), when security of the isolated environment 252 has been compromised).

As per claim 12 Shemer in view of Courtney discloses:
The system of claim 7, may have scale out transportability features with different protocols and authentications. (Column 4, line 25-38 of Shemer, storage system 164 may provide storage services to one or more storage servers (e.g., storage system 104) via a variety of access interfaces and/or protocols such as file-based access protocols and block-based access protocols. The file-based access protocols may include the network file system (NFS) protocol, common Internet file system (CIFS) protocol, and direct access file system protocol, etc. The block-based access protocols may include the small computer system interface (SCSI) protocols, Internet SCSI or iSCSI, and Fibre channel (FC) protocol, etc. Storage system 164 may further provide storage services via an object-based protocol and Hadoop distributed file system (HDFS) protocol)

As per claim 13 Shemer in view of Courtney discloses:
The system of claim 7, may have capability to recreate and orchestrate another system using its own hypervisor and spin off VMs and set up virtual networking and IPs and environment. (Column 4, line 50-64 of Shemer, the storage resources may be virtualized into a pool of virtual storage resources, where underlying physical storage resources represented by the corresponding virtual storage resources may be implemented locally, remotely (e.g., hosted by another storage system), or both. The virtual storage resources can be provisioned, allocated, and/or defined by an administrator or automatically by the storage manager based on a set of software-defined policies. The virtual storage resources may be represented in one or more virtual machines (e.g., virtual storage systems) managed by one or more virtual machine managers (VMMs). Each of the virtual machines can be provisioned to provide a particular type of storage services (e.g., file-based, block-based, object-based, or HDFS) to a client based on a storage policy or service level agreement associated with that particular client as part of software-defined storage services).

As per claim 14 Shemer in view of Courtney discloses:
The system of claim 7, may be used for DR or anything that requires high system immunity and high security. (Column 4, line 65-67, the administrator may configure management system 168 to only allow access of storage system 164 and/or management system 168 to authorized individuals, and perform security measures, such as disabling or locking down storage system 164 and/or management system 168, when security is compromised (or breached)).

As per claim 15 Shemer in view of Courtney discloses:
The system of claim 7, have transportable VM which may be on a second controller in the system with different control mechanism. (Column 4, line 50-64 of Shemer, the storage resources may be virtualized into a pool of virtual storage resources, where underlying physical storage resources represented by the corresponding virtual storage resources may be implemented locally, remotely (e.g., hosted by another storage system), or both. The virtual storage resources can be provisioned, allocated, and/or defined by an administrator or automatically by the storage manager based on a set of software-defined policies. The virtual storage resources may be represented in one or more virtual machines (e.g., virtual storage systems) managed by one or more virtual machine managers (VMMs). Each of the virtual machines can be provisioned to provide a particular type of storage services (e.g., file-based, block-based, object-based, or HDFS) to a client based on a storage policy or service level agreement associated with that particular client as part of software-defined storage services).

As per claim 16:
Shemer teaches the method of securing the storage system by only allowing access to the storage system to authorized individuals (see column 6, line 30-40 of Shemer) but fails to disclose:
 The system of claim 7, may have multifactor authentication on second storage controller to again access to any resources.
However, in the same field of endeavor, Courtney teaches this limitation as, (Paragraph 25 of Courtney, in one embodiment, the storage drive may be configured to operate based at least in part on multi-factor authentication. Satisfying each of the factors of authentication may enable one or more features of the storage drive. In some cases, satisfying each of the factors may enable the secure mode of the storage drive) and (paragraph 47 of Courtney, authentication module 315 may be configured to validate a multi-factor authentication. In some cases, control module 310 may be configured to unlock at least a portion of storage on the storage drive based at least in part on authentication module 315 validating multi-factor authentication).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Shemer and include the above limitation using the teaching of Courtney in order to enhance the security of storage system by using the multi-factor authentication (see paragraph 25 of Courtney).

As per claim 17:
Shemer teaches the method of securing the storage system by only allowing access to the storage system to authorized individuals (see column 6, line 30-40 of Shemer) but fails to disclose:
 The system of claim 7, may further have multifactor multilevel authentication with more than one authenticator on storage controller to again access to any resources.
However, in the same field of endeavor, Courtney teaches this limitation as, (Paragraph 25 of Courtney, in one embodiment, the storage drive may be configured to operate based at least in part on multi-factor authentication. Satisfying each of the factors of authentication may enable one or more features of the storage drive. In some cases, satisfying each of the factors may enable the secure mode of the storage drive) and (paragraph 47 of Courtney, authentication module 315 may be configured to validate a multi-factor authentication. In some cases, control module 310 may be configured to unlock at least a portion of storage on the storage drive based at least in part on authentication module 315 validating multi-factor authentication).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Shemer and include the above limitation using the teaching of Courtney in order to enhance the security of storage system by using the multi-factor authentication (see paragraph 25 of Courtney).

As per claim 18 Shemer in view of Courtney discloses:
The system of claim 7, may use a consensus algorithm to achieve agreement among different users in order to authorize access to login, setup, manage, control, modify, delete any resource(s) or function(s) to any one user. (Column 4, line 65-67, the administrator may configure management system 168 to only allow access of storage system 164 and/or management system 168 to authorized individuals, and perform security measures, such as disabling or locking down storage system 164 and/or management system 168, when security is compromised (or breached)).

As per claim 19 Shemer in view of Courtney discloses:
The system of claim 18, the users may establish a minimum number of stakeholders or a key user(s} or specific stakeholder(s) required in order for consensus to be reached and access to be approved. (Column 3, line 5-15 of Shemer, storage system 104 may be a storage server used for various different purposes, such as to provide multiple users or client systems with access to shared data and/or to back up (or restore) data (e.g., mission critical data). Storage system 104 may provide storage services to clients or users via a variety of access interfaces and/or protocols such as file-based access protocols and block-based access protocols) and (column 4, line 65-67, the administrator may configure management system 168 to only allow access of storage system 164 and/or management system 168 to authorized individuals, and perform security measures, such as disabling or locking down storage system 164 and/or management system 168, when security is compromised (or breached)).

As per claim 20:
Shemer teaches the method of securing the storage system by only allowing access to the storage system to authorized individuals (see column 6, line 30-40 of Shemer) but fails to disclose:
The system of claim 18, may use multifactor authentication within the consensus algorithm to help establish consensus.
However, in the same field of endeavor, Courtney teaches this limitation as, (Paragraph 25 of Courtney, in one embodiment, the storage drive may be configured to operate based at least in part on multi-factor authentication. Satisfying each of the factors of authentication may enable one or more features of the storage drive. In some cases, satisfying each of the factors may enable the secure mode of the storage drive) and (paragraph 47 of Courtney, authentication module 315 may be configured to validate a multi-factor authentication. In some cases, control module 310 may be configured to unlock at least a portion of storage on the storage drive based at least in part on authentication module 315 validating multi-factor authentication).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Shemer and include the above limitation using the teaching of Courtney in order to enhance the security of storage system by using the multi-factor authentication (see paragraph 25 of Courtney).

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Shemer (US 10,503,610) in view of Courtney (US Pub. No. 2019/0303603) and further in view of Buckingham (US Pub. No. 2010/0174920).

As per claim 4:
The combination of Shemer and Courtney teaches the method of securing the storage system by only allowing access to the storage system to authorized individuals (see column 6, line 30-40 of Shemer) but fails to disclose:
The storage system or server of claim 1 whereas the two storage stacks have different authentications for gaining access.
However, in the same field of endeavor, Courtney teaches this limitation as, (claim 6 of Buckingham, wherein the data stored in the first memory is protected by a first authentication technique and the apparatus is arranged to protect data in the second memory using a second different authentication technique).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Shemer and Courtney to include the above limitation using the teaching of Buckingham in order to enhance the security of different data stored in different format using the different authentication technique (see claims 5 and 6 of Buckingham).

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Shemer (US 10,503,610) in view of Courtney (US Pub. No. 2019/0303603) and further in view of Pellegrino (US Pub. No. 2016/0274065).

As per claim 5:
The combination of Shemer and Courtney teaches the method of securing the storage system by only allowing access to the storage system to authorized individuals (see column 6, line 30-40 of Shemer) but fails to disclose:
The storage system or server of claim 1 whereas it uses virtual private network with secret key encryption for communication between primary storage stack and transportable storage stack.
However, in the same field of endeavor, Courtney teaches this limitation as, (paragraph 55 of Pellegrino, a virtual private network (VPN) is set up between the DSI's and the cloud storage. Additional encryption may also be desired at the cloud storage database) and (paragraph 69 of Pellegrino, the DSI can be configured to store data related to the inspection, including the ultrasonic parameters, such as instrumentation gain, gate positions, and calibration data, as well as contextual data such as GPS coordinates for the DSI and TMLs, asset information, tag numbers).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Shemer and Courtney to include the above limitation using the teaching of Pellegrino in order to enhance the security of communication between two storage devices (see paragraph 55 of Pellegrino). 

Conclusion
The prior art made or record and not relied upon is considered pertinent to applicant’s disclosure is Bailey (US Pub. No. 2018/0054432). Bailey discloses the methods of having cloud-based storage service for storing data across multiple device and access to the stored data is subject to an authentication process.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TESHOME HAILU whose telephone number is (571)270-3159. The examiner can normally be reached M-F 8 a.m. - 5 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/TESHOME HAILU/Primary Examiner, Art Unit 2434