DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1, 16, 20 were amended, claim 15 was cancelled, claims 1-4, 16-20 are pending.
Claims rejection under 35 USC 112 second were withdrawn due applicant arguments.
Priority
This application discloses and claims only subject matter disclosed in prior application no 15/699,553, filed 09/08/2017, and names the inventor or at least one joint inventor named in the prior application. Accordingly, this application may constitute a continuation. 
Response to Arguments
Applicant’s arguments with respect to claims 1, 16, 20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6-9, 11, 16, 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ahuja et al (US 20140194094 A1) in view of Hsu (US 5,584,023B2) and further in view of Yami et al (US 20070283446 A1).

With regards to claim 1, Ahuja discloses, A method for data encryption or decryption, comprising: 
intercepting, at a kernel module (FIG 1 and associated text; [0055]; Still further, portions of a hosted application can be executed by a user working directly at a server hosting the application, as well as remotely at a client.  ), a system call and a data set associated with the system call (FIG 9A 905 and associated text; ); 
determining, that the data set associated with the system call is marked for encryption ([0048] In the example of FIG. 9A, system calls can be monitored 905, for instance, by a security module interfacing with a kernel, such as an LSM. A particular system call can be intercepted 910 that relates to I/O functionality of the mobile computing device. A DLP agent on the mobile computing device can be queried for DLP policies applicable to the intercepted system call. In some instances, a DLP agent can be queried for each system call monitored by security module. In other examples, a security module can filter which system calls are intercepted and communicated to the DLP agent based upon logic and rules accessible to the security module, such as system calls that likely relate to I/O functionality of the mobile computing device and relate to DLP goals and/or policies for the device, among other examples [0065] In one example, the DLP enforcement action includes causing data to be input or output in connection with the particular system call to be encrypted.  ); 
Ahuja does not exclusively but Hsu teaches, 
identifying, a tenant identifier associated with the data set (Hsu Col 8 ; Table III; Process with P_uid); 
retrieving a tenant specific encryption key associated with the data set (Col 22 line 0-10; The key-based transparent file encryption system of claim 13 wherein the encryption and decryption of said predetermined file by said encryption routine is dependant on said predetermined password as an encryption key.  FIG 4A 54 and associated text;  Col 10 line 10-25; ); and 
performing, at the kernel module and based at least in part on the system call, an encryption process on the data set with an encryption implementation and tenant specific encryption key (Col 10 line 10-25; The ioctl system call specific to the device driver of the present invention is issued by a simple application program also specific to the present invention. The application program provides a simple user interface to obtain a password key for validating the encryption and decryption of data files protected by the present invention. Note: Examiner interpreted limitation as performing an encryption process on data set with tenant specific encryption key. here password key which is a  tenant specific key is used for encryption and decryption of data files).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Ahuja’s method with teaching of Hsu in order to secure transfer data in storage(Hsu Abstract)
Ahuja in view of Hsu do not exclusively, but Yami teaches, wherein the encryption implementation is selected based at least in part on the tenant ([0026] As will be appreciated by those skilled in the art, the document processing device 104, via the local storage device 106, or via a directory, for example, LDAP directory on the authentication server, is used by the user to designate those user IDs in the list. The list of user IDs, along with the assigned identifier, is then transmitted, via a secure connection to the key server 110. The key server 110 then generates a random symmetric encryption key and associates this key with the document identifier and corresponding user IDs. The encryption key is then transmitted to the document processing device 104, whereupon it is used to encrypt the received electronic document data. Note: encryption key generated/selected is corresponding to USER IDs which is similar to instant application ([0051] The platform 325 and the encryption service 330, which may include key management and key derivation services, may generate or identify the encryption key corresponding to the tenant identifier based on the API call.)) 
Yami further discloses, retrieving a tenant specific encryption key associated with the tenant identifier associated with the data set ([0030];In the case of the request originating from the document processing device 104, the document processing device 104 retrieves the encrypted document from the document management server 118 and decrypts the document using the received encryption key, thereby allowing further document processing operations in accordance with the user's selections. [0026-27]);
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Ahuja in view of Hsu’s method with teaching of Yami in order  for secure handling of documents (Yami[0001])

Claims 16, 20 are device and product claim corresponding method claim also rejected accordingly.

With regards to claim 6, Ahuja in view of Hsu and Yami discloses, wherein determining that the data set associated with the system call is marked for encryption is based at least in part on a directory that the data set is associated with (Hsu Col 6 line 45 to 67 ; Consequently, the open, create, read, write, seek, stat and close system call procedures permit logical operation relative to a wide variety of logical data entities, including directories, files, and pipes, for example, that are treated as files referenceable via directories. In tum, directories are maintained on disk as standard files containing specifically structured data. This directory file data includes a pointer to a disk based structure of disk inode entries. Each inode entry stores specifically relevant information describing, among other things, the protection mode, owner, user group and size of a particular data file. A summary of an inode entry, as stored on disk, is provided in Table II. ). Motivation would be same as stated in claim 1, 16. 

With regards to claim 7, Ahuja in view of Hsu and Yami discloses, wherein the tenant specific encryption key is based at least in part on a cryptographic nonce associated with the data set (Hsu Col 11 line 45-67;   The user provided password key is used in conjunction with a predefined seed table to create, by index value substitution, an encryption table 56 that is stored in the alpha structure SO. The seed table, preferably included as a predefined element of the device driver of the present invention, preferably consists of 256 randomly ordered unique byte  values. In the preferred embodiment of the present inventiona shuffle function 54 is implemented to generate the process specific encryption table 56. The preferred shuffle function provides for a modulo four progressive recalculation of values based on the byte values of the password key and the seed table. Pls see Table V; ). Motivation would be same as stated in claim 1.

With regards to claim 8, 19 Ahuja in view of Hsu and Yami discloses, wherein at least a portion of the data set is stored in a page cache (Hsu col 5 line 63-67;  FIG 5A and associated text; also see col 9-col 9; ), and the encryption process is performed on the portion of the data set (Hsu col 10 line 9-15; The ioctl system call specific to the device driver of the present invention is issued by a simple application program also specific to the present invention. The application program provides a simple user interface to obtain a password key for validating the encryption and decryption of data files protected by the present invention.). Motivation would be same as stated in claim 1.

With regards to claim 9, Ahuja in view of Hsu and Yami discloses, wherein: the system call comprises a write command; and the encryption process comprises encrypting the data set based at least in part on the tenant specific encryption key (Hsu Col 15 line 50-65;  In similar fashion, the write system call wrapper procedure is invoked to implement the functions of the present invention in connection with the writing of data to a regular file. Thus, when a user program invokes a write, specifically integrated as a call to the Unix "writei'' file system switch call layer, a the file enode structure and type are examined to determine whether the referenced file may be encrypted….The encryption procedure used is that discussed in connection with FIG. 4a; Col 22 line 0-10; The key-based transparent file encryption system of claim 13 wherein the encryption and decryption of said predetermined file by said encryption routine is dependant on said predetermined password as an encryption key.  FIG 4A 54 and associated text;  Col 10 line 10-25;). Motivation would be same as stated in claim 1, 16.

With regards to claim 11, Ahuja in view of Hsu and Yami discloses, wherein: the system call comprises a read command; and the encryption process comprises decrypting the data set based at least in part on the tenant specific encryption key (Hsu Col 15 line 8-24; The read system call procedure 98, is then called to obtain the requested block of data. In the preferred embodiment, this call is preferably integrated at the Unix "readi" file system switch call level, which is one layer below the system call interface layer, to permit file system switch independent operation. The read system call procedure returns the requested data to a buffer typically located in the user data space pre-allocated by the requesting application program. However, the read system call wrapper procedure 96 may access this buffer location while continuing to execute in kernel mode. That is, conventional kernel subroutine calls permit the read system call wrapper procedure to obtain the location of the user space buffer filled as a consequence of the read system call procedure. If the file was authenticated as an encrypted file capable of decryption, the read system call wrapper procedure 96 decrypts the data in the user space read buffer; Col 22 line 0-10; The key-based transparent file encryption system of claim 13 wherein the encryption and decryption of said predetermined file by said encryption routine is dependant on said predetermined password as an encryption key.  FIG 4A 54 and associated text; Col 10 line 10-25;).

Claims 2, 17,  are rejected under 35 U.S.C. 103 as being unpatentable over Ahuja et al (US 20140194094 A1)in view of Hsu (US 5,584,023B2), in view of Yami et al(US 20070283446 A1)and Futher in view of Raiz et al(US 20020164025 A1).

With regards to claim 2, 17 Ahuja in view of Hsu and Yami teaches, wherein retrieving the tenant specific encryption key (Hsu Col 22 line 0-10; The key-based transparent file encryption system of claim 13 wherein the encryption and decryption of said predetermined file by said encryption routine is dependant on said predetermined password as an encryption key.  FIG 4A 54 and associated text;  Col 10 line 10-25;) ; also discloses, a key cache( Hsu FIG 4C 56; Seed table) 
However Ahuja in view of Hsu and Yami do not but Raiz teaches,  transmitting,  the tenant identifier; and receiving,  based at least in part on the tenant identifier, the tenant specific encryption key associated with the tenant identifier ([0010] In general, in another aspect, the invention features a method comprising (1) distributing without charge, copies of an application program online or on storage media, (2) enabling a user of one of the computers to choose among modes he wishes to run the application program, (3) in at least one of the chosen modes, enabling the user to run the application program without requiring the user to provide information about the user, (4) in at least another one of the chosen modes, requiring the user to self-register by providing information about the user in exchange for an authorization key that is associated with a unique identifier of the computer on which the application program is to run and which enables the application to be run in the chosen mode, the authorization key having a limited validity period.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Ahuja in view of Hsu and Yami’s method with teaching of Raiz in order to secure transaction and restricting copying(Raiz [0002])

Claim 10, 12  are rejected under 35 U.S.C. 103 as being unpatentable over Ahuja et al (US 20140194094 A1)in view of Hsu (US 5,584,023B2), in view of Yami et al(US 20070283446 A1)and Futher in view of Chang et al(US 20090006796 A1).

With regards to claim 10, Ahuja in view of Hsu do not but Chang teaches, storing an encryption key identifier in a file that is associated with the data set (Chang [0058] The memory device 202 generates a key value and associates this value with the encryption key ID provided by the host device 204, and stores the encryption key ID for the key value used to encrypt the data in its record or table for this user or application. The memory device 208 then encrypts the data and stores the encrypted data at the addresses designated by the host device 204. The memory device 202 also stores the encryption key ID within a header portion of the data file. The memory device 202 may also store encryption key ID data in a secure portion of the memory 208.  ). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Ahuja in view of Hsu and Yami’s method with teaching of Chang in order  for improved control of stored media content (Chang [0002])

With regards to claim 12, Ahuja in view of Hsu, Yami and Chang teach, wherein the tenant specific encryption key comprises a symmetric encryption key (Chang [0058] In order for a user or application to gain access to protected content or a secure memory area of the memory 208, the memory device 202 may authenticate the user or application using a credential that may be pre-registered with the memory device 202 or pre-loaded within a secure area of the memory 208. The credential can include a symmetric key, a digital signature, a digital certificate, other indicia to provide authentication, or any combination thereof.). Motivation would be same as stated in claim 10. 

Claim 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Ahuja et al (US 20140194094 A1)in view of Hsu (US 5,584,023B2), in view of Yami et al(US 20070283446 A1)and Futher in view of Devanand et al(US-20090296938-A1).

With regards to claim 13, 14 Ahuja in view of Hsu  and Yami do not but Devanand teaches , wherein performing the encryption process on the data set further comprises: using a cipher block chaining (CBC) block cipher mode; wherein performing the encryption process on the data set further comprises: using a counter (CTR) block cipher mode (Devanand [0080] FIG. 6 is a diagram of an example embodiment of a process for communicating protected content according to an example embodiment of the present invention. Part of that process is SKE. As shown at line 6a, SKE may begin with the top-level transmitter (e.g., processing system 20) generating the session key "KeyS." In one embodiment, processing system 20 generates KeyS as a random 128-bit value. As shown at line 6b, processing system 20 may then encrypt KeyS with KeyMX, using the AES cipher block in counter mode. ) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Ahuja in view of Hsu and Yami’s method with teaching of Devanand in order  for protecting digital content (Devanand [0001])

Allowable Subject Matter
Claims 3-5, 18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987.  The examiner can normally be reached on 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498