DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation is: “computing devices configured to” in claims 1 and 5.
Because this claim limitation is being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it is being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this limitation interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation to avoid it being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation recites sufficient structure to perform the claimed function so as to avoid it being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-5 and 9-11 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 8 recites that the identifier is either a hash or a MAC.  However, claims 9-11 further use only the MAC, without reciting that the MAC is selected.  Therefore, it is unclear, for example, if the has is selected in claim 8, how the MAC would be used in claims 9-12.  Claims 9-12 need to recite that the MAC is selected as the identifier.
Claim 5 recites “comprising one or more computing device”.  Is this the same one or more computing devices recited in claim 1?  Perhaps this should recite “one or more additional computing devices”.

Regarding claims 1-5, claim limitation “computing devices configured to” invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function.  Figure 2 describes the structure of a computing system/device, but this appears to be different from the computing devices recited in claims 1 and 5.  Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claims 9-11 are rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  Claim 8 recites that the identifier is at least one of a hash or a MAC.  However, claims 9-11 recite limitations only regarding the MAC, without saying that the MAC was selected as the identifier.  Therefore, the claims are not properly dependent.  It creates the problem that if the identifier is selected in claim 8, claims 9-11 do not further define the invention because the MAC is irrelevant.  Also, claims 9-11 do not pass the infringement test.  For example, someone could infringe upon claims 9-11, if they use the MAC in that particular manner, but do not infringe upon the claim from which they depend (claim 8) because a hash isn’t used.  The Examiner suggests reciting, in claims 9-11, that the MAC is selected as the identifier.  Applicant may cancel the claims, amend the claims to place the claims in proper dependent form, rewrite the claims in independent form, or present a sufficient showing that the dependent claims comply with the statutory requirements.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 4, 6-8, 12, 16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Telang (US 8,401,185).
Regarding claims 1, 6, and 16, Telang teaches a method (and corresponding system and computer readable medium), comprising:
Obtaining a request to store a data set on a storage system (Identifying one or more files to be stored on the third-party storage device - see column 5 lines 55-57).
Dividing the data set into a set of fixed length plaintext objects (Dividing the files into a plurality of data segments of a preconfigured segment size - see column 5 lines 57-60).
Generating a set of block-level ciphertext objects representing the set of fixed-length plaintext objects in encrypted form (Encrypting the data segments using an encrypted string as key - see column 7 lines 30-33), wherein generating the set of block-level ciphertext objects comprises, for each fixed-length plaintext object of the set of fixed-length plaintext objects, convergently encrypting (Using convergent encryption - see column 8 line 54) the fixed length plaintext object with an encryption key (An encrypted string is used as key in a cryptographic algorithm - see column 7 lines 30-33) derived based at least in part on the fixed length plaintext object (The encrypted string is derived from a hash of the data segment - see column 6 lines 21-26 and lines 60-67) to result in a block-level ciphertext object representing the fixed-length plaintext object (Encrypted data segment - see column 7 lines 24-29).
Storing, within the storage system, those block-level ciphertext objects of the set of block-level ciphertext objects (Transferring the encrypted data segments to the third party storage system - see column 7 lines 50-53) that are not duplicative of a block-level ciphertext object that is already stored within the storage system (This is implicitly from the fact that the storage system deduplicates data segments submitted by the same client or across different clients, depending on the policy in effect - see column line 51 - column 9 line 2).
Generating a manifest for the data set (Hash-string pairs are stored in a database or in an associative array - see column 8 lines 16-24), the manifest identifying the set of block-level ciphertext objects and, for each block-level ciphertext object of the set of block-level ciphertext objects, the encryption key with which the block-level ciphertext block is encrypted (To generate the hash-string pairs, the pairing module pairs encrypted data segment hashes with the corresponding encrypted strings - see column 8 lines 8-15).
Storing the manifest (Hash-string pairs are stored in a database or an associative array - See figure 6, 604).
Telang further teaches (regarding claim 1’s system components) using convergent encryption to deduplicate data stored in a storage system and performing such deduplication across clients or separately, on a client-by-client basis by using suitable encryption key for the data segments - see column 8 line 51 - column 9 line 2.
Telang does not teach that the manifest is stored within the storage system (instead, Telang teaches that the hash string pairs are stored outside the third party storage system - see figure 6, 604).
However, storing the manifest within the storage system, versus outside the storage system, is merely a design choice that was well within the purview of the skilled artisan.  It would have been obvious to one of ordinary skill in the art at the time the invention was filed, to modify the teachings of Telang by allowing the user to store the manifest within the storage system, in order to easily retrieve it, or merely based on their design choice and convenience.  

Regarding claim 2, Telang teaches that the encryption key of each fixed-length plaintext object is a hash value for the fixed-length plaintext object generated by processing the fixed-length object through a cryptographic hash algorithm (An encrypted string is used as key in a cryptographic algorithm - see column 7 lines 30-33.  The encrypted string is derived from a hash of the data segment - see column 6 lines 21-26 and lines 60-67).

Regarding claims 4 and 12, Telang teaches that convergently encrypting the fixed-length plaintext object comprises encrypting the fixed-length plaintext object using at least one of a block cipher or a stream cipher/at least one of AES or ChaCha encryption (Encryption module may use AES (block cipher) - see column 7 lines 30-37).

Regarding claim 7, Telang teaches encrypting, using an additional key, a portion of the manifest containing the encryption keys for each block-level ciphertext object of the set of block-level ciphertext objects (The encrypted string (i.e., encryption key) may include an encryption of the hash of the data segment using a key that is based on the hash of the data segment - see column 7 lines 10-12).

Regarding claim 8, Telang teaches generating an identifier for each block-level ciphertext object of the set of block-level ciphertext objects, wherein the identifier for each block-level ciphertext object is at least one of a MAC of the block-level ciphertext object or a hash value of the block-level ciphertext object (Retreival module may identify an encrypted data segment hash of encrypted data segment.  Retrieval module may then use encrypted data segment hash…to retrieve encrypted string - see column 8 lines 41-50).

Regarding claim 20, Telang teaches:
Obtaining a request to retrieve the data set (Retrieval module may retrieve an encrypted data segment from third party storage system  - see column 8 lines 25-29).
Identify, from the manifest, the set of block level ciphertext objects (Locate the hash string pair using the hash of the encrypted data segment, identify the encrypted string in the hash string pair - see column 8 lines 29-33).
Retrieve the set of block level ciphertext objects from the storage system (Retrieve encrypted data segment - see column 8 lines 41-50).
Decrypt each block level ciphertext object of the set of block level ciphertext objects using the encryption key for the block level ciphertext object identified within the manifest (Decrypt encrypted data segment using encrypted string to produce data segment - see column 8 lines 41-50).
Combine plaintext objects resulting from decryption of each block level ciphertext object to result in the data set (Telang does not explicitly teach combining the data segments to result in the data set.  However, Telang teaches that the file is divided into data segments of preconfigured size, encrypting, storing, and decrypting data segments, all as discussed above.  Therefore, the skilled artisan would easily recognize that it is implicit that if a user wanted the entire file decrypted, they would need to combine the decrypted data segments).

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Telang (US 8,401,185) in view of Struttmann (US 2017/0364450).
The teachings of Telang are relied upon for the reasons set forth above.
Regarding claim 3, Telang does not teach that the cryptographic hash algorithm is one of SHA and BLAKE.
The examiner notes that these were both well-known cryptographic hash algorithms at the time of the filed invention.  For example, Struttmann teaches hash functions examples such as SHA-256, BLAKE, BLAKE2, SHA-1, SHA-2, and SHA-3 hash function. In some embodiments, the cryptographic hash function may be a one way function in which a given string of input produces deterministically a string of output that is relatively difficult or impossible to reverse to determine the input from the output while being relatively easy to confirm that an input corresponds to the output - see [0100].  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Telang by using SHA or BLAKE hash algorithms in order to produce deterministically a string of output that is relatively difficult or impossible to reverse, while being relatively easy to confirm that an input corresponds to the output, based upon the beneficial teachings provided by Struttmann.  

	
Claims 8-11 are rejected under 35 U.S.C. 103 as being unpatentable over Telang (US 8,401,185) in view of Buckingham et al. (US 10,318,762).
The teachings of Telang are relied upon for the reasons set forth above. 
Regarding claims 8 and 10, Telang does not teach that the identifier for each block level ciphertext object is a MAC which is an HMAC.  
Buckingham teaches that an HMAC can be used as a key to identify a record including the HMAC and the encrypted private data.  The advantage of HMAC’s is that they are less likely to suffer collisions than their underlying hash algorithm - see column 5 line 58 - column 6 line 6).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Telang by using HMAC to identify the ciphertext, in order to avoid collisions, based upon the beneficial teachings provided by Buckingham.  

Regarding claim 9, Telang teaches that the identifier (hash) is generated based on the block-level ciphertext object (see column 8 lines 41-50).  In addition, since the ciphertext is based on the encryption key used to encrypt it, the identifier would also be “based on” the encryption key.
Buckingham teaches that the identifier can be a MAC, as discussed above.  Therefore, the combination of Telang and Buckingham reasonably suggests claim 9.

Regarding claim 11, Telang teaches determining those block-level ciphertext objects of the set of block-level ciphertext objects that are not duplicative by comparing the identifier of each block-level ciphertext object of the set of block-level ciphertext objects against identifiers stored within the storage system (In some embodiments, the systems described herein may also identify a policy restricting cross-client convergent encryption for the data segment. As used herein, the term "cross-client convergent encryption" may refer to any encryption scheme that results in identical encrypted data segments when two or more clients encrypt the same data segments. For example, a data protection policy may require (e.g., for legal or business reasons) that the data segment not use an encryption scheme and key used by others who own an identical copy of the data segment. In such examples, the encrypted string returned by the central server may include an encryption of the hash of the data segment using a client-specific key, either alone or in conjunction with a key generated by the central server. Additionally, or alternatively, the hash of the data segment may be encrypted with a client-specific key before transferring the hash of the data segment to the central server. In the above examples, the third-party storage system 208 may deduplicate data segments sent by the same client, but not across clients - see column 8 line 51 - column 9 line 2).  
In addition, Buckingham teaches using a MAC as an identifier, as discussed above.   Therefore, the combination of Telang and Buckingham reasonably suggests claim 11.

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Telang (US 8,401,185) in view of Ortiz et al. (US 2019/0362083).
The teachings of Telang are relied upon for the reasons set forth above. 
Regarding claim 13, Telang does not teach that convergently encrypting the fixed-length plaintext object comprises encrypting the fixed-length plaintext object using at least one of a counter mode or a Galois Counter Mode. 
Ortiz teaches encrypting data according to AES-GCM (Advanced Encryption Standard - Galois/Counter Mode), an authenticate encryption mechanism that applies the AES block cipher in Galois Counter Mode.  The use of authenticated encryption guarantees confidentiality and authenticity of data communicated between parties - see [0119].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Telang by encrypting the plaintext object using GCM, in order to have authenticated encryption which guarantees confidentiality and authenticity between parties, based upon the beneficial teachings provided by Ortiz.  

Allowable Subject Matter
Claim 5 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.  The following is a statement of reasons for the indication of allowable subject matter:  The prior art (Telang) teaches generating the manifest as in claim 1.  In addition, the prior art teaches serverless (cloud) computing environments, as is known in the art.  However, the prior art does not teach or suggest the limitations of claim 5 in combination of the limitations of claim 1. 
Claims 14, 15, and 17-19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Regarding claims 14, 15, and 19, the prior art (Telang) teaches generating the manifest as in claim 1.  In addition, the prior art teaches adding salt values to plaintext, as is known in the art.  However, the prior art does not teach or suggest adding a salt value selected from a constrained number of permutations corresponding to a desired redundancy, hashing the salt and plaintext, and using the hash as the encryption key. 
Regarding claims 17 and 18, the prior art (Telang) teaches deduplicating data segments.  However, the prior art does not teach or suggest disallowing the querying of whether the storage system has stored multiple block-level ciphertext objects.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LISA C LEWIS whose telephone number is (571)270-7724. The examiner can normally be reached Monday - Thursday 7am-2pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/LISA C LEWIS/Primary Examiner, Art Unit 2495