DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendments
This action is responsive to communication filed on 03/09/2022. Claims 1-3 and 6-20 are pending and being considered. Claims 1, 13 and 17 are independent. Claims 4-5 are cancelled. Claims 1-3, 6-7, 13, 15 and 17-20 are amended. Claims 1-3 and 6-20 are rejected. 

Response to Arguments/Remarks
Applicant’s arguments/remarks, filed on 03/09/2022, have been fully considered and are rendered moot in view of new grounds of rejection outlined below, which were necessitated by the applicant’s amendment. The argument does not apply to the current art(s) being used. Furthermore, the
claims have been amended to overcome the rejection(s) under 35 U.S.C 112(b). Therefore, the rejection(s) under 35 USC § 112(b) has been withdrawn.
Abstract has been amended. Therefore, the objection has been waived.

Claim Rejections - 35 U.S.C. 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:atent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1- 3 and 7-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kolodner; Elliot K. et al. (US 2015/0058301 A1), hereinafter (Kolodner), in view of Samsonov; Yevgeniy A. et al. (US 2016/0379015 A1), hereinafter (Samsonov), and further in view of Jain et al (US 2017/0019382 A1), hereinafter (Jain).

Regarding claim 1, Kolodner teaches a method of operating a data management apparatus, comprising (Kolodner, Para. [0008], discloses methods of uploading data files (i.e., by using information management system, see Para. [0043]). In one embodiment, the method comprises): 
segmenting, by a client device, data into multiple data blocks (Kolodner, Para. [0008], discloses that a first client machine dividing a first file into N data chunks, or see also Para. [0019-0020], wherein a data chunk manager 114 may be implemented over a client machine 110 to break up a data file into one or more (or plurality of) data chunks); 
generating, by the client device, hash values respectively corresponding to the multiple data blocks (Kolodner, Para. [0021 and/or 0031], discloses that the client machine applies a hash function to the data chunks (1 through N) to obtain the corresponding hash values (i.e., tags), or see also Para. [0027], discloses that a hash tree may be used for the purpose of storing the hash values (i.e., tags) calculated for the N data chunks (e.g., based on hashes taken over the minimal size data chunks that makeup a data chunk.sub.(i) where "i" is 1 through N)); 
generating, by the client device, a representative value by adding up the hash values (Kolodner, Para. [0021 and/or 0031], discloses that a full file signature may be calculated by concatenating the hash values for the data chunks and applying a hash function to the concatenation (i.e., representative value) to determine the full file hash signature, or see also Para. [0027], discloses a root hash (i.e., a representative value) of the hash tree. Wherein, the hash tree may be used for the purpose of storing the hash values calculated for the N data chunks (e.g., based on hashes taken over the minimal size data chunks that makeup a data chunk.sub.(i) where "i" is 1 through N)); 
generating, by the client device, a client signature value by signing the representative value Kolodner, Para. [0021 and/or 0031], discloses that a full file signature may be calculated by concatenating the hash values for the data chunks and applying a hash function to the concatenation (i.e., representative value) to determine the full file hash signature, or see also Para. [0028], wherein the root (i.e., the representative value) of the hash tree represents the signature value for the entire file); and 
transmitting, by the client device, the data and the client signature value to a server (Kolodner, Para. [0023], discloses that the client machine 110 calculates the unique signature value for a file that is to be uploaded and forwards the signature value to server 120, and as disclosed in Para. [0022], wherein the signature values, for the data chunks or the data file, may be calculated either before or after the data file is uploaded to the server 120),
 wherein a hash value of a data block, among the multiple data blocks, is generated using  (Kolodner, Para. [0021 and/or 0031], discloses that the client machine applies a hash function to the data chunks (1 through N) to obtain the corresponding hash values (i.e., tags)).  
Kolodner fails to explicitly disclose but Samsonov teaches generating, by the client device, a client signature value by signing the representative value and a counter value corresponding to a last updated data block, among the multiple data blocks (Samsonov, Para. [0031], discloses to combine the root hash value 412 with a present counter value 414 of the trusted counter to create a hash message authentication code signature 416); and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation to generate a client signature value by signing the representative value and a counter value corresponding to a last updated data block, as taught by Samsonov, in order for a data storage client to establish a protected storage system with an agnostic data storage; Samsonov, Para. [0003 and 0017].
Kolodner, as described above teaches to generate a hash value of a data block using the data block, but Kolodner as modified by Samsonov fails to explicitly disclose but Jain teaches wherein a hash value of a data block, among the multiple data blocks, is generated using a key value shared by the client device and the server, the data block, and a counter value corresponding to the data block (Jain, Para. [0062], discloses examples of suitable one-way functions that the processor 108 performs to generate new pseudo-random outputs (i.e., hash values) given the shared key (shared between the first node and the second node, as disclosed in Para. [0006]) and counter values as inputs include, for example, one of the secure hash algorithm (SHA) family of secure hash functions. Wherein the counter is used to change the value of the input to the one-way function, or see also Para. [0071], wherein each node uses the counter in combination with a shared key to ensure that the one-way function generates a different set of output data (i.e., hash value) that appear random to the eavesdropper 150 each time the processor 108 performs the one-way function).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Jain’ into the teachings of ‘Kolodner’ as modified by ‘Samsonov’, with a motivation wherein a hash value of a data block is generated using a key value shared by the client device and the server and a counter value corresponding to the data block, as taught by Jain, in order to generate different sets of output data (i.e., hash values) using the one-way function; Jain, Para. [0062].

Regarding claim 2, Kolodner as modified by Samsonov in view of Jain teaches the method of claim 1, wherein Kolodner further teaches sizes of the multiple data blocks are identical to each other (Kolodner, Para. [0020], discloses an example, wherein a 40 MB file may be divided into 40 one-MB data chunks, or 20 two-MB data chunks, or 10 four-MB data chunks […]. The data chunk size may be determined based on preference or an algorithm taking into account the most optimum chunk size according to network conditions, available bandwidth, etc.).  

Regarding claim 3, Kolodner as modified by Samsonov in view of Jain teaches the method of claim 1, wherein Kolodner further teaches at least one of the multiple data blocks has a different size from the other ones of the multiple data blocks (Kolodner, Para. [0020], discloses an example, wherein a 40 MB file may be divided into 10 two-MB data chunks and 20 one-MB data chunks, where the minimal data chunk is designated as 1 MB. The data chunk size may be determined based on preference or an algorithm taking into account the most optimum chunk size according to network conditions, available bandwidth, etc.).  

Regarding claims 4-5, (cancelled).  

Regarding claim 7, Kolodner as modified by Samsonov in view of Jain teaches the method of claim 1, wherein Kolodner fails to explicitly disclose but Samsonov further teaches the representative value is updated by adding or subtracting a hash value of a target data block, corresponding to a change to the data, to or from the representative value (Samsonov, Para. [0033], discloses that during a sector write, the client code set may write data for one or more data sectors 406 to mass storage. The client code set then may re-compute and update the sector hash message authentication code signature 408 for each of the updated data sectors 406 in the simple header 402. The client code set may then re-compute the root hash value 412. The client code set may increment a local trusted counter value. The client code set may re-compute the hash message authentication code signature 416. The client code set may write the entire simple header 402 to the mass storage device).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation wherein the representative value is updated by adding or subtracting a hash value of a data block, corresponding to a change to dynamic data, to or from the representative value, as taught by Samsonov, in order for a data storage client to establish a protected storage system with an agnostic data storage; Samsonov, Para. [0003 and 0017].

Regarding claim 8, Kolodner as modified by Samsonov in view of Jain teaches the method of claim 1, wherein Kolodner fails to explicitly disclose but Samsonov further teaches further comprising: receiving, by the client device, a server signature value corresponding to the client signature value (Samsonov, Para. [0032], discloses that the client code set may read the entire simple header (i.e., including hash message authentication code signature) from the agnostic data storage, or see also Para. [0033], discloses that during a sector read, the client code set may read a data sector 406 from the mass storage and verify the hash message authentication code signature 416 found in the simple header 402).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation to receive a server signature value corresponding to the client signature value, as taught by Samsonov, in order for a data storage client to establish a protected storage system with an agnostic data storage; Samsonov, Para. [0003 and 0017].

Regarding claim 9, Kolodner as modified by Samsonov in view of Jain teaches the method of claim 8, wherein Kolodner fails to explicitly disclose but Samsonov further teaches further comprising: deleting, by the client device, the data after verifying the server signature value (Samsonov, Para. [0043], discloses that the client code set may verify the hash message authentication code signature to determine whether the data set has been corrupted (Block 712). If the verification indicates that the data has been corrupted (Block 714), the client code set may mark the data set as corrupt (Block 716). If the verification indicates the data has not been corrupted (Block 714), the client code set may mark the data set as usable (Block 718)).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation to delete the data after verifying the server signature value, as taught by Samsonov, in order for a data storage client to establish a protected storage system with an agnostic data storage; Samsonov, Para. [0003 and 0017].

Regarding claim 10, , Kolodner as modified by Samsonov in view of Jain teaches the method of claim 9, wherein Kolodner fails to explicitly disclose but Samsonov further teaches further comprising: storing, by the client device, the server signature value, the representative value, and the counter value (Kolodner, Para. [0032], discloses that the client code set may read the entire simple header from the agnostic data storage […]. Wherein, the client code set may cache the simple header (i.e., including hash message authentication code signature, re-computed root hash value and the trusted counter value) 402 locally).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation to store the server signature value, the representative value, and the counter value, as taught by Samsonov, in order for a data storage client to establish a protected storage system with an agnostic data storage; Samsonov, Para. [0003 and 0017].

Regarding claim 11, , Kolodner as modified by Samsonov in view of Jain teaches the method of claim 1, wherein Kolodner fails to explicitly disclose but Samsonov further teaches further comprising: transmitting, by the client device, a request to update the data to the server (Samsonov, Para. [0042], discloses that the client code set may send a write request of the data set associated with the hash message authentication code signature to an agnostic data storage, or see also Para. [0043], discloses that the client code set may send a read request for a data set associated with a hash message authentication code signature based on the trusted counter, the secret key, and a data set to an agnostic data storage).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation to transmit a request to update the data to the server, as taught by Samsonov, in order for a data storage client to establish a protected storage system with an agnostic data storage; Samsonov, Para. [0003 and 0017].

Regarding claim 12, , Kolodner as modified by Samsonov in view of Jain teaches the method of claim 11, wherein Kolodner fails to explicitly disclose but Samsonov further teaches further comprising: receiving, by the client device, a new server signature value, corresponding to the request, from the server (Samsonov, Para. [0043], discloses that the client code set may receive a read response having the data set and associated header conveying the hash message authentication code signature from the agnostic data storage); 
verifying, by the client device, the new server signature value (Samsonov, Para. [0043], discloses that the client code set may verify the hash message authentication code signature to determine whether the data set has been corrupted); 
generating, by the client device, a new client signature value by signing an updated representative value and an updated counter value corresponding to the new server signature value after verification of the new server signature value is completed (Samsonov, Para. [0032-0033], discloses that the client code set may re-compute the root hash value 412. The client code set may combine the root hash value 412 with the trusted counter value 414 in the simple header 402 to verify the hash message authentication code signature 416); 
transmitting, by the client device, the new client signature value to the server (Samsonov, Para. [0033], discloses that the client code set may write the entire simple header 402 to the mass storage device, or see also Para. [0044], discloses that the agnostic data storage may store a hash message authentication code signature sent in the write request); 23and 
storing, by the client device, the new server signature value, the updated representative value, and the updated counter value (Samsonov, Para. [0032], discloses that the client code set may cache the entire simple header (i.e., including hash message authentication code signature, re-computed root hash value and the trusted counter value) 402 locally).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation to store the new server signature value, the updated representative value, and the updated counter value, as taught by Samsonov, in order for a data storage client to establish a protected storage system with an agnostic data storage; Samsonov, Para. [0003 and 0017].

Regarding claim 13, Kolodner teaches a method of operating a data management apparatus, comprising (Kolodner, Para. [0008], discloses methods of uploading data files (i.e., by using information management system, see Para. [0043]). In one embodiment, the method comprises): 
receiving, by a server, data and a client signature value from a client device (Kolodner, Para. [0013 and/or 0023], discloses that client machine 110 calculates the unique signature value for a file that is to be uploaded (e.g., according to the minimal size data chunk signature calculation noted above) and forwards the signature value to server 120 prior to the file upload process being initiated (S310), and/or as disclosed in Para. [0025], alternatively, a so-called server-side deduplication scheme may be utilized, where the file content is uploaded to the server first, the signature of the file after upload is determined);
generating, by the server, a first representative value corresponding to the data (Kolodner, Para. [0032], discloses that as noted earlier, a hash process may be used by server 120 to calculate signature values for the uploaded data chunks and ultimately a signature value for the uploaded file (e.g., based on hash values (i.e., by concatenating the hash values, see Para. [0021 and/or 0031]) for the minimal size data chunks), for the purposes of integrity verification and deduplication, or see also Para. [0027], discloses root (i.e., a representative value) of the hash tree. Wherein, the hash tree may be used for the purpose of storing the hash values calculated for the N data chunks (e.g., based on hashes taken over the minimal size data chunks that makeup a data chunk.sub.(i) where "i" is 1 through N), and as disclosed in Para. [0028], wherein the root of the hash tree represents the signature value for the entire file); 
verifying, by the server, the client signature value using the first representative value (Kolodner, Para. [0032], discloses that as noted earlier, a hash process may be used by server 120 […] for the purposes of integrity verification and deduplication, e.g., as disclosed in Para. [0033], when the data chunks are uploaded to the server, the hash function for calculating the file signature may be uniformly applied to the minimal size data chunks that make up the file data chunks to determine the same signature for the same files that may be uploaded by different client machines 110); 
generating, by the server, a server signature value Kolodner, Para. [0026], discloses that if a match for the file signature is not found (S320), the data chunks associated with the file are uploaded to the server 120 (S340). In one implementation, the server 120 may calculate the signature value for an uploaded chunk and the full signature of the data file); 
storing, by the server, the data, the client signature value, the second representative value, Kolodner, Para. [0023 and 0025], discloses that client machine 110 calculates the unique signature value for a file that is to be uploaded and forwards the signature value to server 120 prior to the file upload process being initiated (S310), and as disclosed in Para. [0027-0028], wherein the hash tree allows for the root of the hash tree which represents the signature value for the entire file to be stored in volatile memory of server 120).  
wherein generating the first representative value comprises (Kolodner, Para. [0027], discloses a root hash (i.e., a representative value) of the hash tree): 
segmenting the data into multiple data blocks (Kolodner, Para. [0008], discloses that a first client machine dividing a first file into N data chunks, or see also Para. [0019-0020], wherein a data chunk manager 114 may be implemented over a client machine 110 to break up a data file into one or more (or plurality of) data chunks); 
generating hash values respectively corresponding to the multiple data blocks (Kolodner, Para. [0021 and/or 0031], discloses that the client machine applies a hash function to the data chunks (1 through N) to obtain the corresponding hash values (i.e., tags), or see also Para. [0027], discloses that a hash tree may be used for the purpose of storing the hash values (i.e., tags) calculated for the N data chunks (e.g., based on hashes taken over the minimal size data chunks that makeup a data chunk.sub.(i) where "i" is 1 through N)); and 
generating the first representative value by adding up the hash values (Kolodner, Para. [0021 and/or 0031], discloses that a full file signature may be calculated by concatenating the hash values for the data chunks and applying a hash function to the concatenation (i.e., representative value) to determine the full file hash signature, or see also Para. [0027], discloses a root hash (i.e., a representative value) of the hash tree. Wherein, the hash tree may be used for the purpose of storing the hash values calculated for the N data chunks (e.g., based on hashes taken over the minimal size data chunks that makeup a data chunk.sub.(i) where "i" is 1 through N)), 
wherein a hash value of a data block, among the multiple data blocks, is generated using Kolodner, Para. [0021 and/or 0031], discloses that the client machine applies a hash function to the data chunks (1 through N) to obtain the corresponding hash values (i.e., tags)).
Kolodner fails to explicitly disclose but Samsonov teaches generating, by the server, a server signature value by signing a second representative value and a counter value corresponding to the client signature value after verification of the client signature value is completed (Samsonov, Para. [0045], discloses to create the hash message authentication code signature in the primary header instance from a root hash of the data set and a counter value of the trusted counter, or see also Para. [0031 or 0036], wherein the header 402 may combine the root hash value 412 with a present counter value 414 of the trusted counter to create a hash message authentication code signature 416);
transmitting, by the server, the server signature value to the client device (Samsonov, Para. [0043, discloses that the client code set may receive a read response having the data set and associated header conveying the hash message authentication code signature form the agnostic data storage (Block 708), or as disclosed in Para. [0044], wherein the agnostic data storage may send a read response having the data set and the hash message authentication code signature to the client code set (Block 812)); and 
storing, by the server, the data, the client signature value, the second representative value, and the counter value (Samsonov, Para. [0044], discloses that agnostic data storage may store a data set sent in the write request from the client code set (Block 804). The agnostic data storage may store a header instance describing the data set, possibly sent as a separate request (Block 806). The agnostic data storage may store a hash message authentication code signature (i.e., including Root hash and counter value, as depicted in Fig. 4) sent in the write request, possibly in the header instance (Block 808)).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation to generate a server signature value by signing a representative value and a counter value corresponding to the client signature value, as taught by Samsonov, in order for an agnostic data storage (i.e., server) to establish a virtual replay protected storage system with a data storage client; Samsonov, Para. [0017].
Kolodner, as described above teaches to generate a hash value of a data block using the data block, but Kolodner as modified by Samsonov fails to explicitly disclose but Jain teaches wherein a hash value of a data block, among the multiple data blocks, is generated using a key value shared by the client device and the server, the data block, and a counter value corresponding to the data block (Jain, Para. [0062], discloses examples of suitable one-way functions that the processor 108 performs to generate new pseudo-random outputs (i.e., hash values) given the shared key (shared between the first node and the second node, as disclosed in Para. [0006]) and counter values as inputs include, for example, one of the secure hash algorithm (SHA) family of secure hash functions. Wherein the counter is used to change the value of the input to the one-way function, or see also Para. [0071], wherein each node uses the counter in combination with a shared key to ensure that the one-way function generates a different set of output data (i.e., hash value) that appear random to the eavesdropper 150 each time the processor 108 performs the one-way function).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Jain’ into the teachings of ‘Kolodner’ as modified by ‘Samsonov’, with a motivation wherein a hash value of a data block is generated using a key value shared by the client device and the server and a counter value corresponding to the data block, as taught by Jain, in order to generate different sets of output data (i.e., hash values) using the one-way function; Jain, Para. [0062].

Regarding claim 14, Kolodner as modified by Samsonov in view of Jain teaches the method of claim 13, Wherein Kolodner fails to disclose but Samsonov further teaches further comprising: receiving, by the server, an update request from the client device (Samsonov, Para. [0042], discloses that the client code set may send a write (i.e., update) request of the data set associated with the hash message authentication code signature to an agnostic data storage (Block 612). The client code set may send a header write (i.e., update) request of the data set to an agnostic data storage to write a simple header having the hash message authentication code signature (Block 614)). 
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation to receive an update request from the client device, as taught by Samsonov, in order for a data storage client to establish a protected storage system with an agnostic data storage; Samsonov, Para. [0003 and 0017].

Regarding claim 15, Kolodner as modified by Samsonov in view of Jain teaches the method of claim 14, Wherein Kolodner fails to disclose but Samsonov further teaches further comprising: updating, by the server, the second representative value and the counter value corresponding to the client signature value in response to the update request (Samsonov, Para. [0040], discloses re-compute the root hash value 516 and re-calculate the hash message authentication code signature 520 using the local trusted counter value incremented by one); 
generating, by the server, a new server signature value by signing the updated second representative value and the updated counter value (Samsonov, Para. [0036], discloses that the primary header instance 502 may combine the root hash value 516 with a present counter value 518 of the trusted counter to create a hash message authentication code signature 520); and 
transmitting, by the server, the new server signature value to the client device (Samsonov, Para. [0043], discloses that the client code set may receive a read response having the data set and associated header conveying the hash message authentication code signature from the agnostic data storage (Block 708)).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation to transmit the new server signature value to the client device, as taught by Samsonov, in order for a data storage client to establish a protected storage system with an agnostic data storage; Samsonov, Para. [0003 and 0017].

Regarding claim 16, Kolodner as modified by Samsonov in view of Jain teaches the method of claim 15, wherein Kolodner further teaches further comprising: receiving, by the server, a new client signature value corresponding to the new server signature value from the client device (Kolodner, Para. [0013 and/or 0023], discloses that client machine 110 calculates the unique signature value for a file that is to be uploaded (e.g., according to the minimal size data chunk signature calculation noted above) and forwards the signature value to server 120 prior to the file upload process being initiated (S310)); 
24verifying, by the server, the new client signature value (Kolodner, Para. [0032], discloses that as noted earlier, a hash process may be used by server 120 […] for the purposes of integrity verification and deduplication, e.g., as disclosed in Para. [0033], when the data chunks are uploaded to the server, the hash function for calculating the file signature may be uniformly applied to the minimal size data chunks that make up the file data chunks to determine the same signature for the same files that may be uploaded by different client machines 110); 
updating, by the server, the data in compliance with the update request after verification of the new client signature value is completed (Kolodner, Para. [0025], discloses that the signature is compared to the records of a deduplication table, for example, to determine whether a duplicate copy exists based on a matching file signature. If so, then the proper deduplication records and file pointers are updated to indicate that the file was successfully uploaded); and 
storing, by the server, the updated data, the new client signature value, the updated representative value, Kolodner, Para. [0023 and 0025], discloses that client machine 110 calculates the unique signature value for a file that is to be uploaded and forwards the signature value to server 120 prior to the file upload process being initiated (S310), and as disclosed in Para. [0027-0028], wherein the hash tree allows for the root of the hash tree which represents the signature value for the entire file to be stored in volatile memory of server 120).  
Kolodner fails to explicitly disclose but Samsonov teaches storing, by the server, the updated data, the new client signature value, the updated representative value, and the updated counter value (Samsonov, Para. [0044], discloses that agnostic data storage may store a data set sent in the write request from the client code set (Block 804). The agnostic data storage may store a header instance describing the data set, possibly sent as a separate request (Block 806). The agnostic data storage may store a hash message authentication code signature (i.e., including Root hash and counter value, as depicted in Fig. 4) sent in the write request, possibly in the header instance (Block 808)).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation to store the updated data, the new client signature value, the updated representative value, and the updated counter value, as taught by Samsonov, in order to establish a virtual replay protected storage system with an agnostic data storage. Wherein, the virtual replay protected storage system may maintain a trusted counter and a secret key in a trusted client environment; Samsonov, Para. [0003 and 0017].

Regarding claim 17, Kolodner teaches a data management apparatus, comprising: at least one processor; and memory for storing at least one instruction executed by the at least one processor (Kolodner, Para. [0037], discloses that the application software and logic code disclosed herein may be implemented in the form of machine readable code executed over one or more computing systems i.e., by using information management system, see Para. [0043]) represented by the exemplary hardware environment 1110. As illustrated, hardware environment 110 may comprise a processor 1101 coupled to one or more storage elements by way of a system bus 1100. The storage elements, for example, may comprise local memory 1102, storage media 1106, cache memory 1104, etc.), 
wherein the at least one instruction is executed by the at least one processor so as to (Kolodner, Para. [0039 and 0043], discloses that an information management system instruct one or more processors 1101 (e.g., microcontrollers) in the hardware environment 1110 on how to function and process information by loading executable code from storage media 1106 to) receive data and a client signature value from a client device (Kolodner, Para. [0013 and/or 0023], discloses that client machine 110 calculates the unique signature value for a file that is to be uploaded (e.g., according to the minimal size data chunk signature calculation noted above) and forwards the signature value to server 120 prior to the file upload process being initiated (S310), and/or as disclosed in Para. [0025], alternatively, a so-called server-side deduplication scheme may be utilized, where the file content is uploaded to the server first, the signature of the file after upload is determined), to segment the data into multiple data blocks, to generate hash values of the multiple data blocks (Kolodner, Para. [0027], discloses that a file is divided into N data chunks (e.g., where a data chunk is equal to or is a multiple of a predetermined minimal size data chunk), a hash tree may be used for the purpose of storing the hash values calculated for the N data chunks (e.g., based on hashes taken over the minimal size data chunks that makeup a data chunk.sub.(i) where "i" is 1 through N))), to generate a first representative value by adding up the generated hash values (Kolodner, Para. [0027], discloses root of the hash tree. Wherein, the hash tree may be used for the purpose of storing the hash values calculated for the N data chunks (e.g., based on hashes taken over the minimal size data chunks that makeup a data chunk.sub.(i) where "i" is 1 through N), and as disclosed in Para. [0028], wherein the root of the hash tree represents the signature value for the entire file), to verify the client signature value using the first representative value (Kolodner, Para. [0032], discloses that as noted earlier, a hash process may be used by server 120 […] for the purposes of integrity verification and deduplication, e.g., as disclosed in Para. [0033], when the data chunks are uploaded to the server, the hash function for calculating the file signature may be uniformly applied to the minimal size data chunks that make up the file data chunks to determine the same signature for the same files that may be uploaded by different client machines 110), to generate a server signature value Kolodner, Para. [0026], discloses that if a match for the file signature is not found (S320), the data chunks associated with the file are uploaded to the server 120 (S340). In one implementation, the server 120 may calculate the signature value for an uploaded chunk and the full signature of the data file), Kolodner, Para. [0023 and 0025], discloses that client machine 110 calculates the unique signature value for a file that is to be uploaded and forwards the signature value to server 120 prior to the file upload process being initiated (S310), and as disclosed in Para. [0027-0028], wherein the hash tree allows for the root of the hash tree which represents the signature value for the entire file to be stored in volatile memory of server 120), and
wherein a hash value of a data block, among the multiple data blocks, is generated using Kolodner, Para. [0021 and/or 0031], discloses that the client machine applies a hash function to the data chunks (1 through N) to obtain the corresponding hash values (i.e., tags)).
Kolodner fails to explicitly disclose but Samsonov teaches to generate a server signature value by signing a second representative value and a counter value corresponding to the client signature value after verification of the client signature value is completed (Samsonov, Para. [0045], discloses to create the hash message authentication code signature in the primary header instance from a root hash of the data set and a counter value of the trusted counter, or see also Para. [0031 or 0036], wherein the header 402 may combine the root hash value 412 with a present counter value 414 of the trusted counter to create a hash message authentication code signature 416), to transmit the server signature value to the client device (Samsonov, Para. [0043, discloses that the client code set may receive a read response having the data set and associated header conveying the hash message authentication code signature form the agnostic data storage (Block 708), or as disclosed in Para. [0044], wherein the agnostic data storage may send a read response having the data set and the hash message authentication code signature to the client code set (Block 812)), and to store the data, the client signature value, the second representative value, and the counter value (Samsonov, Para. [0044], discloses that agnostic data storage may store a data set sent in the write request from the client code set (Block 804). The agnostic data storage may store a header instance describing the data set, possibly sent as a separate request (Block 806). The agnostic data storage may store a hash message authentication code signature (i.e., including Root hash and counter value, as depicted in Fig. 4) sent in the write request, possibly in the header instance (Block 808)).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation to generate a server signature value by signing a representative value and a counter value corresponding to the client signature value, as taught by Samsonov, in order for an agnostic data storage (i.e., server) to establish a virtual replay protected storage system with a data storage client; Samsonov, Para. [0017].
Kolodner, as described above teaches to generate a hash value of a data block using the data block, but Kolodner as modified by Samsonov fails to explicitly disclose but Jain teaches wherein a hash value of a data block, among the multiple data blocks, is generated using a key value shared by the client device and the server, the data block, and a counter value corresponding to the data block (Jain, Para. [0062], discloses examples of suitable one-way functions that the processor 108 performs to generate new pseudo-random outputs (i.e., hash values) given the shared key (shared between the first node and the second node, as disclosed in Para. [0006]) and counter values as inputs include, for example, one of the secure hash algorithm (SHA) family of secure hash functions. Wherein the counter is used to change the value of the input to the one-way function, or see also Para. [0071], wherein each node uses the counter in combination with a shared key to ensure that the one-way function generates a different set of output data (i.e., hash value) that appear random to the eavesdropper 150 each time the processor 108 performs the one-way function).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Jain’ into the teachings of ‘Kolodner’ as modified by ‘Samsonov’, with a motivation wherein a hash value of a data block is generated using a key value shared by the client device and the server and a counter value corresponding to the data block, as taught by Jain, in order to generate different sets of output data (i.e., hash values) using the one-way function; Jain, Para. [0062].

Regarding claim 18, Kolodner as modified by Samsonov in view of Jain teaches the data management apparatus of claim 17, wherein Kolodner fails to explicitly disclose but Samsonov further teaches: in response to a request for modification of a target data block of the multiple data blocks (Samsonov, Para. [0042], discloses that the client code set may send a write (i.e., update) request of the data set associated with the hash message authentication code signature to an agnostic data storage (Block 612)), the second representative value is updated by subtracting a hash value corresponding to the target data block from the second representative value and by adding a new hash value, corresponding to the target data block, thereto, the new hash value is generated using the target data block, the modification of which is requested, and a new counter value (Samsonov, Para. [0033 and 0040], discloses to re-compute the root hash value 516 (i.e., representative value) and re-calculate the hash message authentication code signature 520 using the local trusted counter value incremented by one for each of the updated data sectors), and the counter value is updated to the new counter value by adding 1 to the counter value (Samsonov, Para. [0040], discloses that the local trusted counter value is incremented by one).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation wherein in response to a request for modification of any one of the multiple data blocks, the representative value is updated, as taught by Samsonov, in order for an agnostic data storage (i.e., server) to establish a virtual replay protected storage system with a data storage client; Samsonov, Para. [0017].

Regarding claim 19, Kolodner as modified by Samsonov in view of Jain teaches the data management apparatus of claim 17, wherein Kolodner fails to explicitly disclose but Samsonov further teaches: in response to a request for addition of a target data block to the multiple data blocks, the second representative value is updated by adding an additional hash value, corresponding to the target data block to the second representative value, the additional hash value is generated using the target data block, the addition of which is requested, and a new counter value (Samsonov, Para. [0042], discloses that the client code set may send a write (i.e., update) request of the data set associated with the hash message authentication code signature to an agnostic data storage (Block 612), and as disclosed in Para. [0033], during a sector write (i.e., addition of a data block), the client code set may write data for one or more data sectors 406 to mass storage, and as further disclosed in Para. [0040], to re-compute the root hash value 516 (i.e., representative value) and re-calculate the hash message authentication code signature 520 using the local trusted counter value incremented by one for each of the updated (i.e., a) data sectors), and the counter value is updated to the new counter value by adding 1 to the counter value (Samsonov, Para. [0040], discloses that the local trusted counter value is incremented by one).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation wherein in response to a request for addition of a data block in the multiple data blocks, the representative value is updated by adding an additional hash value, as taught by Samsonov, in order for an agnostic data storage (i.e., server) to establish a virtual replay protected storage system with a data storage client; Samsonov, Para. [0017].

Regarding claim 20, Kolodner as modified by Samsonov in view of Jain teaches the data management apparatus of claim 17, wherein Kolodner fails to explicitly disclose but Samsonov further teaches: in response to a request for deletion of a target data block from the multiple data blocks, the second representative value is updated by subtracting a hash value, corresponding to the target data block from the second representative value (Samsonov, Para. [0042], discloses that the client code set may send a write (i.e., delete) request of the data set associated with the hash message authentication code signature to an agnostic data storage (Block 612), and as disclosed in Para. [0033 and 0040], to re-compute the root hash value 516 (i.e., representative value) and re-calculate the hash message authentication code signature 520 using the local trusted counter value incremented by one for each of the updated (i.e., corrupted/deleted) data sectors), and the counter value is updated by adding 1 thereto (Samsonov, Para. [0040], discloses that the local trusted counter value is incremented by one).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Samsonov’ into the teachings of ‘Kolodner’, with a motivation wherein in response to a request for deletion of any one of the multiple data blocks, the representative value is updated by subtracting a hash value, as taught by Samsonov, in order for an agnostic data storage (i.e., server) to establish a virtual replay protected storage system with a data storage client; Samsonov, Para. [0017].

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Kolodner as modified by Samsonov in view of Jain, as applied above, and further in view of Cowling; James et al. (US 2016/0092125 A1), hereinafter (Cowling).

Regarding claim 6, Kolodner as modified by Samsonov in view of Jain teaches the method of claim 1, wherein Kolodner further teaches when the data block has a different size from the other ones of the multiple data blocks, the hash value is generated using Kolodner, Para. [0021 and/or 0031], discloses that the client machine applies a hash function to the data chunks (1 through N) to obtain the corresponding hash values, and as disclosed in Para. [0019], wherein the size of a data chunk may be equal to or a multiple of a certain minimal size (e.g., 1 MB), and as disclosed in Para. [0020], the data chunk manager 114 may divide a target data file into a plurality of minimal size data chunks or into a plurality of data chunks that are a multiple of the minimal size. For example, a 40 MB file may be divided into 40 one-MB data chunks, or 20 two-MB data chunks, or 10 four-MB data chunks, or alternatively into 10 two-MB data chunks and 20 one-MB data chunks, where the minimal data chunk is designated as 1 MB. The data chunk size may be determined based on preference or an algorithm taking into account the most optimum chunk size according to network conditions, available bandwidth, etc.). 
Kolodner as modified by Samsonov fails to explicitly disclose but Jain teaches the hash value is generated using the key value shared between the client device and the server, the data block, Jain, Para. [0062], discloses examples of suitable one-way functions that the processor 108 performs to generate new pseudo-random outputs (i.e., hash values) given the shared key (shared between the first node and the second node, as disclosed in Para. [0006]) and counter values as inputs include, for example, one of the secure hash algorithm (SHA) family of secure hash functions. Wherein the counter is used to change the value of the input to the one-way function, or see also Para. [0071], wherein each node uses the counter in combination with a shared key to ensure that the one-way function generates a different set of output data (i.e., hash value) that appear random to the eavesdropper 150 each time the processor 108 performs the one-way function).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Jain’ into the teachings of ‘Kolodner’ as modified by ‘Samsonov’, with a motivation wherein a hash value of a data block is generated using a key value shared by the client device and the server and a counter value corresponding to the data block, as taught by Jain, in order to generate different sets of output data (i.e., hash values) using the one-way function; Jain, Para. [0062].
Kolodner as modified by Samsonov in view of Jain fails to explicitly disclose but Cowling teaches the hash value is generated using the key value shared between the client device and the server, the data block, a length of the data block, and the counter value corresponding 22to the data block22 (Cowling, Para. [0065], discloses that each data block is associated with a “hash” that serves as a global identifier for the data block. The hash can be computed from the data block by running through a hash function, such as a SHA-256 hash function, and as disclosed in Para. [0103], wherein a typical hash table entry 930 is illustrated in FIG. 9C. This hash table entry 930 includes an offset 932 (i.e., counter value), and also a length 934 of an associated data block for the extent).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Cowling’ into the teachings of ‘Kolodner’ as modified by ‘Samsonov’ and ‘Jain’, with a motivation to generate hash value using a key value shared between the client device and the server, the data block,  length of the data block and a counter value corresponding to the data block, as taught by Cowling, in order to design a data storage system that stores sets of data blocks in extents that are located in storage devices in the system; Cowling, Para. [0008].

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action (See PTO-892).  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose telephone number is 571-272-1239. The examiner can normally be reached on 8AM-4PM (EST) Monday-Friday. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on 571-272-7624.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALI CHEEMA/
Examiner, Art Unit 2496

/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496