Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
2.	Applicant’s arguments filed on 04/11/2020, with respect to the 35 U.S.C. § 102(a)(1)/(a)(2) rejection of  claims 1-6, 8-13, and 15-20 as being anticipated by U.S. Patent No. 10,102,356 (“Sahin”) have been fully considered. However, upon further consideration, a new ground(s) of rejection is made in view of amended claims.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
3.	Claims 1-6, 8-12 and 15-21 are rejected under 35 U.S.C. 103 as being unpatentable by U.S. Patent No. 10102356 hereinafter Sahin in view of US 20120324236 hereinafter Srivastava.

As per claim 1, Sahin discloses:
A method (Col. 1 Lines 47-51 “In accordance with one aspect of the techniques described herein is a method of processing control commands comprising: receiving first information identifying a first portion of one or more
control commands for a second portion of one or more data storage entities.”) comprising:
detecting, by the data protection system, a request to perform a restricted
operation with respect to a recovery dataset configured to be used by a storage system to recover (Col. 9 Lines 27-47 “The control path, also sometimes referred to as the management path, may be characterized as the path or flow of data management or control commands through a system. For example, the control or management path may be the logical flow through hardware and software components or layers in connection with issuing data storage management command to and/or from a data storage system, and also receiving responses (possibly including requested data) to such control or management commands. Such commands may be, for example, to establish or modify data services, provision storage, perform user account management, and the like. For example, commands may be issued over the control path to provision storage for LUNs, create a snapshot, delete a snapshot, define or establish local and/or remote replication services, define or modify a schedule for snapshot or other data replication services, define a RAID group, obtain data storage management and configuration information for display in a graphical user interface of a data storage management program or application, generally modify one or more aspects of a data storage system configuration, and the like .” Col. 19 Lines 4- 17 “At step 402, a subset of data storage entities, such as a subset of defined LUNs and associated snapshots of such LUNs, for which secure authentication of the control path is required for execution of control commands. At step 404, the control commands are identified, such as a subset of possible control commands, for which secure authentication is required to execute such identified control commands. In one embodiment, steps 402 and 404 may result in identifying a set of one or more LUNs and associated snapshots for which control commands which modify any state information related to the LUNs or associated snapshot require secure authentication of the control path using techniques herein.”);
from a data corruption event within the storage system (Col. 10 Lines 41- 52 “In a case where only the data path is compromised in connection with a system having LUNs and snapshots thereof such as mentioned above, malicious commands may be issued over the compromised data path causing data corruption of the source LUN and/or its snapshot LUN. For example, the data path may be compromised whereby malicious I/O commands are issued to the source LUN and/or its snapshot such as to overwrite existing valid customer data with bad, corrupt or invalid data. Once discovered, data recovery to an earlier point in time copy of the source LUN may be possible such as by restoring the source LUN to an earlier snapshot of the LUN.”) monitoring, by the data protection system in response to the request, for an occurrence of a predetermined set of one or more authorization events performed with one or more hardware tokens (Col. 19 Lines 20-29 “In step 406, the pass code provider is configured to require two-factor authentication of a user requesting a pass code. As described elsewhere herein, step 406 may include configuring a particular hardware token or fob having an associated seed used to
generate the random numbers displayed on the hardware token or fob assigned to the user. Thus, steps, 402, 404 and 406 may be performed at a first point in time to set up the systems and components used in subsequent processing steps in accordance with techniques herein.” Col. 19 Lines 30-32 “At step 408, a user connects to the pass code provider and is authenticated by the pass code provider using two-factor authentication. At step 409, a determination is made as to whether user authentication in step 408 was successful. .”);
and preventing, by the data protection system, the restricted operation
from being executed until the each of the one or more authorization events included in the predetermined set occurs (Col. 19 Lines 32-57 “It step 409 evaluates to no, control proceeds to step 411 to return an authentication failure message to the user. If step 409 evaluates to yes, control proceeds to step 410 where the pass code provider generates a pass code in accordance with one or more criteria and provides the generated pass code to the user. At step 412, over the control path, the user issues a control command to the data storage system and also provides the pass code. The control command in step 412 may be one of the control commands in the subset of control commands defined via steps 402 and 404 that requires a valid pass code in order for the data storage system to execute the control commands. At step 414, the data storage system receives the pass code and control command. In step 416, the data storage system determines a computed pass code for the control command received using the same algorithm and one or more criteria used by the pass code provider in generating the pass code in step 410. In step 418, a determination is made as to whether the computed pass code matches the received pass code in step 414. If step 418 evaluates to yes, control proceeds to step 422 to execute the control command and return a suitable response to the user. If step 418 evaluates to no, control proceeds to step 420 where the control command is not executed and a suitable response is returned to the user.”). 
	
	Sahin discloses:
restricted operation configured to perform one or more of a modification of the snapshot or a modification of a retention duration for the snapshot, the retention duration defining a duration that the snapshot is saved before being deleted

	Srivastava discloses:
restricted operation configured to perform one or more of a modification of the snapshot or a modification of a retention duration for the snapshot, the retention duration defining a duration that the snapshot is saved before being deleted (para 0017 “ During a tampering attack, the compromised host modifies the contents of the snapshot and/or modifies the runtime memory and CPU state of the target virtual machine during the snapshot generation process to remove evidence of malware or improper activity. A reordering attack occurs when the compromised host reorders the content of the memory pages in the snapshot without modifying the contents of individual memory pages. A reordering attack may result in a failure of forensic analysis utilities to locate security-relevant data in the snapshot. The compromised host performs a replaying attack by providing an old snapshot of the target virtual machine that does not contain any malicious components. Finally, during a masquerading attack, the compromised host intercepts a snapshot request and modifies the parameters of the request to provide a snapshot of a virtual machine different from the target virtual machine.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of processing control commands of Sahin to include e restricted operation configured to perform one or more of a modification of the snapshot or a modification of a retention duration for the snapshot, the retention duration defining a duration that the snapshot is saved before being deleted , as taught by Srivastava. 
The motivation would have been to properly identify restricted actions to snapshot data in order to control access to backup data.
	As per claim 2, Sahin in view of Srivastava discloses:
The method of claim 1, further comprising: detecting, by the data protection system while performing the monitoring, that each of the one or more authorization events included in the predetermined set occurs; and allowing, by the data protection system, the restricted operation to be executed (Sahin in view of Srivastava Col. 19 Lines 30-52).

As per claim 3, Sahin in view of Srivastava discloses:
The method of claim 2, wherein the allowing the restricted operation to be executed comprises performing the restricted operation (Sahin Col. 19 Lines 30-52). 

As per claim 4, Sahin in view of Srivastava discloses:
The method of claim 2, wherein the allowing the restricted operation to be executed comprises directing the storage system to perform the restricted operation (Sahin Col. 9 Lines 27-47 and Col. 19 Lines 4-52).

As per claim 5, Sahin in view of Srivastava discloses:
The method of claim 2, wherein: the snapshot is stored within an additional storage system remote from the storage system; and the allowing the restricted operation to be executed comprises directing the additional storage system to perform the restricted operation (Sahin Col. 9 Lines 27-47).

As per claim 6, Sahin in view of Srivastava discloses:
The method of claim 1, wherein the occurrence of the predetermined set of one or more authorization events comprises a communicative coupling of the one or more hardware tokens with one or more hardware token readers associated with the data protection system (Sahin Col. 11 Lines 47-54).

As per claim 8, Sahin in view of Srivastava discloses:
The method of claim 1, wherein: a total of N hardware tokens are authorized to be used with the data protection system, where N is an integer greater than two; and the predetermined set of one or more authorization events comprises authorization events performed by at least M hardware tokens included in the N hardware tokens, where M is an integer greater than one (Sahin Col. 12 Lines 58- Col. 13 Line 21).

As per claim 9, Sahin in view of Srivastava discloses:
The method of claim 1, wherein: the monitoring further comprises
monitoring for an occurrence of a predetermined additional set of one or more
non-hardware token based authorization events; and the preventing further comprises preventing the restricted operation from being executed until each of the one or more authorization events included in the predetermined additional set occurs (Sahin Col. 19 Lines 4-52). 

As per claim 10, Sahin in view of Srivastava discloses:
The method of claim 1, further comprising preventing, by the data protection system, the restricted operation from being executed unless the one or more authorization events occur within a predetermined amount of time (Sahin Col. 114 Lines 55- Col. 12 Line 2 and 12 Lines 58- Col. 13 Line 21).

As per claim 11, Sahin in view of Srivastava discloses:
The method of claim 1, further comprising: detecting, by the data protection system prior to the request, an anomaly associated with the storage system; and directing, by the data protection system prior to the request and in response to detecting the anomaly, the storage system to generate the snapshot (Col. 9 Line 64- Col. 10 Line 30).

As per claim 12, Sahin in view of Srivastava discloses:
The method of claim 1, further comprising: directing, by the data protection system, the storage system to generate a plurality of snapshots over time, the snapshots usable to restore data maintained by the storage system to a state corresponding to a selectable point in time; wherein the snapshot is included in the plurality of snapshots (Sahin Col. 9 Line 64- Col. 10 Line 30). 

As per claim 15, Sahin in view of Srivastava discloses:
The method of claim 1, wherein the data protection system is implemented by a controller within the storage system (Sahin Figs. 1 and 3).

As per claim 16, Sahin in view of Srivastava discloses:
The method of claim 1, wherein the data protection system is implemented by a computing system communicatively coupled to the storage system by way of a network (Sahin Figs. 1 and 3).

As per claim 17, Sahin in view of Srivastava discloses:
The method of claim 1, wherein the recovery dataset comprises a snapshot of a storage structure within the storage system (Sahin Col. 9 Line 64- Col. 10 Line 30).

As per claim 18, the implementation of the method of claim 1 will execute
the system of claim 18. The claim is analyzed with respect to claim 1.

As per claim 19, the claim is analyzed with respect to claim 2.

As per claim 20, the implementation of the method of claim 1 will execute
the non-transitory computer-readable medium (Col. 20 Lines 40-45) of claim
20. The claim is analyzed with respect to claim 1.

As per claim 21, Sahin in view of Srivastava discloses:
The non-transitory computer-readable medium of claim 20, wherein the
instructions are further configured to direct the processor of the computing device to:
detect, while performing the monitoring, that each of the one or more authorization events included in the predetermined set occurs; and
allow the restricted operation to be executed (Srivastava para 0029 and 0032, The motivation would have been to properly identify restricted actions to snapshot data in order to control access to backup data).

4. 	Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Sahin in view of Srivastava, and further in view of U.S. Publication No. 20160352518 hereinafter Ford. 

As per claim 7, Sahin in view of Srivastava discloses: 
The method of claim 1, further comprising: the recovery dataset (Sahin Figs. 1 and 3) 
Sahin in view of Srivastava does not disclose: 
encrypting, by the data protection system, the recovery dataset with a key that is then encrypted with a public key; wherein the occurrence of the predetermined set of one or more authorization events comprises a transmission of a private key corresponding to the public key from the one or more hardware tokens to the data protection system 

Ford discloses: 
encrypting, by the data protection system, the recovery dataset with a key that is then encrypted with a public key (para 0100 “The process then decrypts (at 1240) the master recovery object encrypted with the public key to which the recovered private key corresponds using that private recovery key received from the HSM, which reveals the master recovery key (or master recovery key data).”): 
wherein the occurrence of the predetermined set of one or more authorization events comprises a transmission of a private key corresponding to
the public key from the one or more hardware tokens to the data protection system (Fig 12, para 0095 “As shown, the process 1200 begins by providing (at 1205) a user interface for the user to enter data for backup recovery. In some embodiments, this interface includes a list of devices that have registered escrow objects for the cloud services account with which the new device has been associated. When the user selects one of the established devices from the list, the new device provides the user with an interface via which the user can enter the passcode for the selected device, from which the escrow key can be generated. The device then receives (at 1210) the user-entered backup recovery code (e.g., the passcode). |.” Para 0096 “Based on the user-entered backup recovery code, the process generates (at 1215) a private escrow key, and escrow key verification data from the private escrow key. As mentioned, the key generation process and subsequent verification data generation process are deterministic, such that if given the same seed data, the process will produce the same key and subsequently the same verification data. Thus, if the user enters the passcode that was used on the selected established device, the new device will generate the correct private escrow key that will unlock the escrow object registered by the selected established device. The process 1200 then sends (at 1220) the generated private escrow key verification data to the HSM with which the escrow object is registered.”)
Therefore, it would have been obvious to one of ordinary skill in the art
before the effective filing date of the claimed invention to modify the method of processing control commands of Sahin in view of Srivastava to include encrypting, by the data protection system, the recovery dataset with a key that is then encrypted with a public key; wherein the occurrence of the predetermined set of one or more authorization events comprises a transmission of a private key corresponding to the public key from the one or more hardware tokens to the data protection system, as taught by Ford. 
The motivation would have been to properly control access to backup data by securely decrypting the backup data with an authorized key.

5. 	Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Sahin in view of Srivastava, and further in view of U.S. Publication No. 20180375826 hereinafter Chang. 

As per claim 14, Sahin in view of Srivastava discloses: 
The method of claim 1, wherein the data corruption event (Sahin Col. 10 Lines 24-30) 

Sahin in view of Srivastava does not disclose: 
data corruption event comprises a ransomware attack against a storage system 

Chang discloses: 
data corruption event comprises a ransomware attack against a storage system (para 0016 “The third embodiment of the present invention is an active network backup device having the function of ruling out file corruption instructions, which is comprised of: at least a mainframe having an authority unit; a piece of hardware, directly or indirectly connected to at least a mainframe in a wired or wireless local area network and having an internal access space for storing the data copied from at least the mainframe, and the authority unit of at least the mainframe accessible by the hardware to actively and unilaterally grab and copy data from the mainframe and unilaterally write data in the process of backup data restore in the mainframe; particularly, to ensure the security of backup files, the hardware cannot execute destructive instructions, such as deleting, revising or opening files (execution of files) or other instructions to destroy or change files but the nondestructive instructions such as creating, moving, copying, backup and restore of data. If any backup data copied to the hardware are previously infected by viruses, because the viruses cannot be executed or run in the hardware, the previous backup data will not be destroyed. In addition, the data are protected from accidental deletion due to setting errors, or any ransomware or malicious programs in the disguise of setting programs being downloaded and executed by careless users.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of processing control commands of Sahin in view of Srivastava to include data corruption event comprises a ransomware attack against a storage system, as taught by Chang. 
The motivation would have been to protect any data corruption and
properly restore data.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GARY S GRACIA/Primary Examiner, Art Unit 2499