DETAILED ACTION
This Non-Final Office Action is in response to the request for continued examination filed on 05/23/2022.  	Claims 1, 7-11 and 17-28 are being considered on the merits.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 05/23/2022 has been entered.
Response to Arguments
3.	Applicant's arguments filed 05/23/2022 have been fully considered but they are not persuasive. Applicant argues that regarding independent claims 1, 11 and 20, Prahlad and O’Hare fail to teach “obtaining a setting table specifying an encryption mode and a size and offset for the partial data to be encrypted prior to transmission to a public cloud for storage” and “identifying, in accordance with the size and the offset from the setting table, a first portion of the data to be encrypted, to obtain first target data and a remaining portion of the data” as amended.
With respect to this argument, as disclosed below, Prahlad in paragraph [0066] discloses a storage policy as a data structure or other information source which includes a set of preferences and other storage criteria associated with performing a storage operation. The preferences and storage criteria include a storage location (or a class or quality of storage location), deduplication requirements, relationships between system components, network pathways to utilize in a storage operation, retention policies, data characteristics, compression or encryption requirements, preferred system components to utilize in a storage operation, the estimated or historic usage or cost associated with operating system components, frequency or use/access/etc. various time-related factors, single-instancing and/or deduplication information, and other criteria relating to a data storage or management operation. In paragraph [0162], location of a data object is identified as a starting offset, and its length or size. 
 Therefore, the combination of Prahlad and O’Hare, as disclosed above, teach the claimed limitations of independent claims 1, 11 and 20 and thereby the dependent claims. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



4.	Claims 1, 7-11 and 17-28 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub. No. US 2010/0332401 A1 to Prahlad, (hereinafter, “Prahlad”) in view of US Pub No. US 2016/014747 A1 to O’Hare, (hereinafter, “O’Hare”).
As per claims 1, 11 and 20, Prahlad teaches a hybrid-cloud data storage method, a gateway, and a non-transitory computer readable storage medium storing a plurality of machine readable instructions in connection with a gateway, respectively, applied to a gateway having one or more processors and memory storing a plurality of programs to be executed by the one or more processors, the method comprising: 
obtaining a setting table specifying an encryption mode and a size and offset for the partial data to be encrypted prior to transmission to a public cloud for storage (Prahlad, para. [0066] “storage operations may be performed according to various storage preferences, for example, as expressed by a user preference or a storage policy. A "storage policy" is generally a data structure or other information source that includes a set of preferences and other storage criteria associated with performing a storage operation. The preferences and storage criteria may include, but are not limited to, a storage location (or a class or quality of storage location), deduplication requirements, relationships between system components, network pathways to utilize in a storage operation, retention policies, data characteristics, compression or encryption requirements, preferred system components to utilize in a storage operation, the estimated or historic usage or cost associated with operating system components, frequency or use/access/etc. various time-related factors, single-instancing and/or deduplication information, and other criteria relating to a data storage or management operation. For example, a storage policy may indicate that certain data is to be stored in the storage device 115, retained for a specified period of time before being aged to another tier of secondary storage, copied to the storage device 115 using a specified number of data streams, etc. As one example, a storage policy may specify that certain data should be stored in one or more target cloud storage sites 115A-N, as described herein.” And para. [0296] “The division component may perform different processes when determining how to divide a data object. For example, the division component may include indexing, header, and other identifying information or metadata in a first sub-object, and include the payload in other sub-objects. The division component may identify and/or retrieve file format or schema information from an index, FAT, NFS, or other allocation table in the file system to determine where certain sub-objects of a data object reside (such as the first or last sub-object of a large file). The division component may follow a rules-based process when dividing a data object, where the rules may define a minimum or maximum data size for a sub-object, a time of creation for data within a sub-object, a type of data within a sub-object, and so on.”);
obtaining data to be stored in the public cloud storage (Prahlad, para. [0080] “The clients 130, as part of their function, may utilize data, which includes files, directories, metadata, and other data objects. The data on the clients 130 is typically a primary copy (e.g., a production copy). During a copy, backup, archive or other storage operation, the clients 130 may send a copy of some data objects to a secondary storage computing device 165 by utilizing one or more data agents 195.”); 
identifying, in accordance with the size and the offset from the setting table, a first portion of the data to be encrypted, to obtain first target data and a remaining portion of the data (Prahlad, para. [0162] “FIG. 5C illustrates a data structure 520 for the metadata file 504. The data structure 520 consists of one or more stream headers 522 and stream data 524. The stream header 522 describes a data object contained in an "N" file 506 or an "S" file 508 (e.g., its location, its size, an offset within the file, etc.). The stream data 524 contains the pointer to the data object contained in the "N" file 506 or the "S" file 508. For example, the pointer may give its location within the "N" file 506 or the "S" file 508. The location of the data object may be given by offsets within the "N" file 506 or the "S" file 508. For example, its location may be given by a starting offset, and its length or size. As another example, its location may be given by a starting offset and an ending offset. As previously mentioned, the data object may be in an "S" file 508 in another chunk folder, and the stream data 524 would point to this "S" file in the other chunk folder (e.g., give its location in the "S" file in the other chunk folder). Each time the deduplication module 299 places a data object in the "S" file 508, the deduplication module 299 adds a stream header 522 and corresponding stream data 524 to the metadata file 504.”);
in accordance with the encryption mode, obtaining a first key provided by an encryption chip connected to the gateway (Prahlad, para. [0407] “FIG. 29 illustrates a process 2900 for encrypting files stored within a cloud storage site 115A-N. The process may be performed by cloud storage submodule 236, or any other suitable system component. The process begins at block 2910, when cloud storage submodule 236 receives a request to encrypt a file located on a target cloud storage site. For example, cloud storage submodule 236 may receive an indication of which target files within a target cloud storage site should be encrypted. Cloud storage submodule 236 may also receive an indication of which encryption method should be utilized, one or more encryption keys and/or additional information.”);
Prahlad teaches all the limitations of claims 1, 11 and 20 above, however fails to explicitly teach but O’Hare teaches: 
obtaining a first ciphertext by encrypting the first target data using the first key; generating a data slice using the first ciphertext and the remaining portion of the data (O’Hare, para. [0124] “After header generation is complete (e.g., using simplified header generation process 900), the secure data parser may enter the data partitioning phase using simplified data parsing process 910. Each incoming data packet or data block in the stream is encrypted using the encryption key, K, at step 912. At step 914, share integrity information (e.g., a hash H) may be computed on the resulting ciphertext from step 912. For example, a SHA-256 hash may be computed. At step 916, the data packet or data block may then be partitioned into two or more data shares using one of the data parsing algorithms described above. In some embodiments, the data packet or data block may be parsed so that each data share contains a substantially random distribution of the encrypted data packet or data block. The integrity information (e.g., hash H) may then be appended to each data share. An optional post-authentication tag (e.g., MAC) may also be computed and appended to each data share in some embodiments.” And para. [0179] “when a change is detected in a cluster block module 1508, at process 1511, the data block/cluster block with the change is compressed and cryptographically split at process 1512. The result of this operation is written to the upload directory as an upload block/cluster block at 1514. Upon confirmation that the upload block/cluster block has been written, the gateway controller 1513 may change the state of the data block/cluster block to an “uploaded” state at 1516.”); and 
transmitting the data slice to the public cloud storage (O’Hare, para. [0127] “As shown in illustrative share format 1000 of FIG. 10, header block 1002 may be associated with two or more output blocks 1004. Each header block, such as header block 1002, may be designed to fit within a single network data packet. In some embodiments, after header block 1002 is transmitted from a first location to a second location, the output blocks may then be transmitted. Alternatively, header block 1002 and output blocks 1004 may be transmitted at the same time in parallel. The transmission may occur over one or more similar or dissimilar communications paths.” And para. [0128] “Each output block may include data portion 1006 and integrity/authenticity portion 1008. As described above, each data share may be secured using a share integrity portion including share integrity information (e.g., a SHA-256 hash) of the encrypted, pre-partitioned data. To verify the integrity of the outputs blocks at recovery time, the secure data parser may compare the share integrity blocks of each share and then invert the parse algorithm. The hash of the recovered data may then be verified against the share hash.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of O’Hare’s gateway for cloud-based secure storage into Prahlad’s data storage operations with a cloud storage environment, with a motivation for data security and latency when sending or downloading data files from a remote location  (O’Hare, para. [0003]). 

As per claims 7 and 17, the combination of Pahlad and O’Hare teach the hybrid-cloud data storage method according to claim 1 and the gateway according to claim 11, respectively, wherein: 
the first portion of the data to be encrypted is identified in accordance with the setting table, indicating that the data is to be partially encrypted (Prahlad, para. [0295] “Sub-object-based file migration, or sub-object-based data migration, involves splitting a data object into two or more portions of the data object, creating an index that tracks the portions, and storing the data object to secondary storage via the two or more portions. The nature of sub-objects was described previously with respect to the description of deduplication module 299. As described above, in some examples the cloud gateway 1540 migrates sub-objects of data (sets of blocks) that comprise a data object from the cache 1644 to another storage location, such as to a cloud storage site. In some cases, the data migration component 1642 may include a division component that divides data objects into sub-objects. The division component may perform in a substantially similar fashion to the object division component described previously with respect to the deduplication module 299. The division component may receive files to be stored in the cache 1644, divide the files into two or more sub-objects, and store the files as two or more sub-objects in the cache. The division component may update more or more indexes that maintains information to associate particular files with their corresponding sub-objects for that file, the data blocks of the sub-objects, and soon.” And para.  [0296] “The division component may perform different processes when determining how to divide a data object. For example, the division component may include indexing, header, and other identifying information or metadata in a first sub-object, and include the payload in other sub-objects. The division component may identify and/or retrieve file format or schema information from an index, FAT, NFS, or other allocation table in the file system to determine where certain sub-objects of a data object reside (such as the first or last sub-object of a large file). The division component may follow a rules-based process when dividing a data object, where the rules may define a minimum or maximum data size for a sub-object, a time of creation for data within a sub-object, a type of data within a sub-object”).
As per claim 8, the combination of Pahlad and O’Hare teach the hybrid-cloud data storage method according to claim 5, further comprising: 
obtaining a second key provided by the encryption chip in accordance with the setting table indicating that the data is to be completely encrypted; obtaining a second ciphertext by encrypting the remaining portion of the data using the second key (O’Hare, para. [0174] “When one or more of the cluster blocks are sent from the local cache to a cloud-based storage device 1405a-c, the cloud interface library 1409 may apply a second cryptographic operation on the already secured cluster blocks from the local cache memory using, for example, a second encryption key different from the first encryption key. The first encryption key and the second encryption key, as managed by the key manager 1411, may be stored at the same or different storage locations from the storage location of the respective cluster block(s). At the cloud interface library 1409, each cluster block may be distributed in a number of data shares, and the data shares 1406a-c are stored by the one or more remote storage devices 1405a-c.”); and 
wherein generating the data slice using the first ciphertext and the remaining portion comprises generating the data slice using the first ciphertext and the second ciphertext (O’Hare, para. [0175] “the cloud interface library 1409 may split each cluster block into a plurality of secondary data units, and cause each secondary data unit to be placed into one of the number of data shares. The secondary data units may be placed into shares using a key generated, for example, based on a random or pseudo-random number. The splitting may be performed in a manner such that each cluster block may be restorable by recombining a subset less than all of the secondary data units from the number of data shares 1406a-c. The split key may be stored and/or managed by the key manager 1411.”).

As per claims 9 and 18, the combination of Pahlad and O’Hare teach the hybrid-cloud data storage method according to claim 8 and the gateway according to claim 17, respectively, wherein the obtaining the second key comprises: 
determining whether a key previously requested from the encryption chip is within a set life cycle; assigning the previously-requested key as the second key in a case that the previously-requested key is within the set life cycle (O’Hare, para. [0177] “The block device 1506 (e.g., similar to the block device layer 1403 in FIG. 14) may then receive the write operation request and pass the write request to a device mapper 1507 to direct the write request to the cluster block module 1508 (e.g., similar to the transparent block device 1408 in FIG. 14). The device mapper 1507 translates the block I/O into file I/O using a block map that reads and writes blocks into sequential cluster blocks. For example, the device mapper 1507 obtains a write operation request that is associated with a data file, and then may translate identifying information of the data file to identifying information (e.g., sequential identifiers, etc.) of one or more cluster blocks that represent the data file and that are stored in the storage volume. A block map may be used by the device mapper 1507, which may include mapping information between a data file and the associated cluster blocks. For instance, the block map may map one or more data files to a specific cluster block when the specific cluster block includes data blocks from the one or more data files. Or alternatively, the block map may map a data file to one or more cluster blocks when the one or more cluster blocks includes data blocks from the data file.” And para. [0203] “At step 2404, the gateway manger may request a second capture of a state of one or more cluster blocks stored by the one or more remote storage devices at the timestamp. The one or more cluster blocks are related to one or more data files stored with the local file system. For example, the one or more cluster blocks may include a part an entirety of a data file that is currently stored, or has been previously stored associated with the local file system.”); 

requesting another key from the encryption chip in a case that the previously-requested key is not within the set life cycle, and assigning the another key as the second key (O’Hare, para. [0181] “FIG. 15B, the user 1501 may send a read request to a PC 1502 or a server 1503…when the block/cluster block does not exist in the local cache at step 1529, a cache miss 1530 is identified. For each "cache miss," a read request may be send to the cloud read operation 1532 for the missing data block/cluster block at 1531. The cloud read operation 1532 may read the data block/cluster block from the respective cloud object storage 1518, return the read data block/cluster block to an upload block directory 1533. The gateway controller 1534 may then perform decompression of the retrieved data block/cluster block at the decompression process 1535. As the retrieved data block/cluster block at the decompression process 1535 may be in the form of data shares, the data shares may be reassembled and decrypted, and then be populated to the cluster block module 1508.” And para. [0095] “Cipher feedback key generator 514 may generate, for each secure data parser operation, a unique key, or random number (using, for example, random number generator 512), to be used as a seed value for an operation that extends an original session key size (e.g., a value of 128, 256, 512, or 1024 bits) into a value equal to the length of the data to be parsed.”).

As per claims 10 and 19, the combination of Pahlad and O’Hare teach the hybrid-cloud data storage method according to claim 1 and the gateway according to claim 11, respectively, further comprising: 
determining whether an address space of the obtained data corresponds to an address space of the that is referenced in the setting table (Prahlad, para. [0291] “FIG. 1 when transferring the data to the media agent. For example, before transferring data, the system may review a storage policy as described herein to select a media agent, such as secondary storage computing device 165, based on instructions within the storage policy. In step 1825, the system optionally updates an allocation table, such as a file allocation table ("FAT") for the file system 1730 associated with the cloud gateway to indicate the data blocks that no longer contain data and are now free to receive and store data from the file system.” And para. [0293] “prior to storing data from the blocks to a different data store, the cloud gateway 1540 may encrypt and/or compress data as described previously with respect to FIG. 3B. The cloud gateway may create, generate, update, and/or include an allocation table, (such as a table for the data store) that tracks the transferred data and the data that was not transferred. The table may include information identifying the original data blocks for the data, the name of the data object (e.g., file name), the location of any transferred data blocks (including, e.g., offset information), and so on.”); and 
determining, according to a storage frequency of the data that is referenced in the setting table, whether the obtained data should be encrypted (Prahlad, para. [0066] “storage operations may be performed according to various storage preferences, for example, as expressed by a user preference or a storage policy. A "storage policy" is generally a data structure or other information source that includes a set of preferences and other storage criteria associated with performing a storage operation. The preferences and storage criteria may include, but are not limited to, a storage location (or a class or quality of storage location), deduplication requirements, relationships between system components, network pathways to utilize in a storage operation, retention policies, data characteristics, compression or encryption requirements, preferred system components to utilize in a storage operation, the estimated or historic usage or cost associated with operating system components, frequency or use/access/etc. various time-related factors, single-instancing and/or deduplication information, and other criteria relating to a data storage or management operation. For example, a storage policy may indicate that certain data is to be stored in the storage device 115, retained for a specified period of time before being aged to another tier of secondary storage, copied to the storage device 115 using a specified number of data streams, etc. As one example, a storage policy may specify that certain data should be stored in one or more target cloud storage sites 115A-N”); and
triggering, in a case that the determining results are both yes, the operation of identifying the first portion of the data (Prahlad, para. [0296] “The division component may perform different processes when determining how to divide a data object. For example, the division component may include indexing, header, and other identifying information or metadata in a first sub-object, and include the payload in other sub-objects. The division component may identify and/or retrieve file format or schema information from an index, FAT, NFS, or other allocation table in the file system to determine where certain sub-objects of a data object reside (such as the first or last sub-object of a large file). The division component may follow a rules-based process when dividing a data object, where the rules may define a minimum or maximum data size for a sub-object, a time of creation for data within a sub-object, a type of data within a sub-object, and so on.” And para. [0298] “Referring to FIG. 19, a flow diagram illustrating a routine 1900 for performing sub-object-level data migration in a cloud gateway 1540 is shown. In step 1910, the system identifies sub-objects of data blocks within a data store that satisfy one or more criteria. The data store may store large files (>50 MB), such as databases associated with a file system, SQL databases, Microsoft Exchange mailboxes, virtual machine files, and so on. The system may compare some or all of the sub-objects (or, information associated with the sub-objects) of the data store with predetermined and/or dynamic criteria. The predetermined criteria may be time-based criteria within a storage policy or data retention policy. The system may review an index with the division component 815 when comparing the sub-objects with applicable criteria.”).
As per claim 21, the combination of Pahlad and O’Hare teach the hybrid-cloud data storage method according to claim 1, wherein the setting table is stored at the gateway (Prahlad, para. [0290] “To determine which blocks have changed, and when, the cloud gateway 1540 can monitor the activity of the file system 1730 via the callback layer 1750. The cloud gateway may store a data structure, such as a bitmap, table, log, and so on within the cache 1644 or other memory in the NAS filer 1505 or elsewhere, and update the data structure whenever the file system calls the cache 1644 to access, update, or change the data blocks within the cache 1644. The callback layer 1750 traps commands to the cache 1644, where that command identifies certain blocks on a disk for access or modifications, and writes to the data structure the changed blocks and the time of the change. The data structure may include information such as the identification of the changed blocks and the date and time that the blocks were changed. The data structure, which may be a table, bitmap, or group of pointers, such as a snapshot, may also include other information, such as information that maps file names to blocks, information that maps sub-objects to blocks and/or file names, and so on, and identify when accesses/changes were made.”); and 
wherein content recorded in the setting table is modifiable by a user of the gateway (Prahlad, para. [0305] “the system receives input from a user to modify the retrieved blocks or sub-objects. For example, the user updates the PowerPoint presentation to include a different picture. In step 2050, the system transfers data associated with the modified blocks or sub-objects back to the cloud gateway 1540, where it remains in a cache or is transferred to secondary storage, and updates the table/index. Thus, the system, leveraging block-based or sub-object-based data migration in a cloud gateway, restores only portions of data objects required by a file system.”).
As per claim 22, the combination of Pahlad and O’Hare teach the method of claim 1, wherein the setting table further includes a quantity of times of read-write intervals for the gateway to obtain a key from the encryption chip (Prahlad, para. [0249] “At step 1210 the media file system agent 240 is consulted to determine an archive file ID and an offset of the data object to be restored. The media file system agent 240 can determine this information from a data structure, such as a tree index (for example, a c-tree may be used, which, in some examples, is a type of self-balancing b-tree), that it maintains for each archive file. For example, an archive file may be based on files 1 through n, with file 1 at offset 1, file 2 at offset 2, file n at offset n, and so on. The media file system agent 240 maintains one tree index per full storage operation cycle. (A storage operation cycle consists of a cycle from one full storage operation of a set of data, including any intervening incremental storage operations, until another full storage operation is performed.) FIG. 13A illustrates an example data structure 1300 that the media file system agent 240 maintains. The data structure 1300 includes an archive file ID item 1310 that contains the identifier of archive files, a file or data object item 1320 that contains the identifier of the file or data object, and an offset 1330 containing the offset of the file or data object within the archive file or cloud container.”)
As per claim 23, the combination of Pahlad and O’Hare teach the method of claim 1, wherein the setting table includes encryption mode information specifying whether encryption operations are to be performed at the gateway or at the encryption chip (Prahlad, para. [0272] “users and applications can specify parameters (e.g., under a storage policy) that dictate to the cloud gateway 1540 the handling of their content--i.e., how long it is retained, should it be encrypted/compressed, should it be deduplicated, should it be indexed and searchable, should it to be replicated and if so, how many copies and to where, etc. The cloud gateway 1540 may facilitate the cloud storage system by allowing for metadata to be specified on a per file/object basis or on a data container or bucket basis. Further, the system permits data to be replicated on demand to selected geographies based on access usage patterns, etc.” and para. [0296] “The division component may perform different processes when determining how to divide a data object. For example, the division component may include indexing, header, and other identifying information or metadata in a first sub-object, and include the payload in other sub-objects. The division component may identify and/or retrieve file format or schema information from an index, FAT, NFS, or other allocation table in the file system to determine where certain sub-objects of a data object reside (such as the first or last sub-object of a large file). The division component may follow a rules-based process when dividing a data object, where the rules may define a minimum or maximum data size for a sub-object, a time of creation for data within a sub-object, a type of data within a sub-object, and so on.” And para. [0408] “cloud storage submodule 236 determines if the type of encryption method requested is supported by the API provided by the operator of the target cloud storage site 115A-N. If it is not, the process proceeds to block 2940. Otherwise, the process 2900 proceeds to block 2930, where cloud storage submodule utilizes the mapping described herein to generate vendor-specific API calls to encrypt the original file. The process then returns.”).
As per claim 24, the combination of Pahlad and O’Hare teach the method of claim 1, wherein generating the data slice comprises: generating compressed data by compressing the first ciphertext and the remaining portion of the data using a compression algorithm; and combining the compressed data with metadata (Prahlad - [0293] “prior to storing data from the blocks to a different data store, the cloud gateway 1540 may encrypt and/or compress data as described previously with respect to FIG. 3B. The cloud gateway may create, generate, update, and/or include an allocation table, (such as a table for the data store) that tracks the transferred data and the data that was not transferred. The table may include information identifying the original data blocks for the data, the name of the data object (e.g., file name), the location of any transferred data blocks (including, e.g., offset information), and so on. The location of the transferred data blocks may comprise a URL to a file located on cloud storage site 115A-N.” and para. [0295] “Sub-object-based file migration, or sub-object-based data migration, involves splitting a data object into two or more portions of the data object, creating an index that tracks the portions, and storing the data object to secondary storage via the two or more portions. The nature of sub-objects was described previously with respect to the description of deduplication module 299. As described above, in some examples the cloud gateway 1540 migrates sub-objects of data (sets of blocks) that comprise a data object from the cache 1644 to another storage location, such as to a cloud storage site. In some cases, the data migration component 1642 may include a division component that divides data objects into sub-objects. The division component may perform in a substantially similar fashion to the object division component described previously with respect to the deduplication module 299. The division component may receive files to be stored in the cache 1644, divide the files into two or more sub-objects, and store the files as two or more sub-objects in the cache. The division component may update more or more indexes that maintains information to associate particular files with their corresponding sub-objects for that file, the data blocks of the sub-objects, and soon.”).
As per claim 25, the combination of Pahlad and O’Hare teach the method of claim 24, wherein the metadata includes one or more of indication information indicating whether data is a complete data block, an intra-block address offset, a data length of data, indication information indicating whether the data is partially or completely encrypted, an internal offset of the first ciphertext, a data length of the first ciphertext, encryption mode indication information indicating whether encryption was performed by an encryption chip or a gateway, an identifier corresponding to the first key, indication information of an encryption algorithm, and indication information of the compression algorithm (Prahlad, para. [0142] “The identifier comparison component 425 performs comparisons of identifiers of various files, data objects, sub-objects, or blocks to determine if the files, data objects, sub-objects, or blocks contain similar data (for example, the identifier comparison component 425 can compare identifiers of two or more files, data objects, sub-objects, or blocks to determine if the files or data objects contain the same data, metadata such as access control lists (ACLs), descriptive metadata that describes the files, data objects, sub-objects, or blocks (e.g., file name, file size, file author, etc.) of the two or more files, data objects, sub-objects, or blocks). The criteria evaluation component 430 evaluates aspects of files, data objects, sub-objects, or blocks against a set of criteria.” And para. [0296] “The division component may perform different processes when determining how to divide a data object. For example, the division component may include indexing, header, and other identifying information or metadata in a first sub-object, and include the payload in other sub-objects. The division component may identify and/or retrieve file format or schema information from an index, FAT, NFS, or other allocation table in the file system to determine where certain sub-objects of a data object reside (such as the first or last sub-object of a large file). The division component may follow a rules-based process when dividing a data object, where the rules may define a minimum or maximum data size for a sub-object, a time of creation for data within a sub-object, a type of data within a sub-object, and so on.” And para. [0297] “For example, the division component may divide a user mailbox (such as a .pst file) into a number of sub-objects, based on various rules that assign emails within the mailbox to sub-objects based on the metadata associated with the emails. The division component may place an index of the mailbox in a first sub-object and the emails in other sub-objects. The division component may then divide the other sub-objects based on dates of creation, deletion or reception of the emails, size of the emails, sender of the emails, type of emails, and so on.”).
As per claim 26, the combination of Pahlad and O’Hare teach the method of claim 24, wherein the setting table further includes information indicating the compression algorithm, and wherein the compressed data is generated using the compression algorithm in accordance with the information indicating the compression algorithm (Prahlad, para. [0150] “The deduplication module 299 can also support compressed data objects. In general, the same compression algorithm may be used to compress data objects. Therefore, the deduplication module 299 can generate an identifier for a data object before or after it has been compressed.” And para. [0272] “sers and applications can specify parameters (e.g., under a storage policy) that dictate to the cloud gateway 1540 the handling of their content--i.e., how long it is retained, should it be encrypted/compressed, should it be deduplicated, should it be indexed and searchable, should it to be replicated and if so, how many copies and to where, etc. The cloud gateway 1540 may facilitate the cloud storage system by allowing for metadata to be specified on a per file/object basis or on a data container or bucket basis. Further, the system permits data to be replicated on demand to selected geographies based on access usage patterns, etc.” and para. [0293] “prior to storing data from the blocks to a different data store, the cloud gateway 1540 may encrypt and/or compress data as described previously with respect to FIG. 3B. The cloud gateway may create, generate, update, and/or include an allocation table, (such as a table for the data store) that tracks the transferred data and the data that was not transferred. The table may include information identifying the original data blocks for the data, the name of the data object (e.g., file name), the location of any transferred data blocks (including, e.g., offset information), and so on.”).
As per claim 27, the combination of Pahlad and O’Hare teach the method of claim 1, wherein the setting table further includes indication information of an encryption algorithm (Prahlad, para. [0150] “The deduplication module 299 can support encrypted data objects. For example, one client 130 could generate an identifier for a data object, and then encrypt it using one encryption algorithm. Another client 130 could generate an identifier for another data object, and then encrypt it using another encryption algorithm. If the two data objects are identical (meaning the two objects have the same data, while their metadata, such as ACLs or descriptors, could be different), they will both have the same identifier.” And para. [0333] “To provide verification to a user of the integrity of files stored in an object store 2250, an object store can optionally generate a unique identifier such as a hash (or probabilistically unique identifier) using a particular identifier-generation algorithm for each data object ingested and return that identifier to a calling application on a client 2202 at the time of ingestion. When an application on the client 2202 later retrieves the same data object, a client-side application can use the same identifier-generated algorithm to compute a hash for the retrieved object.”).
As per claim 28, the combination of Pahlad and O’Hare teach the method of claim 27, wherein: the setting table further includes key information including at least one of a key identifier, and a seed identifier; and the key information is editable by an administrator of the encryption chip (Prahlad, para. [0059] “FIG. 1 illustrates an example of one arrangement of resources in a computing network that may employ the processes and techniques described herein, although many others are of course possible. Clients 130, as part of their function, may utilize data, which includes files, directories, metadata (e.g., access control list (ACLS) creation/edit dates associated with the data, etc.), and other data objects. The data on the clients 130 is typically a primary copy (e.g., a production copy). During a copy, backup, archive or other storage operation, the clients 130 may send a copy of some data objects (or some components thereof) to a secondary storage computing device 165 by utilizing one or more data agents 195, described below.” And para. [0154] “The deduplication module 299 places data objects in the "S" file 508 that meet certain criteria for deduplication. These criteria may include the following: 1) that the data object has been determined to be data or of type data (as opposed to metadata or of type metadata); and 2) that the data object is larger than a pre-configured size, such as 64 Kb. Type data is generally the payload portion of a file or data object (e.g., a file's contents) and type metadata is generally the metadata portion of the file or data object (e.g., metadata such as file name, file author, etc.). This pre-configured size may be configurable by an administrator or other user with the appropriate permissions. For example, if the administrator wants all data objects of type data to be deduplicated, the administrator can set the pre-configured size to 0 Kb. As another example, if the administrator wants only data objects of type data greater than 128 Kb to be deduplicated, the administrator can set the pre-configured size to 128 Kb.” And para. [0220] “FIG. 9 is a flow diagram of another process 900 for pruning deduplicated data blocks that may be employed in some examples. The process 900 is described as being performed by the media file system agent 240, although those of skill in the art will understand that aspects of the process 900 may be performed by any of the entities described herein. The process 900 begins at step 905 when the media file system agent 240 receives instructions to prune data corresponding to a storage operation (job). Additionally or alternatively, one or more files can be selected to be pruned, and/or one or more data blocks can be selected to be pruned. This selection of a job or other data to be deleted can be made manually, such as by an administrator, or automatically, such as by the job, files, and/or data blocks aging out by a retention policy.”)
Conclusion
5.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20160219024 A1 – Secure dynamic communication network and protocol.
US 20160062918 A1 – Receipt and storage of encrypted data.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ZOHA PIYADEHGHIBI TAFAGHODI/               Examiner, Art Unit 2437