Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. CN202010119587.3, filed on 02/26/2020.

Title
Objection to the title is removed due to Applicant’s amendments. The new title is acceptable. 

Abstract
Objection to the abstract is removed due to Applicant’s amendments. The new abstract is acceptable.

Drawings
Objection to the drawings is removed due to Applicant’s amendments. The new drawings are acceptable.

Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 103 (or as subject to pre-AIA  35 U.S.C. 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bernat (US 10484174 B1), and in further view of Wilson (US 10255460 B2).
    PNG
    media_image1.png
    355
    107
    media_image1.png
    Greyscale

Claim 14: An electronic device, comprising:
at least one processing unit; and
at least one memory, the at least one memory being coupled to the at least one processing unit and storing instructions, which when executed by the at least one processing unit, cause the at least one processing unit to perform an action, the action comprising:
acquiring a lock attribute record in a lock attribute record chain from a data protection network for backing up data, a plurality of data protection servers of the data protection network reaching a consensus on the lock attribute record chain, the lock attribute record comprising a first attribute value of an attribute of a lock operation, the lock operation being used for preventing a backup of the data stored in a storage server from being tampered with;
acquiring, based on the lock attribute record, a second attribute value of the attribute of the lock operation from the storage server; and
generating, based on determining that the first attribute value does not match the second attribute value, an alarm indicating that the backup is tampered with.


Referring to claims 1, 6, 14, and 19 and taking claim 14 as exemplary, Bernat teaches an electronic device, comprising: 
at least one processing unit; and at least one memory, the at least one memory being coupled to the at least one processing unit and storing instructions, which when executed by the at least one processing unit, cause the at least one processing unit to perform an action, the action comprising ([Bernat Col. 47 lines 1-11] An apparatus for protecting an encryption key for data stored in a storage system that includes a plurality of storage devices, the apparatus comprising: a computer processor; and a computer memory operatively coupled to the computer processor; wherein the computer memory having disposed within it computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of):
acquiring a lock attribute record in a lock attribute record chain from a data protection network for backing up data, a plurality of data protection servers of the data protection network reaching a consensus on the lock attribute record chain, the lock attribute record comprising a first attribute value of an attribute of a lock operation, the lock operation being used for preventing a backup of the data stored in a storage server from being tampered with ([Bernat Col. 33 lines 31-45] the storage systems described above may be configured to support the storage of (among of types of data) blockchains. Such blockchains may be embodied as a continuously growing list of records, called blocks, which are linked and secured using cryptography. Each block in a blockchain may contain a hash pointer as a link to a previous block, a timestamp, transaction data, and so on. Blockchains may be designed to be resistant to modification of the data and can serve as an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way. This makes blockchains potentially suitable for the recording of events, medical records, and other records management activities, such as identity management, transaction processing, and others. [Bernat Col. 47 lines 12-22] reading, from a majority of each of the storage devices, a portion of an apartment key, wherein the portion of the apartment key is stored in an unlocked portion of the majority of each of the storage devices and wherein a main portion of the majority of each of the storage devices is locked; reconstructing the apartment key using portions of the apartment key read from the majority of each of the storage devices; unlocking the main portion of the majority of each of the storage devices by utilizing the apartment key);
acquiring, based on the lock attribute record, a second attribute value of the attribute of the lock operation from the storage server ([Bernat, Col. 47 lines 23-24] reading, from a main portion of a majority of one of the storage devices, a remote resource access key); 
Bernat teaches data security, but does not explicitly teach generating an alarm in response to data tampering. However, Wilson teaches generating, based on determining that the first attribute value does not match the second attribute value, an alarm indicating that the backup is tampered with ([Wilson, Col. 26 lines 39-51] In block 1011, the verification IVCs are generated, and are compared with the original IVCs in block 1013. It should be noted that the IVCs appearing on any page of a document would not include their own values in the calculation, unless a predictive-recursive hash algorithm could be found that produced a hash value of a document that already contained the calculated hash value within the document. In decision block 1015, if a match is detected and remaining sections require verification, method 1000 returns to block 1005 to increment N. Otherwise, a tamper report is generated in block 1017. In some embodiments, block 1017 comprises providing a warning to a user. In some embodiments, block 1017 comprises creating or annotating a log file.).
Bernat and Wilson are analogous art because they are from the same field of endeavor in accessing, addressing or allocating within memory systems or architectures. Before the effective date of invention, it would have been obvious to a person of ordinary skill in the art, having the teaching of Bernat and Wilson to combine the data protection scheme of Bernat with the alarm generation of Wilson. The reason for doing so would be to render files tamper evident and alert the system to ensure data integrity ([Wilson, Col. 2 lines 5-7] There has thus been a long-felt need for a system and method for rendering printed documents tamper evident, such that tampering and forgery may be easily detected.). It is also known to combine prior art elements according to known methods to yield predictable results. 
Claims 1 and 6 are method claims, and claim 19 is a device claim of the device of claim 14 and are rejected using the same rationale. 

Referring to claims 2, 7, 15, and 20 and taking claim 15 as exemplary, Bernat teaches the device according to claim 14, wherein the attribute comprises at least one of following items:
a data protection server identifier representing an identifier of a data protection server that initiates the backup among the plurality of data protection servers;
a lock role representing a role that executes the lock operation;
a backup identifier representing an identifier of the backup;
a backup hash value representing a value obtained by hashing the backup;
a storage identifier representing an identifier of the storage server;
a lock mode representing a mode used by the lock operation;
holding time representing a duration for which the lock operation is to last;
a last lock attribute record representing an address of a lock attribute record of a last lock operation for the backup;
a timestamp representing time at which the lock attribute record is created; and
an illegality tag indicating whether the lock operation is illegal, the illegality comprising the holding time being shortened relative to the last lock operation ([Bernat Col. 37 lines 41-56] An apartment key, as the term is used herein, may be embodied as some value that can be used to unlock storage devices (404, 416, 428) that are locked. In the example method depicted in FIG. 4, portions of an apartment key (408, 420, 432) are distributed across a plurality of storage devices (404, 416, 428) such that the apartment key cannot be obtained by accessing a single storage device (404, 416, 428). The portions of the apartment key (408, 420, 432) may be distributed across a plurality of storage devices (404, 416, 428), for example, through the use of a secret sharing algorithm through which a secret (in this case, the apartment key) is divided into parts, giving each participant (in this case, the storage devices) its own unique part of the secret, where some of the parts or all of them are needed in order to reconstruct the secret. [Bernat Col. 33 lines 36-38] Each block in a blockchain may contain a hash pointer as a link to a previous block, a timestamp, transaction data, and so on.).
Claims 2 and 7 are method claims, and claim 20 is a device claim of the device of claim 15 and are rejected using the same rationale. 

Referring to claims 3, 8, and 16 and taking claim 16 as exemplary, Bernat teaches the device according to claim 14, wherein acquiring the lock attribute record comprises:
acquiring a plurality of candidate lock attribute records for the backup in the lock attribute record chain from the data protection network [Bernat, Col. 47 lines 12-22] reading, from a majority of each of the storage devices, a portion of an apartment key, wherein the portion of the apartment key is stored in an unlocked portion of the majority of each of the storage devices and wherein a main portion of the majority of each of the storage devices is locked; reconstructing the apartment key using portions of the apartment key read from the majority of each of the storage devices; unlocking the main portion of the majority of each of the storage devices by utilizing the apartment key); and
determining a candidate lock attribute record with the time indicated by the timestamp exceeding a time threshold among the plurality of candidate lock attribute records as the lock attribute record ([Bernat, Col. 33 lines 36-38] Each block in a blockchain may contain a hash pointer as a link to a previous block, a timestamp, transaction data, and so on).
Claims 3 and 8 are method claims of the device of claim 16 and are rejected using the same rationale. 

Referring to claims 4, 9, and 17 and taking claim 17 as exemplary, Bernat teaches the device according to claim 16, wherein the action further comprises:
determining information associated with an attempted illegal lock operation from a candidate lock attribute record indicated by the illegality tag to be illegal among the plurality of candidate lock attribute records ([Bernat, Col. 41 lines 56-67] The example method depicted in FIG. 6 also includes detecting (602) that the third-party resource access key is invalid. In the example method depicted in FIG. 6, detecting (602) that the third-party resource access key is invalid may be carried out, for example, by determining that the third-party resource access key has expired, by receiving a message indicating that the third-party resource access key has changed, by receiving a message from the third-party resource (460) indicating that the third-party resource access key provided by the storage system is invalid during an attempt to connect to the third-party resource (460), or in other ways.).
Claims 4 and 9 are method claims of the device of claim 17 and are rejected using the same rationale.

Referring to claims 5 and 18 and taking claim 18 as exemplary, Bernat teaches the device according to claim 14, wherein acquiring the second attribute value comprises:
extracting the data protection server identifier and the backup identifier of the backup and the storage identifier of the storage server from the lock attribute record ([Bernat, Col. 38 lines 46-49] The example method depicted in FIG. 4 also includes reading (446), from the main portion (434) of one of the storage devices (428), a third-party resource access key (436).); and
acquiring the second attribute value of the attribute of the lock operation for the backup from the storage server based on the data protection server identifier, the backup identifier, and
the storage identifier ([Bernat, Col. 38 lines 49-69] The third-party resource access key (436) depicted in FIG. 4 can represent some form of credentials that are used to access a third-party resource (460) such as, for example, a remote server. A third-party resource access key may be embodied, for example, as a Key Management Interoperability Protocol (‘KMIP’) certificate that is used to access a KMIP server. In the example method depicted in FIG. 4, the third-party resource access key (436) may itself be encrypted. For example, the third-party resource access key (436) may be encrypted using the apartment key as an encryption key. In such an example, reading (446) the third-party resource access key (436) from the main portion (434) of one of the storage devices (428) may therefore require that the third-party resource access key (436) be decrypted prior to attempting to use the third-party resource access key (436) to access a third-party resource (460).).
Claim 5 is method claim of the device of claim 18 and is rejected using the same rationale.

Referring to claim 10, Bernat teaches the method according to claim 9, further comprising:
determining, based on determining that the last lock operation is non-illegal, whether retention time of the last lock attribute record is longer than the retention time included in the first lock request; and
creating, based on determining that the retention time of the last lock attribute record is shorter than the retention time included in the first lock request, the lock attribute record based on the first lock request and the last lock attribute record, so that the attribute related to the last lock attribute record of the lock attribute record indicates the address of the last lock attribute record ([Bernat, Col. 40 lines 32-35] The example method depicted in FIG. 5 also includes updating (500), upon the expiration of a predetermined period of time, each portion of the apartment key (408, 420, 432) stored on each of the storage devices (404, 416, 428).).

Referring to claim 11, Bernat teaches the method according to claim 10, further comprising:
creating, based on determining that the retention time of the last lock attribute record is longer than the retention time included in the first lock request, the lock attribute record based on the first lock request and the last lock attribute record, so that the attribute related to the last lock attribute record of the lock attribute record indicates the address of the last lock attribute record, and an attribute of the lock attribute record related to the illegality tag indicates illegality record ([Bernat, Col. 40 lines 36-51] Updating (500) each portion of the apartment key (408, 420, 432) stored on each of the storage devices (404, 416, 428) upon the expiration of a predetermined period of time may be carried out, for example, by creating a new apartment key and distributing the new apartment key across a plurality of storage devices via a secret sharing algorithm. In such an example, by constantly rotating the apartment key, a malicious user cannot accumulate all portions of the apartment key over an extended period of time, as a portion of a first apartment key will not be compatible with a portion of a second apartment key. As such, the predetermined period of time that defines the interval at which the apartment key is update may be defined in a way that a system administrator or other administrative entity believes is sufficient to keep a malicious actor from acquiring enough portions of the apartment key to reconstruct the apartment key.).

Referring to claim 12, Bernat teaches the method according to claim 6, further comprising:
sending a second lock request for a second backup of a second piece of data stored in the storage server to a third data protection server among the plurality of data protection servers;
determining, based on determining that a response for the second lock request is received from the third data protection server, whether the second lock request is successful and non-illegal; and
causing, based on determining that the second lock request is successful and non-illegal, the storage server to execute a second lock operation on the second backup ([Bernat Col. 40 lines 32-41] The example method depicted in FIG. 5 also includes updating (500), upon the expiration of a predetermined period of time, each portion of the apartment key (408, 420, 432) stored on each of the storage devices (404, 416, 428). Updating (500) each portion of the apartment key (408, 420, 432) stored on each of the storage devices (404, 416, 428) upon the expiration of a predetermined period of time may be carried out, for example, by creating a new apartment key and distributing the new apartment key across a plurality of storage devices via a secret sharing algorithm.).

Referring to claim 13, Bernat teaches the method according to claim 6, further comprising:
adding the lock attribute record into the lock attribute record chain ([Bernat, Col. 40 lines 32-41] The example method depicted in FIG. 5 also includes updating (500), upon the expiration of a predetermined period of time, each portion of the apartment key (408, 420, 432) stored on each of the storage devices (404, 416, 428). Updating (500) each portion of the apartment key (408, 420, 432) stored on each of the storage devices (404, 416, 428) upon the expiration of a predetermined period of time may be carried out, for example, by creating a new apartment key and distributing the new apartment key across a plurality of storage devices via a secret sharing algorithm.).

Response to Amendment
Applicant's arguments filed 05/19/2022 have been fully considered but they are not persuasive. 
The Applicant argues:
“There is simply no disclosure in Bernat that the Bernat method uses blockchain to protect the encryption key. More specifically, nowhere in above-quoted portion of Bernat discloses "acquiring a lock attribute record in a lock attribute record chain from a data protection network for backing up data, a plurality of data protection servers of the data protection network reaching a consensus on the lock attribute record chain, the lock attribute record comprising a first attribute value of an attribute of a lock operation, the lock operation being used for preventing a backup of the data stored in a storage server from being tampered with" let alone "acquiring, based on the lock attribute record, a second attribute value of the attribute of the lock operation from the storage server" as specified by claim 1.”
However, [Bernat Abstract, FIGs. 4-7] discloses “Protecting an encryption key for data stored in a storage system that includes a plurality of storage devices”, although within the body of the disclosure Bernat calls the parts from which the encryption key is constructed an apartment key. 
Thus, [Bernat Col. 33 lines 31-45, Col. 47 lines 12-22] acquires lock attribute record comprising a first attribute value (“a portion of an apartment key (440)”) and [Bernat, Col. 47 lines 23-24] acquires, based on the lock attribute record, a second attribute value (“a remote resource access key”). 
As the Applicant’s specification does not define what the second attribute value is, the [Bernat FIG. 4] reference can refer to another portion of the apartment key (442), a third-party resource access key (436), the third-party access key (456), or even the encryption key (458), as [Bernat, Col. 39 lines 26-28] “the encryption key (458) for data stored on the storage devices (404, 416, 428) may itself be encrypted (with a different encryption key)”.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEXANDER VINNITSKY whose telephone number is (571)272-3280. The examiner can normally be reached 9:00-15:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Charles Rones can be reached on (571) 272-4085. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ALEXANDER VINNITSKY/               Examiner, Art Unit 2136                                                                                                                                                                                         
/CHARLES RONES/               Supervisory Patent Examiner, Art Unit 2136