DETAILED ACTION

Response to Arguments
Applicant’s arguments, see pp. 10-11, filed April 27, 2022, with respect to the rejections of claims 1-20 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground of rejection is made.
Claims 1-20 are currently pending. Claims 1, 4, 8, 11, 15-20 were amended.

The rejection of claims 1-20 under 35 U.S.C. 112(b) as being indefinite has been withdrawn in view of the amendments removing the additional limitation of “an application executing thereon corresponding to the first logical storage unit”.

The rejection of claims 15-20 under 35 U.S.C. 101 for being directed to non-statutory subject matter has been withdrawn in view of the amendments adding “non-transitory”.

Applicant argues on pp. 10-11 of the REMARKS that “Vaknin discloses assigning base keys to logical volumes” and “Vaknin does not disclose or suggest that each logical volume is assigned a unique key”. The amended features of the independent claims require unique keys assigned to each logical storage unit. After further consideration of the arguments in view of the amended claims, the rejection of Vaknin in view of George has been withdrawn. However, a new ground of rejection of Vaknin in view of George and Shimmitsu has been asserted. See Claim Rejections - 35 USC § 103 below for details.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 2019/0073318 to Vaknin et al. (hereinafter, “Vaknin”) in view of US 2003/0182501 to George et al. (hereinafter, “George”) and in further view of US 2013/0086394 to Shimmitsu (hereinafter, “Shimmitsu”).
As per claim 1: Vaknin discloses: For a data storage network including a data storage system and a plurality of host systems having applications executing thereon (a storage system 100 in communication with a plurality of hosts 1011-n [Vaknin, ¶0110-0112; Fig. 1]), the execution of which results in data being stored on a plurality of physical storage devices of the data storage system (“Storage system 100 can further comprise an interface layer 110 comprising one or more control units (also referred to herein as control computer devices) 1051-n operatively connected to the shared physical storage space and to one or more hosts (also referred to herein as host computer devices) 1011-n…” [Vaknin, ¶0111; Fig. 1]), and wherein the data storage system includes a plurality of logical storage units to having storage provisioned from the plurality of physical storage devices (“Interface layer 110 can be further configured to provide a virtual storage layer logically representing the physical storage space as well as the required mapping between the physical storage space and its respective logical representation” [Vaknin, ¶0112; Fig. 1]), a method comprising: assigning a first (“…target data corresponds to one or more logical data blocks of at least one logical volume accessible to the host and are encrypted with respective encryption keys assigned to the one or more logical data blocks…” [Vaknin, ¶0126]), wherein each of the plurality of logical storage units is assigned a encryption keys used to encrypt all data portions stored on said each logical storage unit in an encrypted form (a random base key is assigned to each logical volume in the storage system, wherein the base key is used in part of a key derivation scheme to encrypt each logical block of the logical volume [Vaknin, ¶0143]); providing the first unique encryption key to one or more of the plurality of host systems, (a direct write metadata request is sent by the host computer device to the interface layer 110, wherein metadata is transmitted back to the host computer device; “the metadata includes a base key assigned to the at least one logical volume” [Vaknin, ¶0171; Fig. 6]); (“The target data corresponding to the one or more logical data blocks can be encrypted (608) using the respective encryption keys.” [Vaknin, ¶0172]).
Vaknin does not disclose assigning a “unique encryption key” to each of the logical volumes. At best, Vaknin discloses assigning random base keys to each logical volume [Vaknin, ¶0143]. However, Shimmitsu is directed to analogous art of dividing physical storage into one or more virtual storage areas and assigning a unique encryption key to each divided area [Shimmitsu, ¶0033]. Therefore, [Shimmitsu, ¶0033] discloses assigning “unique encryption key”, which were uniquely prepared, to virtual (“logical”) storage units/volumes.
Thus, it would have been obvious to a person having ordinary skill in the art before the claimed invention was effectively filed to modify the random base keys in Vaknin to be unique amongst each other. Unique keys would have improved the security of logical volumes as a leakage of one key would have not compromised the keys of other logical volumes.
Vaknin does not disclose the host systems having “an application executing thereon and is authorized to access the first logical storage unit” and that the first unique encryption key is refrained from being provided (“refraining from providing…”) to any host system “that are not authorized”. However, George is directed to analogous art of creating a plurality of virtual logical units (LUN) of storage that are secured through an access control method. A masking table 220 provides a list of access permissions that define access states (“refraining from providing”) for each of the plurality of host applications (“application executing” in the “host systems”) and the plurality of virtual LUNs [George, ¶0069-0072; Fig. 5].
Thus, it would have been obvious to a person having ordinary skill in the art before the claimed invention was effectively filed to implement an application-level access control to the logical data blocks in Vaknin, such as through the masking table disclosed in George. The granularity of access of the host systems to the storage system would have been a design choice by the developers. Any level of access, such as controlling access at the device level or by applications executing within a device, would have been implemented based on the design requirements of the storage system.

As per claim 2: Vaknin in view of George and Shimmitsu disclose all limitations of claim 1 and is also incorporated with claim 2. Furthermore, Vaknin in view of George and Shimmitsu disclose: further comprising the storage system: receiving a request from a first of the plurality of host systems for the first unique encryption key (receiving a direct read/write metadata requests [Vaknin, ¶0153, 0170]); accessing a data structure that associates logical storage units with host systems to determine whether the first host system corresponds to the first logical storage unit (in view of George: the masking table provides a list of hosts and accessible virtual LUNs with permissions [George, ¶0070; Fig. 5]); and if the first host system corresponds to the first logical storage unit, providing the first encryption key to the first host system (providing the metadata that includes a base key to the host computer device in response to the read/write requests [Vaknin, ¶0153, 0171]; as discussed above in claim 1, the access (e.g. the metadata, key, etc.) to the logical storage/volume in Vaknin is only provided if permitted accordingly in George).

As per claim 3: Vaknin in view of George and Shimmitsu all limitations of claim 1 and is further incorporated with claim 3. Furthermore, Vaknin in view of George and Shimmitsu disclose: further comprising: a first of the one or more host systems accessing encryption metadata corresponding to the data portion; the first host system reading an encrypted version of the data portion from the storage system; and the host system decrypting the encrypted version to produce an unencrypted version of the data portion (“Turning now to FIG. 4, there is illustrated a generalized flowchart showing a sequence of operations performed in a direct read access of a host computer device to the shared physical storage space in a distributed storage system…” [Vaknin, ¶0149]; steps for reading and decrypting are disclosed in [Vaknin, ¶0150-0154]).

As per claim 4: Vaknin in view of George and Shimmitsu disclose all limitations of claim 3 and is further incorporated with claim 4. Furthermore, Vaknin in view of George and Shimmitsu disclose: wherein the first host system accessing the encryption metadata includes the host system sending a metadata read instruction to the storage system (“In response to receiving the direct read request, metadata pertaining to the one or more logical data blocks can be transmitted (304) by the control computer device (e.g., by the Direct Access Control module 220) to the host computer device.” [Vaknin, ¶0141; Fig. 3]).

As per claim 5: Vaknin in view of George and Shimmitsu disclose all limitations of claim 3 and is further incorporated with claim 5. Furthermore, Vaknin in view of George and Shimmitsu disclose: wherein the host system is directly connected to an internal fabric of the storage system (“…it is desired to enable direct access of hosts to the shared physical storage space, e.g., to enable them to read data directly from the shared storage space, and/or write data directly to the shared storage space, after initially consulting the control units for metadata pertaining to a certain logical address.” [Vaknin, ¶0123]), and wherein the first host system reading the encrypted version of the data portion includes the first host system sending a data read instruction to a global memory or the one or more physical storage devices on the internal fabric independent of any director of the storage system (“By way of example, direct access of the hosts can include direct read and/or direct write access to the shared storage space. In the case of direct read access control of a host to directly read target data from the shared storage space where the target data corresponds to one or more logical data blocks of at least one logical volume accessible to the host and are encrypted with respective encryption keys assigned to the one or more logical data blocks…” [Vaknin, ¶0126).

As per claim 6: Vaknin in view of George and Shimmitsu disclose all limitations of claim 3 and is further incorporated with claim 6. Furthermore, Vaknin in view of George and Shimmitsu disclose: further comprising: the host system determining whether the data portion is encrypted from the encryption metadata (“The metadata includes at least physical location of the target data on the shared physical storage space and key metadata to be used for decryption of the target data.” [Vaknin, ¶0126]; i.e. the key signifies that the data is encrypted and used to decrypt the data).

As per claim 7: Vaknin in view of George and Shimmitsu disclose all limitations of claim 3 and is further incorporated with claim 7. Furthermore, Vaknin in view of George and Shimmitsu disclose: wherein the data storage system sets a flag within the encryption metadata for the data portion indicating that the data portion is stored on the data storage system in encrypted form (“Information or metadata related to the keys are controlled by the control units and can be transmitted to the hosts upon receiving requests therefrom, thereby enabling secured and granular access control of the hosts, e.g., the hosts can only access what they are allowed to access.” [Vaknin, ¶0125]; each logical block can be assigned with a respective encryption key [Vaknin, ¶0140]; thus, the inclusion of keys (i.e. a flag) in the metadata would indicate that the stored data is encrypted and the key is used for decrypting).

As per claims 8-14: Claims 8-14 are different in overall scope from claims 1-7 but recite substantially similar subject matter as claims 1-7, respectively. Claims 8-14 are directed to a system performing the method corresponding to claims 1-7, respectively. Thus, the responses provided above for claims 1-7 are equally applicable to claims 8-14, respectively.

As per claims 15-20: Claims 15-20 are different in overall scope from claims 1-7 but recite substantially similar subject matter as claims 1-7. Claims 15-20 are directed to a non-transitory computer-readable media having software that performs the method corresponding to claims 1-7. Thus, the responses provided above for claims 1-7 are equally applicable to claims 15-20.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT B LEUNG whose telephone number is (571)270-1453. The examiner can normally be reached Mon - Thurs: 10am-7pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        7-05-2022