DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1, 3, 5-6, 12-13, 15-17 and 19 have been amended. 
Claim 20 have been canceled.
Claim 21 have been added.
Claims 1-19 and 21 are submitted for examination.
Claims 1-19 and 21 currently pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Information Disclosure Statement
The submission information disclosure statement (IDS) is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments
Applicant’s amendment, filed on April 14, 2022, has claims 1, 3, 5-6, 12-13, 15-17 and 19 amended, claim 20 canceled, claim 21 newly added and all other claims previously presented. Among the amended claims, claims 1, 12 and 16 are independent ones.
Applicant’s remark, filed on April 14, 2022, at page 9, asserts, “For instance, applicant respectfully submits that it appears that the combination of references fails to describe, teach or suggest, at the very least, one or more of applicant's claimed aspects of "obtaining, by the node, an authentication message from another node of the computing environment, the authentication message used to authenticate a link between the one node and the other node and including a unique identifier of a shared key to be used in cryptographic operations, the shared key generated for a selected node pair, the selected node pair including the one node and the other node," as claimed in one or more aspects in independent claim 1. While Tolfmans mentions a security appliance and storing cryptographic keys and cryptographic key identifiers in a cache (paragraph 32), Lionetti mentions obtaining an encryption key unique to a host (Abstract), and Fernando mentions a secret session key and authenticating a peer connection (e.g., paragraph 23), and Dover mentions "the shared key" (paragraph 65), applicant respectfully submits that it appears that the combination of references fails to describe, teach or suggest, at the very least, "the authentication message used to authenticate a link between the one node and the other node and including a unique identifier of a shared key to be used in cryptographic operations, the shared key generated for a selected node pair, the selected node pair including the one node and the other node," as claimed in one or more aspects in independent claim 1.
Applicant respectfully submits that it appears that Dover, as well as the other cited references, fails to describe, teach or suggest, for instance, "the shared key generated for a selected node pair, the selected node pair including the one node and the other node," as claimed in one aspect in independent claim 1. For at least these reasons, applicant respectfully requests an indication of allowance for independent claim 1.”
Applicant’s argument has been considered and is found not persuasive. First of all, the examiner submits that the interview with the Applicant’s Representative, Blanche Schiller, on April 12, 2022, did not result an agreement. Rather, it was indicated that the proposed amendment appeared to overcome the rejection applied and that the Examiner would re-evaluate the applied prior art and conduct additional prior-art search.  After further evaluation of the previously applied prior-art references, new sections of the prior-art references reveal that Dover would still render the amended limitation obvious. Please refer to the detailed rejection below.
Examiner respectfully submits that the previously applied prior-art reference by Dover (US 2016/0099922) discloses a system and method for securely communicating a shared key to devices (i.e. nodes).  Specifically, one of the embodiments of Dover describes a method to securely communicate a shared key to a first device and a second device that includes receiving, using the first device, a shared key and unique identifier pairing associated with the first device from a key generator.  Additionally, other embodiments of Dover describe securely communicating the shared key through the use of a trusted third party, such as a server. Therefore, the examiner submits that Dover teaches the amended feature limitation of the pending claim 1, which recites “the shared key generated for a selected node pair, the selected node pair including the one node and the other node.” See teaching described in parag. [0005] of Dover.
Thus, Examiner respectfully submits that the combination of Tolfmans, Lionetti, Fernando and Dover teaches the limitations and features of claim 1, and would render the claimed limitations obvious.
Applicant further recites similar remarks as listed above for independent claims, 12 and 16. Please see response for remarks above in item 9, which address how the new combination of prior-art references by Tolfmans, Lionetti, Fernando and Dover would render the claimed limitations obvious.
Applicant further recites similar remarks as listed above for dependent claims, 2-11, 13-15, 17-19 and 21. Please see response for remarks above in item 9 and rejection below, which address how the combination of prior-art references by Tolfmans, Lionetti, Fernando and Dover would render the claimed limitations obvious.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Tolfmans (US 2013/0326233 A1) in view of Lionetti (US 2017/0317991 A1), and further in view of Fernando et al. (US 2004/0034776 A1) hereinafter Fernando and Dover (US 2016/0099922).
As per claim 1, Tolfmans teaches a system for facilitating processing within a computing environment, said system comprising: a memory (Tolfmans Parag. [0021], FIG. 1; “depicts an example system 100 that includes storage system 106”); and
a node coupled to the memory, wherein the system is configured to perform a method (Tolfmans Parag. [0024], FIG. 1; “security appliance 104 is coupled between client 102 and storage system 106”);
said method comprising:
[obtaining by the node, an authentication message from another node of the computing environment, the authentication message used to authenticate a link between the node and the other node] and including a unique identifier of a shared key to be used in cryptographic operations (Tolfmans Parag. [0035]; “The cryptographic key identifiers therefore may be used to locate cryptographic keys stored in the cache {part of security appliance 104}. A search of one or more cryptographic keys stored in the cache may be made by referencing their associated cryptographic key identifiers.”), [the shared key generated for a selected node pair, the selected node pair including the one node and the other node];
 [obtaining, by the node, the obtaining comprising using an identifier of the other node of the computing environment] and the unique identifier of the shared key to obtain the shared key (Tolfmans Parag. [0035]; “The cryptographic key identifiers therefore may be used to locate cryptographic keys stored in the cache {part of security appliance 104}. A search of one or more cryptographic keys stored in the cache may be made by referencing their associated cryptographic key identifiers.”); and
[using the shared key in one or more cryptographic operations to, at least, authenticate the link between the one node and the other node].
Tolfmans does not expressly teach:
obtaining by the node, an authentication message from another node of the computing environment, the authentication message used to authenticate a link between the node and the other node…;
the shared key generated for a selected node pair, the selected node pair including the one node and the other node;
obtaining, by the node, the obtaining comprising using an identifier of the other node of the computing environment…;
using the shared key in one or more cryptographic operations to, at least, authenticate the link between the one node and other node.
However, Lionetti teaches:
the obtaining comprising using an identifier of another node of the computing environment (Lionetti Parag. [0021]; “the domain controller 120 stores the encryption key 103 in key escrow 121 along with an identifier for the host 101… the domain controller 120 may first search the key escrow 121 with the identifier for the host 101 to determine if an encryption key is present before again requesting an encryption key.”).
Tolfmans and Lionetti are form a similar field of technology. Prior to the instant application’s effective filling date, there was a need for protecting data in a host.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lionetti system into Tolfmans system, with a motivation to increase security and protect data (Lionetti, Parag. [0002]).
The combination of Tolfmans and Lionetti does not expressly teach: 
obtaining by the node, an authentication message from another node of the computing environment, the authentication message used to authenticate a link between the node and the other node…;
the shared key generated for a selected node pair, the selected node pair including the one node and the other node;
obtaining, by the node, the obtaining comprising using an identifier of the other node of the computing environment…; 
using the shared key in one or more cryptographic operations to, at least, authenticate the link between the one node and other node.
However, Fernando teaches:
obtaining by the node, an authentication message from another node of the computing environment, the authentication message used to authenticate a link between the node and the other node (Fernando, Parag. [0029]; “peer device A102 encrypts the session key using peer device B’s public key, and encrypts a unique message using the session key. The unique message can be any cryptographic data, such as 512 bits of randomly generated data. Peer device A102 then transmits the encrypted session key and message to peer device B 104 via the peer connection 116, as indicated by arrow 210 in FIG.2. Peer device B104 uses its private key to decrypt the session key received from peer device A102 via the peer connection 116. Peer device B104 compares the session key received from peer device A102 via the peer connection 116 with the session key initially transmitted to peer device A 102 via the authenticated connections 112, 114 in response to the request from peer device A102 to establish a direct peer-to-peer connection.”);
obtaining, by the node, the obtaining comprising using an identifier of the other node of the computing environment… (Fernando, Parag. [0027]; “In particular, server 106 receives a request from client A component 120 for an identifier associated with client B component 124. The server 106 transmits the requested identifier to client A component 120. The client A component 120 of peer device A102 and the client B component 124 of peer device B 104 establish the peer connection based on the identifier.”);
using the shared key in one or more cryptographic operations to, at least, authenticate the link between the one node and other node (Fernando, Parag. [0023]; “To facilitate authenticating a peer connection 116 between the peer devices 102, 104, one of the peer devices is configured to transmit a shared key (e.g., a Secret Session key or other key randomly generated in a cryptographic manner) to the other peer device via the authenticated connections 112, 114 to the server 106”.  Parag. [0024]; “… Therefore, the secret session is encrypted prior to its transmission, for security reasons. … Additionally, the peer devices 102, 104 are configured for establishing the peer connection 1 16 therebetween, and for authenticating the peer connection 116 using the secret session key transmitted from one peer device to the other via the authenticated connections 112, 114 to the server 106. The session key is, for example, a variable key-size stream cipher such as a 40-bit stream cipher and can be used to encrypt and transmit files or other data.”).
Tolfmans, Lionetti and Fernando are form a similar field of technology. Prior to the instant application’s effective filling date, there was a need for protecting data in a host.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Fernando system into Tolfmans-Lionetti system, with a motivation to provide authenticated connections between each of multiple peer devices and a common server for establishing and authenticating a peer connection between the peer devices (Fernando, Parag. [0005]).
The combination of Tolfmans, Lionetti and Fernando does not expressly teach:
the shared key generated for a selected node pair, the selected node pair including the one node and the other node.
However, Dover teaches:
the shared key generated for a selected node pair, the selected node pair including the one node and the other node (Dover, Parag. [0005]; “the shared key may be securely communicated to each of the devices (i.e. pair of nodes) before using the shared key to encode and decode data.” … Fig. 2 and Parag. [0032]; “In addition to generating a pairing for device A 32, the key generator 36 may generate unique identifier and shared key pairings for each of a plurality of devices, for example, for each device manufactured.”).
Tolfmans, Lionetti, Fernando and Dover are form a similar field of technology. Prior to the instant application’s effective filling date, there was a need for protecting data in a host.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dover system into Tolfmans-Lionetti-Fernando system, with a motivation to provide improve secure communication of a shared key, for example, by enabling communication of the shared key even with devices having limited processing power (Dover, Parag. [0006]).

As per claim 2, the combination of Tolfmans, Lionetti, Fernando and Dover teaches the system of claim 1. Tolfmans further teaches: wherein the node is a storage device (Tolfmans Parag. [0024], FIG. 1; “security appliance 104”).
In addition, Lionetti teaches:
and the other node is a host (Lionetti Parag. [0018], Fig. 1; FIG. 1 “depicts a host 101.”).

As per claim 3, the combination of Tolfmans, Lionetti, Fernando and Dover teaches the system of claim 1. Tolfmans further teaches wherein the obtaining the shared key comprises: determining whether the shared key is in the local store of the node (Tolfmans, Fig. 2 and Parag. [0008]; “The cache {part of security appliance 104} is first searched to locate this cryptographic key.”); and
retrieving the shared key from the local store, based on determining the shared key is in the local store (Tolfmans Parag. [0008]; “The cryptographic key may then be retrieved from the cache {part of security appliance 104} at the identified address and then used in the cryptographic operation”).

As per claim 4, the combination of Tolfmans, Lionetti, Fernando and Dover teaches the system of claim 3. Tolfmans further teaches: wherein the determining whether the shared key is in the local store comprises (Tolfmans Parag. [008]; “The cache {part of security appliance 104} is first searched to locate this cryptographic key… The address identifies a location of the cryptographic key within the cache {part of security appliance 104}. The cryptographic key may then be retrieved from the cache {part of security appliance 104} at the identified address and then used in the cryptographic operation.”): [determining whether the identifier of the other node is in an entry in a key structure within the local store];
[and checking, based on determining the identifier of the other node is in the key structure], whether the unique identifier is in the entry, wherein the shared key is in the local store based on [the identifier of the other node] and the unique identifier being in the entry (Tolfmans Parag. [0034], Fig.3; “a cryptographic key is then located in the cache {part of security appliance 104} through reference to a cryptographic key identifier at 304. Here, each cryptographic key identifier stored in the cache is associated with a respective cryptographic key that is also stored in the cache. The association of each cryptographic key identifier with its cryptographic key is maintained within the cache. With the association, a cryptographic key can be located in the cache by referencing its cryptographic key identifier.”).
Tolfmans does not expressly teach:
determining whether the identifier of the other node is in an entry in a key structure within the local store; and
checking, based on determining the identifier of the other node is in the key structure;
the identifier of the other node.
But, Lionetti teaches:
determining whether the identifier of the other node is in an entry in a key structure within the local store (Lionetti Parag. [0021]; “the domain controller 120 may first search the key escrow 121 with the identifier for the host 101 to determine if an encryption key is present before again requesting an encryption key”); and
checking, based on determining the identifier of the other node (Lionetti Parag. [0026], Fig. 1; FIG. 1 “depicts the host ID”) is in the key structure (Lionetti Parag. [0021]; “For subsequent domain logins of the host 101, the domain controller 120 may first search the key escrow 121 with the identifier for the host 101 to determine if an encryption key is present”);
the identifier of the other node (Lionetti Parag. [0026], Fig. 1; FIG. 1 “depicts the host ID”).

As per claim 5, the combination of Tolfmans, Lionetti, Fernando and Dover teaches the system of claim 4. Lionetti further teaches: wherein based on the identifier of the other node (Lionetti Parag. [0026], Fig. 1; FIG. 1 “depicts the host ID”) 
In addition, Tolfmans teaches: 
based on the identifier … not being in the entry (Tolfmans Parag. [0046]; “If a cryptographic key identifier from a received key packet points to address G, then cryptographic key identifier G located at address G is retrieved from cache 206 and compared with the cryptographic key identifier from the key packet.” Parag. [0047]; “If a match exists, then the cryptographic key located at the address is retrieved from the cache.” Parag. [0048]; “On the other hand, if the match does not exist (first key packet is distinct from second key packet), the cache is updated to store a new cryptographic key).” The examiner notes the following: Tolfmans describes a process where comparison of the key identifier of a particular entry (address) to the ones stored in the cache. If there’s no matching entry in the cache, this indicates that the key identifier of the cryptographic key is not present in the cache. The cache then will be updated by creating a new entry (address) to store the new cryptographic key so that the new cryptographic key can be retrieved to perform cryptographic operations). retrieving the shared key from the key server, the key server being coupled to the node (Tolfmans Parag. [0033]; “The key management module retrieves the cryptographic key stored in the key management module 108”).

As per claim 6, the combination of Tolfmans, Lionetti, Fernando and Dover teaches the system of claim 3. Dover further teaches: wherein the obtaining the shared key further comprises retrieving the shared key from a key server (Dover, Abstract; “One embodiment describes a method to securely communicate a shared key to a first device and a second device that includes receiving, using the first device, a shared key and unique identifier pairing associated with the first device from a key generator (i.e. key server).”), based on determining the shared key is not in the local store (Tolfmans Parag. [0025]; “when a particular security appliance 104 encounters a data access request for which the security appliance does not have the appropriate cryptographic key (i.e., key not stored in the cache of the security appliance), that security appliance accesses the key management module to retrieve the appropriate cryptographic key”).

As per claim 7, the combination of Tolfmans, Lionetti, Fernando and Dover teaches the system of claim 6. Tolfmans further teaches: wherein the method further comprises storing the shared key in a key structure within the local store (Tolfmans Parag. [0026]; “the security appliance temporarily stores the cryptographic keys in a cache.” … Parag. [0033]; “The key management module retrieves the cryptographic key stored in the key management using the cryptographic key identifier based on the stored associations”), based on obtaining the shared key from the key server (Dover, Abstract; “One embodiment describes a method to securely communicate a shared key to a first device and a second device that includes receiving, using the first device, a shared key and unique identifier pairing associated with the first device from a key generator (i.e. key server).”).

As per claim 8, the combination of Tolfmans, Lionetti, Fernando and Dover teaches the system of claim 7. Tolfmans further teaches: wherein the storing comprises: determining whether an entry exists in the key structure (Tolfmans Parag. [0043]; “Fig. 7 depicts a flow diagram of detail methods, for locating a cryptographic key from a cache.” … Parag. [0044]; “the addresses stored in the cache may be defined by cryptographic key identifiers and the second key packet may be located by comparing the cryptographic key identifier from the first key packet with each address. If an address that matches the cryptographic key identifier is found, then the second key packet is retrieved from the cache”) [having the identifier of the other node]; creating a new entry in the key structure, based on there being no entry in the key structure (Tolfmans, Parag. [0045]; “the first key packet is compared with the second key packet at 708 to determine if a match exists between the first and second key packets.” … Parag. [0046]; “If a cryptographic key identifier from a received key packet points to address G, then cryptographic key identifier G located at address G is retrieved from cache 206 and compared with the cryptographic key identifier from the key packet.” … Parag. [0047]; “If a match exists, then the cryptographic key located at the address is retrieved from the cache.” … Parag. [0048]; “On the other hand, if the match does not exist (first key packet is distinct from second key packet), the cache is updated to store a new cryptographic key.” The examiner notes the following: Tolfmans describes a process where it is compared the key identifiers with a particular entry (address) to a store cryptographic key; if there’s no entry the cache, the cache will be updated creating a new entry (address) to store the new cryptographic key), [having the identifier of the other node; and storing information in the new entry, the information including the shared key].
However, Tolfmans does not expressly teach:
having the identifier of the other node; and
storing information in the new entry, the information including the shared key.
But, Lionetti teaches:
having the identifier of the other node (Lionetti Parag. [0021]; “the domain controller 120 may first search the key escrow 121 with the identifier for the host 101 to determine if an encryption key is present before again requesting an encryption key”); and
storing information in the new entry, the information including the shared key (Lionetti Parag. [0021] “After receiving the encryption key 103, the domain controller 120 stores the encryption key 103 in key escrow 121”).
Tolfmans and Lionetti are form a similar field of technology. Prior to the instant application’s effective filling date, there was a need for protecting data in a host.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lionetti system into Tolfmans system, with a motivation to use an encryption key that is unique to the device (Lionetti, Parag. [0002]).

As per claim 9, the combination of Tolfmans, Lionetti, Fernando and Dover teaches the system of claim 8. Lionetti further teaches: wherein the information further includes the identifier of the other node (Lionetti Parag. [0021]; “the domain controller 120 stores the encryption key 103 in key escrow 121 along with an identifier for the host 101”) and In addition, Tolfmans teaches the unique identifier of the shared key (Tolfmans Parag. [0030]; “For example, cache 206 may store up to 16 cryptographic keys and other information associated with the cryptographic keys (e.g., cryptographic key identifiers, key signatures, and other information)”).

As per claim 10, the combination of Tolfmans, Lionetti, Fernando and Dover teaches the system of claim 9. Tolfmans further teaches: wherein the information further includes a sequence number and an index, the sequence number and the index used to create a handle representing the shared key (Tolfmans Parag. [0041]; “the addresses A-P may be the actual memory locations within cache 206. Such addresses may be stored in an allocation table. The addresses A-P may serve as an index assigned to a group of associated information (e.g., key packet A, cryptographic key A, and key signature A). Accordingly, such index may be stored in cache 206 and referenced when locating a particular cryptographic key.”).

 As per claim 11, the combination of Tolfmans, Lionetti, Fernando and Dover teaches the system of claim 8. Tolfmans further teaches: wherein the storing further comprises updating the entry with the shared key, based on determining the entry exists in the key structure (Tolfmans Parag. [0048]; “As a result, the cache is updated with a new cryptographic key retrieved from the first key packet, which may be referenced again in future cryptographic operations.”).

As per Claim 12, it is a computer program product claim of above system in Claim 1, therefore is rejected with the same rationale as applied against Claim 1 above. In addition, Tolfmans teaches a computer program product for facilitating processing within a computing environment, said computer program product comprising: a computer readable storage medium readable (Tolfmans Parag. [0051]; “machine-readable medium 822”) by a processing circuit (Tolfmans Parag. [0051]; “within processor 802”) and storing instructions for performing a method (Tolfmans Parag. [0051]; “which is stored one or more sets of instructions and data structures (e.g., Software 824) embodying or utilized by any one or more of the methodologies or functions described herein”).

As per Claim 13, the rejection of claim 12 is incorporated. In addition, claim 13 is a computer program product claim that recites limitations corresponding to those of claim 3, and it is therefore rejected based on the same rationale and motivation as of claim 3.

As per Claim 14, the rejection of claim 13 is incorporated. In addition, claim 14 is a computer program product claim that recites limitations corresponding to those of claim 4, and is rejected based on the same rationale and motivation as of claim 4.

As per Claim 15, the rejection of Claim 14 is incorporated. Claim 15 is a computer program product claim that recites limitations corresponding to those of claim 5, and is rejected based on the same rationale and motivation as of claim 5.

As per Claim 16, it is a computer-implemented method claim of above system in Claim 1, therefore is rejected with the same rationale as applied against Claim 1 above.

As per Claim 17, the rejection of claim 16 is incorporated. In addition, claim 17 is a computer-implemented method claim that recites limitations corresponding to those of claim 3, and it is therefore rejected based on the same rationale and motivation as of claim 3.

As per Claim 18, the rejection of claim 17 is incorporated. In addition, claim 18 is a computer-implemented method claim that recites limitations corresponding to those of claim 4, and it is therefore rejected based on the same rationale and motivation as of claim 4.

As per Claim 19, the rejection of Claim 18 is incorporated. In addition, Claim 19 is a computer-implemented method claim that recites limitations corresponding to those of claim 5, and it is therefore rejected based on the same rationale and motivation as of claim 5.

As per Claim 21, the combination of Tolfmans, Lionetti, Fernando and Dover teach the system of claim 1. Fernando further teaches wherein the shared key is for use by the selected node pair in link authentication of a plurality of links between the one node and the other node (Fernando, Parag. [0023]; “To facilitate authenticating a peer connection 116 between the peer devices 102, 104, one of the peer devices is configured to transmit a shared key (e.g., a Secret Session key or other key randomly generated in a cryptographic manner) to the other peer device via the authenticated connections 112, 114 to the server 106”.  Parag. [0024]; “… Therefore, the secret session is encrypted prior to its transmission, for security reasons. … Additionally, the peer devices 102, 104 are configured for establishing the peer connection 1 16 therebetween, and for authenticating the peer connection 116 using the secret session key transmitted from one peer device to the other via the authenticated connections 112, 114 to the server 106. The session key is, for example, a variable key-size stream cipher such as a 40-bit stream cipher and can be used to encrypt and transmit files or other data”.  Parag. [0028]; “peer device B 104 randomly and dynamically allocates a communication port (e.g., a TCP/IP port) for receiving the peer connection 116, and provides appropriate communication port information to peer device A102 along with the encrypted session key and peer device B's public key … It is contemplated that a plurality of peer-to-peer connections may be supported via a single, opened communication port. In such an embodiment, the shared key acts as an identifier to identify a specific peer-to-peer connection.”).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Roth, et al. (US 9,984,238) relates to a data storage system in the multi-tenant service provider environment can receive the encrypted data and cause the data to be stored in its encrypted form. In various embodiments, the data storage service can also receive a copy of the key that was used to encrypt the user data. The data storage service then can have the ability to decrypt the data using the key, in order to cause ciphertext to be converted to cleartext or plaintext, for example. While the data storage service could store the cleartext, the user (or service provider, etc.) may prefer to have the data stored in encrypted form for security purposes.
Engels, et al. (US 2012/0011360) relates to various embodiments are described herein for a Key Management System (KMS) and associated methods for providing authentication and secure shared key distribution capabilities without revealing a device's secret key. The KMS allows one or more accessing applications or devices residing on a variety of systems and associated with a plurality of organizations to efficiently authenticate other applications or devices with which they are in communication and to securely establish a shared secret between authenticated s applications or devices. Secret keys may be cached through-out the KMS system for off-line and efficient operations. The KMS system enables authentication of devices and secure communication between these devices which may have been created and secured under different domains without those domains having an a priori relationship.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEX D CARRASQUILLO whose telephone number is (571)270-5045. The examiner can normally be reached Monday - Friday 9:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/A.D.C./Examiner, Art Unit 2498                                                                                                                                                                                                        
/YIN CHEN SHAW/Supervisory Patent Examiner, Art Unit 2498