Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	This action is in response to the claims filed 12/20/2019.  Claims 1-20 are pending with claims 1 (a method), 10 (a machine), and 19 (a non-transitory CRM) being independent.

	Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 2, 6, 8-11, 15, 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over EncFS as described in (Valient Gough, encfs presentation, 2005) and (Till Brehm, How to Encrypt your Data with EncFS, 2016), in view of Prahlad et al., US 2013/0024424 (filed 2012).
	As to claims 1, 10, and 19 EncFs discloses a method/machine/CRM comprising:
generating, …, an encrypted data archive (“EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface.” EncFS-Brehm p. 1) based on a user backup performed (“To save your data in encrypted form, put your data into the decrypted directory, just as you would do with a normal directory:” EncFS-Brehm p. 5) using … with an encryption flag enabled and a user key; (“encfs ~/encrypted ~/decrypted If you run this command for the first time, the EncFS setup is started started, and you must define a password for the encrypted volume:” EncFS-Brehm p. 3. The password being the user key.)
generating, …, an index key for the encrypted data archive; (“Each filesystem uses a randomly generated key (the volume key)” EncFS-Gough p. 23.)
encrypting,…, the index key using the user key; (“Volume key is stored encrypted using user supplied key” EncFS-Gough p. 23.)
storing, …, the index key in a secure data storage; (“Volume key is stored encrypted using user supplied key” EncFS-Gough p. 23.)
creating and mounting,…, an encrypted file system folder for the encrypted data archive (“The decrypted directory acts as the mount point for the encrypted directory. To mount ~/encrypted to ~/decrypted” EncFS-Brehm p. 3.) using the index key; (“Volume key is stored encrypted using user supplied key” EncFS-Gough p. 23.)
decrypting, …, data in the encrypted data archive using the user key; and (“Volume key is stored encrypted using user supplied key” EncFS-Gough p. 23. “Make sure you remember the password because there's no way to recover your encrypted data if you forget the password!” EncFS-Brehm p. 4)
indexing, …, the decrypted data. (“The decrypted directory acts as the mount point for the encrypted directory. To mount ~/encrypted to ~/decrypted” EncFS-Brehm p. 3.)

EncFS does not disclose:
hardware processor (also the readable medium of claim 19)
a backup plan

Prahlad discloses:
hardware processor (also the readable medium of claim 19) (Prahlad ¶¶ 90 and 92)
a backup plan (“a “schedule policy” may specify when and how often to perform storage operations” Prahlad ¶ 110. See also claim 12. “data management including: Backup, Archive, Reporting and search/eDiscovery. There are challenges often associated with taking full-advantage of cloud-based storage.” Prahlad ¶ 451. Also ¶¶ 100, 288 and 461)

A person of ordinary skill in the art before the effective filing date would have combined EncFS with Prahlad by incorporating the encrypted storage of EncFS with the backup schedule policy of Prahlad.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine EncFS with Prahlad in order to provide an easy to use data management system for specifying data management policies, thereby allowing easy implementation of data protection and retention policies and goals, Prahlad claim 12.

As to claims 2, 11, and 20 EncFS in view of Prahlad discloses the method/machine of claims 1 and 10 and further discloses:
identifying a second user key associated with …; (“encfs ~/encrypted ~/decrypted If you run this command for the first time, the EncFS setup is started, and you must define a password for the encrypted volume:” EncFS-Brehm p. 3. A user creating another folder in the same manner as the first which requires input of a new key for the second folder)
generating another encrypted data archive based on another user backup and the second user key, wherein the another user backup is located in a same file system as the user backup; and (“encfs ~/encrypted ~/decrypted If you run this command for the first time, the EncFS setup is started, and you must define a password for the encrypted volume:” EncFS-Brehm p. 3. A user creating another folder in the same manner as the first which requires input of a new key for the second folder)
encrypting another generated index key using the second user key. (“Volume key is stored encrypted using user supplied key” EncFS-Gough p. 23.)

EncFS in view of Prahlad does not disclose:
a second user

However, a person of ordinary skill in the art before the effective filing date of the claimed invention would have known that multiple users could use the computing system of EncFS in view of Prahlad and individually set the respective passwords.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention that multiple users can use a single terminal and its associated filesystem. 

As to claims 6, 15, EncFS in view of Prahlad discloses the method/machine of claims 1 and 10 and further discloses:
further comprising using a cryptographic file system to store data at rest in encrypted format. (“EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface.” EncFS-Brehm p. 1).

As to claims 8, 17, EncFS in view of Prahlad discloses the method/machine of claims 1 and 10 and further discloses:
wherein the encrypted file system is mounted in non-privileged mode. (“What is EncFS?.... a user-space filesystem – runs as a user process” EncFS-Gough p. 3.)

As to claim 9, 18 EncFS in view of Prahlad discloses the method/machine of claims 8 and 17 and further discloses:
wherein the encrypted file system is mounted using file system (“The decrypted directory acts as the mount point for the encrypted directory. To mount ~/encrypted to ~/decrypted” EncFS-Brehm p. 3.) in user space system. (“What is EncFS?.... a user-space filesystem – runs as a user process” EncFS-Gough p. 3.)


Claim(s) 3-5 and 12-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over EncFS as described in (Valient Gough, encfs presentation, 2005) and (Till Brehm, How to Encrypt your Data with EncFS, 2016), in view of Prahlad et al., US 2013/0024424 (filed 2012), and Schaad et al., RFC 3537 (published 2003).
As to claims 3 and 12, EncFS in view of Prahlad discloses the method/machine of claims 1 and 10 and further discloses:
wherein generating the index key comprises: … and a random key, (“Each filesystem uses a randomly generated key (the volume key)” EncFS-Gough p. 23.) ….

EncFS in view of Prahlad does not disclose:
creating a string constant
wherein a combined length of the string constant and the random key is equal to a predetermined value; and 
concatenating the string constant and the random key.

	Schaad discloses: 
creating a string constant (“4. Compute an 8 octet key checksum value on LKEYPAD as described in Section 2 of [3DES-WRAP], call the result ICV.” Schaad p. 2)
wherein a combined length of the string constant and the random key is equal to a predetermined value; and (“1. Let the HMAC key be called KEY, and let the length of KEY in octets be called LENGTH. LENGTH is a single octet.” Schaad p. 2. The key length is known and the checksum length is known.)
concatenating the string constant and the random key. (“5. Let LKEYPADICV = LKEYPAD || ICV.” Schaad p. 2).

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined EncFS in view of Prahlad with Schaad by utilizing the key wrapping mechanism described in Schaad to encrypt the volume key with the user password.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine EncFS in view of Prahlad with Schaad in order to implement the key wrapping in a secure manner using a known algorithm, thereby reducing testing and debugging time of the volume key wrapping/encryption of EncFS.

As to claims 4, 13, EncFS in view of Prahlad and Schaad discloses the method/machine of claims 3 and 12 and further discloses:
wherein decrypting the data in the encrypted data archive further comprises:
receiving a search request (“data management including: Backup, Archive, Reporting and search/eDiscovery. There are challenges often associated with taking full-advantage of cloud-based storage.” Prahlad ¶ 451. Also ¶¶ 100, 288 and 461)
 comprising an unverified user key; (“To mount it again, run encfs ~/encrypted ~/decrypted You will be asked for the password you defined earlier:” EncFS-Brehm p. 6)
validating the unverified user key by decrypting the index key using the unverified user key; (“If you specify the correct password, this will mount the ~/encrypted directory to ~/decrypted from where you can access your encrypted data in unencrypted form. If you forget the password, your encrypted data is lost!” EncFS-Brehm p. 6. “Volume key is stored encrypted using user supplied key” EncFS-Gough p. 23.)

EncFS in view of Prahlad and Schaad does not disclose:
determining whether the index key comprises the string constant; 
in response to determining that the index key comprises the string constant, decrypting the encrypted data archive; and
in response to determining that the index key does not comprise the string constant, not decrypting the encrypted data archive.

	Schaad further discloses:
determining whether the index key comprises the string constant; 
in response to determining that the index key comprises the string constant, decrypting the encrypted data archive; and (“7. Compute an 8 octet key checksum value on LKEYPAD as described in Section 2 of [3DES-WRAP]. If the computed key checksum value does not match the decrypted key checksum value, ICV, then error.” Schaad p. 3. The checksum being the “string constant” used to validate the wrapped key.)
in response to determining that the index key does not comprise the string constant, not decrypting the encrypted data archive. 
(Schaad p. 3. If the checksum matches per step 7, decryption continues using the retrieved key, else error.)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined EncFS in view of Prahlad with Schaad by utilizing the key wrapping mechanism described in Schaad to encrypt the volume key with the user password.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine EncFS in view of Prahlad with Schaad in order to implement the key wrapping in a secure manner using a known algorithm, thereby reducing testing and debugging time of the volume key wrapping/encryption of EncFS.

As to claims 5, 14, EncFS in view of Prahlad discloses the method/machine of claims 1 and 10 and but does not disclose:
a predefined prefix to the index key prior to encrypting the index key.

Schaad discloses:
a predefined prefix (“5. Let LKEYPADICV = LKEYPAD || ICV.” Schaad p. 2) to the index key prior to encrypting the index key. (“7. Encrypt LKEYPADICV in CBC mode” Schaad p. 3)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined EncFS in view of Prahlad with Schaad by utilizing the key wrapping mechanism described in Schaad to encrypt the volume key with the user password.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine EncFS in view of Prahlad with Schaad in order to implement the key wrapping in a secure manner using a known algorithm, thereby reducing testing and debugging time of the volume key wrapping/encryption of EncFS.


Claim(s) 7 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over EncFS as described in (Valient Gough, encfs presentation, 2005) and (Till Brehm, How to Encrypt your Data with EncFS, 2016), in view of Prahlad et al., US 2013/0024424 (filed 2012), and Gocryptfs (no stated author, published 2017).
As to claims 7, 16, EncFS in view of Prahlad discloses the method/machine of claims 6 and 15 and but does not disclose:
wherein the cryptographic file system is gocryptfs.

Gocryptfs discloses:
(“This page compares: gocryptfs (this project), aspiring successor of EncFS… EncFS, mature with known security issues” Gocryptfs page 1.)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified EncFS in view of Prahlad with Gocryptfs by using the new Gocryptfs system to replace EncFS as it is known to be a successor to EncFS.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine EncFS in view of Prahlad with Gocryptfs in order to utilize a known successor of EncFS thereby improving the system with the updated software. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Yu, US 9,910,999, discloses a method for indexing and searching encrypted data.
Camenisch et al., US 2017/0155634 discloses password-based management of encrypted files. 
Fiducci, US 2008/0028059 discloses data backup and retrieval. 
Brouwer et al. US 2011/0252243 discloses content protection using a user pin to encrypt a data encryption key.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165. The examiner can normally be reached M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MICHAEL W CHAO/           Examiner, Art Unit 2492