Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

Claims 1-25 are pending in this office action.

Applicant’s arguments, filed July 6, 2022, have been fully considered but they are not persuasive.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-25 are rejected under 35 U.S.C. 103 as being unpatentable over Keohane et al. (U.S. Patent Pub. No. 2015/0169894) in view of Resch (U.S. Patent Pub. No. 2014/0068791).

Regarding claim 1, Keohane et al. teaches an apparatus for storing files, comprising: one or more servers and one or more storage devices, coupled with each other, to provide virtual storage service to store a file and metadata of the file for a client computing device (fig. 6 and paragraph 0069); wherein the file and the metadata of the file are encrypted by the client computing device before providing to the virtual storage service, the file being encrypted with a secret key of the client computing device, and the metadata of the file being encrypted with a shared session key between the client computing device and the virtual storage service (paragraph 0018 and 0026); and wherein the encrypted file is stored in the one or more storage devices, and the encrypted metadata of the file are stored in one or more secured areas of the one or more servers (paragraph 0032-0033).
Keohane et al. does not specifically teach storing the file on virtual storage devices.  Keohane et al. mentions virtual storage in paragraph 0069, but never explicitly teaches actually storing the files and metadata on virtual storage.
Resch teaches storing the file on a virtual storage device (paragraph 0291).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine storing the files on virtual storage, as taught by Resch, with the method of Keohane et al.  It would have been obvious for such modifications because virtual storage provides a cheaper, more dynamic storage option than just plain physical storage.

Regarding claim 2, Keohane et al. as modified by Resch teaches wherein the metadata of the file include a file name, a file size, a date for the file, an owner of the file, a tag of the file, a portion of the file, or an abstract of the file (see paragraph 0346 of Resch).

Regarding claim 3, Keohane et al. teaches wherein the file includes an audio file, a multimedia file, a document, or an object file (paragraph 0027).

Regarding claim 4, Keohane et al. as modified by Resch teaches wherein the one or more servers and the one or more storage devices are part of a fog network of computing devices (see paragraph 0009 of Resch).

Regarding claim 5, Keohane et al. as modified by Resch teaches wherein the one or more servers are part of a fog network, and the one or more storage devices are disposed in a cloud coupled to the fog network (see paragraph 0010 of Resch).

Regarding claim 6, Keohane et al. as modified by Resch teaches wherein the encrypted file and the encrypted metadata of the file are provided to the virtual storage service through a secure channel between the client computing device and the virtual storage service (see paragraph 0277 of Resch).

Regarding claim 7, Keohane et al. as modified by Resch teaches wherein the virtual storage service is to receive an encrypted query about the file based on the shared session key, and the one or more servers is to decrypt the encrypted query based on the shared session key to obtain a query, and to search the encrypted metadata of the file stored on the one or more servers based on the query (see paragraph 0159 of Resch).

Regarding claim 8, Keohane et al. as modified by Resch teaches wherein the one or more servers is to determine the encrypted file stored in the one or more storage devices based on the search performed on the stored encrypted metadata of the file, and to transmit the determined encrypted file to the client computing device (see paragraph 0159 of Resch).

Regarding claim 9, Keohane et al. as modified by Resch teaches wherein the client computing device, the file, the encrypted file, the encrypted metadata of the file, the secret key, or the shared session key is a first client computing device, a first file, a first encrypted file, a first encrypted metadata of the first file, a first secret key, or a first shared session key, and the one or more servers and one or more storage devices are to provide virtual storage service to store a second file and second metadata of the second file for a second client computing device; wherein the second file and the second metadata of the second file are encrypted by the second client computing device before providing to the virtual storage service, the second file being encrypted with a second secret key of the second client computing device, and the second metadata of the second file being encrypted with a second shared session key between the second client computing device and the virtual storage service; and wherein the second encrypted file is stored in the one or more storage devices, and the second encrypted metadata of the second file are stored in the one or more secured areas of the one or more servers (see paragraph 0138 of Resch).

Regarding claim 10, Keohane et al. teaches a computing device, comprising: one or more processors (fig. 4, ref. num 16) to: encrypt a file based on a secret key of the computing device (paragraph 0026); and encrypt metadata of the file based on a session key shared between the computing device and virtual storage service (paragraph 0026); and a communication interface coupled with the one or more processors to transmit the encrypted file and the encrypted metadata of the file to the virtual storage service to store the encrypted file and the encrypted metadata of the file for the computing device (fig. 4, ref. num 22 and paragraph 0026).
Keohane et al. does not specifically teach storing the file on virtual storage devices.  Keohane et al. mentions virtual storage in paragraph 0069, but never explicitly teaches actually storing the files and metadata on virtual storage.
Resch teaches storing the file on a virtual storage device (paragraph 0291).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine storing the files on virtual storage, as taught by Resch, with the method of Keohane et al.  It would have been obvious for such modifications because virtual storage provides a cheaper, more dynamic storage option than just plain physical storage.

Regarding claim 11, Keohane et al. as modified by Resch teaches wherein the communication interface is to transmit the encrypted file and the encrypted metadata of the file to the virtual storage service through a secure channel between the computing device and the virtual storage service (see paragraph 0277 of Resch).

Regarding claim 12, Keohane et al. as modified by Resch teaches wherein the one or more processors is to generate an encrypted query about the file based on the shared session key, and the communication interface is to transmit the encrypted query to the virtual storage service, wherein the virtual storage service is to decrypt the encrypted query based on the shared session key, and to search and locate the stored encrypted metadata of the file to generate a response to the encrypted query (see paragraph 0159 of Resch).

Regarding claim 13, Keohane et al. as modified by Resch teaches wherein the communication interface is to receive the encrypted file from the virtual storage service as the response to the encrypted query (see paragraph 0159 of Resch).

Regarding claim 14, Keohane et al. teaches one or more non-transitory computer-readable media (NTCRM) comprising instructions that cause a fog network to provide virtual storage service, in response to execution of the instructions by the virtual storage service, to: receive, from a client computing device, an encrypted file being encrypted with a secret key of the client computing device (paragraph 0026); store the encrypted file in one or more storage devices (paragraph 0026); receive, from the client computing device, an encrypted metadata of the file being encrypted with a shared session key between the client computing device and the virtual storage service (paragraph 0026); and store the encrypted metadata of the file in one or more secured areas of one or more servers, wherein the one or more servers and the one or more storage devices, coupled with each other, provide the virtual storage service (paragraph 0069).
Keohane et al. does not specifically teach storing the file on virtual storage devices.  Keohane et al. mentions virtual storage in paragraph 0069, but never explicitly teaches actually storing the files and metadata on virtual storage.
Resch teaches storing the file on a virtual storage device (paragraph 0291).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine storing the files on virtual storage, as taught by Resch, with the method of Keohane et al.  It would have been obvious for such modifications because virtual storage provides a cheaper, more dynamic storage option than just plain physical storage.

Regarding claim 15, Keohane et al. as modified by Resch teaches wherein in response to execution of the instructions by the virtual storage service, further to: receive, from the client computing device, an encrypted query about the file based on the shared session key; decrypt the encrypted query based on the shared session key to obtain a query; search the encrypted metadata of the file stored on the one or more servers based on the query (see paragraph 0159 of Resch).

Regarding claim 16, Keohane et al. as modified by Resch teaches wherein in response to execution of the instructions by the virtual storage service, further to: determine the encrypted file stored in the one or more storage devices based on the search performed on the stored encrypted metadata of the file, and transmit the determined encrypted file to the client computing device (see paragraph 0159 of Resch).

Regarding claim 17, Keohane et al. as modified by Resch teaches (see paragraph 0009 of Resch).

Regarding claim 18, Keohane et al. as modified by Resch teaches wherein the one or more servers are part of a fog network, and the one or more storage devices are disposed in a cloud coupled to the fog network (see paragraph 0010 of Resch).

Regarding claim 19, Keohane et al. as modified by Resch teaches wherein the encrypted file and the encrypted metadata of the file are provided to the virtual storage service through a secure channel between the client computing device and the virtual storage service (see paragraph 0277 of Resch).

Regarding claim 20, Keohane et al. teaches a method for a computing device to store a file, comprising: generating an encrypted version of the file, wherein the encrypted version of the file is generated by encrypting the file based on a secret key of the computing device (paragraph 0026); generating encrypted metadata of the file, wherein the encrypted metadata of the file is generated by encrypting the metadata of the file based on a shared session key between the computing device and a virtual storage service, and wherein one or more servers and one or more storage devices, coupled with each other, provide the virtual storage service (paragraph 0026); and transmitting the encrypted file and the encrypted metadata of the file to the virtual storage service, wherein the encrypted file is received by the virtual storage service and stored in the one or more storage devices, and the encrypted metadata of the file are stored in one or more secured areas of the one or more servers (paragraph 0069).
Keohane et al. does not specifically teach storing the file on virtual storage devices.  Keohane et al. mentions virtual storage in paragraph 0069, but never explicitly teaches actually storing the files and metadata on virtual storage.
Resch teaches storing the file on a virtual storage device (paragraph 0291).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine storing the files on virtual storage, as taught by Resch, with the method of Keohane et al.  It would have been obvious for such modifications because virtual storage provides a cheaper, more dynamic storage option than just plain physical storage.

Regarding claim 21, Keohane et al. as modified by Resch teaches further comprising: generating a query about the file; encrypting the query based on the shared session key to obtain an encrypted query; and transmitting the encrypted query to the virtual storage service, wherein the virtual storage service is to decrypt the encrypted query based on the shared session key to obtain the query, and to search the stored encrypted metadata of the file based on the query (see paragraph 0159 of Resch).

Regarding claim 22, Keohane et al. as modified by Resch teaches further comprising: receiving the encrypted version of the file back from the virtual storage service, wherein the encrypted version of the file is retrieved by the virtual storage service in response to the encrypted query (see paragraph 0159 of Resch).

Regarding claim 23, Keohane et al. as modified by Resch teaches wherein the one or more servers and the one or more storage devices are part of a fog network of computing devices (see paragraph 0009 of Resch).

Regarding claim 24, Keohane et al. as modified by Resch teaches wherein the one or more servers are part of a fog network, and the one or more storage devices are disposed in a cloud coupled to the fog network (see paragraph 0010 of Resch).

Regarding claim 25, Keohane et al. as modified by Resch teaches wherein the encrypted version of the file and the encrypted metadata of the file are transmitted through a secure channel between the computing device and the virtual storage service (see paragraph 0277 of Resch).

Response to Arguments
Applicant argues that Keohane et al. does not teach the metadata of the network data object is encrypted with the session key.
Regarding applicant’s arguments, examiner disagrees.  Paragraph 0025 of Keohane et al. uses the term “extended attribute” to refer to the metadata of a file.  Paragraph 0033 says, “in operation 250, the first encryption key that was used to encrypt the encrypted network data object may be stored as an extended attribute of the encrypted data file. The first encryption key may be later used to decrypt the encrypted data file. In various embodiments, the first encryption key may be encrypted (also known as wrapped) with the third encryption key such as public key of the third public/private key pair. The wrapping of the first encryption key may occur before it is stored in the encrypted file system 125 with the encrypted data file. The third public/private key pair may allow a user or group to access the data object in the encrypted data file. Each user and group may have a keystore 130 that contains these public/private key pairs in memory 120. Each user and group may have an extended attribute for the encrypted data file.”  This paragraph shows that the extended attribute (or metadata) is encrypted with the third encryption key.
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON HOFFMAN whose telephone number is (571)272-3863.  The examiner can normally be reached on Monday-Friday 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BRANDON HOFFMAN/Primary Examiner, Art Unit 2433