DETAILED ACTION
This first non-final action is in response to applicants’ filing on 03/07/2022. Claims 1-25 are currently pending and have been considered as follows.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Drawings
The drawings filed on 03/07/2022 are accepted.
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 03/07/2022 and 06/06/2022 have been placed in the application file, and the information referred therein has been considered as to the merits.
Examiner’s Note: The Examiner acknowledges applicants’ express definition on page 39 of the Specification at paragraph [00144] filed on 03/07/2022 “A computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire”.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Parent Patent No. 11,303,618 B2
Claims 1-25 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over Claims 1-6 and 8-23 of parent U.S. Patent No. 11,303,618 B2 (common inventive entity and assignee).  Although the conflicting claims are not identical, they are not patentably distinct from each other because it is clear that all the elements of the instant application claims 1-25 are to be found in parent patent claims 1-6 and 8-23.  The difference between the application claims and the patent claims lies in the fact that the patent claims include more elements and are more specific.  Thus, the invention of claims 1-6 and 8-23 of the patent is in effect a “species” of the “generic” invention of the instant application claims 1-25.  It has been held that the generic invention is “anticipated” by the “species”.  See In re Goodman, 29 USPQ2d 2010 (Fed. Cir. 1993).  The following Claims Comparison Table illustrates the anticipatory relationship of the claims at issue.
Claims Comparison Table

Instant Application:
17/653,662
U.S. Patent No. 11,303,618 B2
(common inventive entity and assignee)
Claim 1:
A method comprising:
determining whether an encryption algorithm is at-risk;
identifying, in response to determining that the encryption algorithm is at-risk, data protected by the encryption algorithm; and
executing a security action on the data protected by the encryption algorithm.
Claim 1:
A method comprising:
determining whether an encryption algorithm is at-risk, wherein determining whether the encryption algorithm is at-risk further comprises:
parsing text resources for the encryption algorithm;
identifying a first string within the text resources associated with the encryption algorithm; and
classifying risk of the encryption algorithm based on the identified first string; identifying, in response to determining that the encryption algorithm is at-risk, data protected by the encryption algorithm, wherein the data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps at least the encryption algorithm to a first time-frame and a second encryption algorithm to a second time-frame, wherein data associated with the first time-frame mapped to the encryption algorithm is identified; and 
executing a security action on the data protected by the encryption algorithm.
Claim 2:
The method of claim 1, wherein determining whether the encryption algorithm is at-risk includes: determining a risk value for the encryption algorithm; and comparing the risk value to a risk threshold.
Claim 2:
The method of claim 1, wherein determining whether the encryption algorithm is at-risk includes: determining a risk value for the encryption algorithm; and comparing the risk value to a risk threshold.
Claim 3:
The method of claim 1, wherein the data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps time periods to encryption algorithms, wherein all data associated with a first time-frame mapped to the encryption algorithm is identified.
Claim 3:
The method of claim 1, wherein the look-up table further maps encryption algorithms to data locations, wherein the look-up table maps at least the encryption algorithm to a first data location and the second encryption algorithm to a second data location, wherein the first data location mapped to the encryption algorithm is identified.
Claim 4:
The method of claim 1, wherein the data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps encryption algorithms to data locations, wherein data locations mapped to the encryption algorithm are identified.
Claim 1:
… wherein the data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps at least the encryption algorithm to a first time-frame and a second encryption algorithm to a second time-frame, wherein data associated with the first time-frame mapped to the encryption algorithm is identified…
Claim 5:
The method of claim 1, wherein the security action includes decrypting the data protected by the encryption algorithm and encrypting the data with a second encryption algorithm.
Claim 4:
The method of claim 1, wherein the security action includes decrypting the data protected by the encryption algorithm and encrypting the data with the second encryption algorithm.

Claim 6:
The method of claim 1, wherein the security action includes disconnecting the data from at least one network.
Claim 5:
The method of claim 1, wherein the security action includes disconnecting the data from at least one network.
Claim 7:
The method of claim 1, wherein the security action includes further encrypting the data protected by the encryption algorithm with a second encryption algorithm without decrypting the data.
Claim 6:
The method of claim 1, wherein the security action includes further encrypting the data protected by the encryption algorithm with the second encryption algorithm without decrypting the data.
Claim 8:
A system comprising:
one or more processors; and
one or more computer-readable storage media collectively storing program instructions which, when executed by the one or more processors, are configured to cause the one or more processor to perform a method comprising: determining whether an encryption algorithm is at-risk;
identifying, in response to determining that the encryption algorithm is at-risk, data protected by the encryption algorithm; and
executing a security action on the data protected by the encryption algorithm.
Claim 8:
A system comprising:
one or more processors; and
one or more computer-readable storage media collectively storing program instructions which, when executed by the one or more processors, are configured to cause the one or more processor to perform a method comprising:
determining whether an encryption algorithm is at-risk, wherein determining whether the encryption algorithm is at-risk further comprises: parsing text resources for the encryption algorithm;
identifying a first string within the text resources associated with the encryption algorithm; and
classifying risk of the encryption algorithm based on the identified first string;
identifying, in response to determining that the encryption algorithm is at-risk, data protected by the encryption algorithm, wherein the data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps at least the encryption algorithm to a first time-frame and a second encryption algorithm to a second time-frame, wherein data associated with the first time-frame mapped to the encryption algorithm is identified; and executing a security action on the data protected by the encryption algorithm.
Claim 9:
The system of claim 8, wherein determining whether the encryption algorithm is at-risk includes: determining a risk value for the encryption algorithm; and comparing the risk value to a risk threshold.
Claim 9:
The system of claim 8, wherein determining whether the encryption algorithm is at-risk includes: determining a risk value for the encryption algorithm; and comparing the risk value to a risk threshold.
Claim 10:
The system of claim 8, wherein data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps time periods to encryption algorithms, wherein all data associated with a first time-frame mapped to the encryption algorithm is identified.
Claim 8:
…wherein the data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps at least the encryption algorithm to a first time-frame and a second encryption algorithm to a second time-frame, wherein data associated with the first time-frame mapped to the encryption algorithm is identified… 
Claim 11:
The system of claim 8, wherein data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps encryption algorithms to data locations, wherein data locations mapped to the encryption algorithm are identified.
Claim 10:
The system of claim 8, wherein the look-up table further maps encryption algorithms to data locations, wherein the look-up table maps at least the encryption algorithm to a first data location and the second encryption algorithm to a second data location, wherein the first data location mapped to the encryption algorithm is identified.
Claim 12:
The system of claim 8, wherein the security action includes decrypting the data protected by the encryption algorithm and encrypting the data with a second encryption algorithm.
Claim 11:
The system of claim 8, wherein the security action includes decrypting the data protected by the encryption algorithm and encrypting the data with the second encryption algorithm.
Claim 13:
The system of claim 8, wherein the security action includes disconnecting the data from at least one network.
Claim 12:
The system of claim 8, wherein the security action includes disconnecting the data from at least one network.
Claim 14:
The system of claim 8, wherein the security action includes further encrypting the data protected by the encryption algorithm with a second encryption algorithm without decrypting the data.
Claim 13:
The system of claim 8, wherein the security action includes further encrypting the data protected by the encryption algorithm with the second encryption algorithm without decrypting the data.
Claim 15:
A computer program product comprising one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions comprising instructions configured to cause one or more processors to perform a method comprising:
determining whether an encryption algorithm is at-risk;
identifying, in response to determining that the encryption algorithm is at-risk, data protected by the encryption algorithm; and
executing a security action on the data protected by the encryption algorithm.
Claim 14:
A computer program product comprising one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions comprising instructions configured to cause one or more processors to perform a method comprising:
determining whether an encryption algorithm is at-risk, wherein determining whether the encryption algorithm is at-risk further comprises: parsing text resources for the encryption algorithm; identifying a first string within the text resources associated with the encryption algorithm; and classifying risk of the encryption algorithm based on the identified first string;
identifying, in response to determining that the encryption algorithm is at-risk, data protected by the encryption algorithm, wherein the data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps at least the encryption algorithm to a first time-frame and a second encryption algorithm to a second time-frame, wherein data associated with the first time-frame mapped to the encryption algorithm is identified; and executing a security action on the data protected by the encryption algorithm.
Claim 16:
The computer program product of claim 15, wherein determining whether the encryption algorithm is at-risk includes: determining a risk value for the encryption algorithm; and comparing the risk value to a risk threshold.
Claim 15:
The computer program product of claim 14, wherein determining whether the encryption algorithm is at-risk includes: determining a risk value for the encryption algorithm; and comparing the risk value to a risk threshold.
Claim 17:
The computer program product of claim 15, wherein data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps time periods to encryption algorithms, wherein all data associated with a first time-frame mapped to the encryption algorithm is identified.

Claim 14:
… wherein the data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps at least the encryption algorithm to a first time-frame and a second encryption algorithm to a second time-frame, wherein data associated with the first time-frame mapped to the encryption algorithm is identified…
Claim 18:
The computer program product of claim 15, wherein data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps encryption algorithms to data locations, wherein data locations mapped to the encryption algorithm are identified.
Claim 16:
The computer program product of claim 14, wherein the look-up table further maps encryption algorithms to data locations, wherein the look-up table maps at least the encryption algorithm to a first data location and the second encryption algorithm to a second data location, wherein the first data location mapped to the encryption algorithm is identified.
Claim 19:
The computer program product of claim 15, wherein the security action includes decrypting the data protected by the encryption algorithm and encrypting the data with a second encryption algorithm.
Claim 17:
The computer program product of claim 14, wherein the security action includes decrypting the data protected by the encryption algorithm and encrypting the data with the second encryption algorithm.
Claim 20:
A method comprising:
storing an encryption tag with a data set, the encryption tag including an encryption algorithm indicator specifying an encryption algorithm used to encrypt the data set;
determining that the encryption algorithm used to encrypt data set is at-risk; locating the data set using the encryption tag; and
executing a security action on the data set.
Claim 18:
A method comprising:
storing an encryption tag with a data set, the encryption tag including an encryption algorithm indicator specifying an encryption algorithm used to encrypt the data set;
determining that the encryption algorithm used to encrypt the data set is at-risk, wherein determining whether the encryption algorithm is at-risk further comprises:
parsing text resources for the encryption algorithm; identifying a first string within the text resources associated with the encryption algorithm; and
classifying risk of the encryption algorithm based on the identified first string; locating the data set using the encryption tag, wherein a look-up table maps at least the encryption algorithm to a first time-frame and a second encryption algorithm to a second time-frame, wherein the encryption tag specifying the encryption algorithm is referenced against the look-up table to locate the data set associated with the first time-frame; and
executing a security action on the data set.
Claim 21:
The method of claim 20, wherein executing the security action includes decrypting the data set and encrypting the data set with a second encryption algorithm.
Claim 19:
The method of claim 18, wherein executing the security action includes decrypting the data set and encrypting the data set with the second encryption algorithm.
Claim 22:
The method of claim 21, wherein the encryption tag is updated such that the encryption algorithm indicator specifies that the data set is now protected by the second encryption algorithm.
Claim 20:
The method of claim 19, wherein the encryption tag is updated such that the encryption algorithm indicator specifies that the data set is now protected by the second encryption algorithm.
Claim 23:
A system comprising:
one or more processors; and
one or more computer-readable storage media collectively storing program instructions which, when executed by the one or more processors, are configured to cause the one or more processor to perform a method comprising:
storing an encryption tag with a data set, the encryption tag including an encryption algorithm indicator specifying an encryption algorithm used to encrypt the data set;
determining that the encryption algorithm used to encrypt data set is at-risk; 
locating the data set using the encryption tag; and
executing a security action on the data set.
Claim 21:
A system comprising:
one or more processors; and one or more computer-readable storage media collectively storing program instructions which, when executed by the one or more processors, are configured to cause the one or more processor to perform a method comprising:
storing an encryption tag with a data set, the encryption tag including an encryption algorithm indicator specifying an encryption algorithm used to encrypt the data set;
determining that the encryption algorithm used to encrypt the data set is at-risk, wherein determining whether the encryption algorithm is at-risk further comprises: parsing text resources for the encryption algorithm; identifying a first string within the text resources associated with the encryption algorithm; and classifying risk of the encryption algorithm based on the identified first string; 
locating the data set using the encryption tag, wherein a look-up table maps at least the encryption algorithm to a first time-frame and a second encryption algorithm to a second time-frame, wherein the encryption tag specifying the encryption algorithm is referenced against the look-up table to locate the data set associated with the first time-frame; and
executing a security action on the data set.
Claim 24:
The system of claim 23, wherein executing the security action includes decrypting the data set and encrypting the data set with a second encryption algorithm.
Claim 22:
The system of claim 21, wherein executing the security action includes decrypting the data set and encrypting the data set with the second encryption algorithm.
Claim 25:
The system of claim 24, wherein the encryption tag is updated such that the encryption algorithm indicator specifies that the data set is now protected by the second encryption algorithm.
Claim 23:
The system of claim 22, wherein the encryption tag is updated such that the encryption algorithm indicator specifies that the data set is now protected by the second encryption algorithm.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1, 3-5, 8, 10-12, 15, and 17-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by OSAKI (US 20170373848 A1, IDS submitted 03/07/2022).
As to Claim 1:
OSAKI discloses a method (e.g. OSAKI “The present invention is generally related to storage systems and in particular to a system and method for cryptographic storage technique to provide secure long term retention of data” [0002]; [0007]) comprising:
determining whether an encryption algorithm is at-risk (e.g. OSAKI when determining the first encryption criteria/algorithm is no longer deemed to provide adequate security against unauthorized access… for example when AES encryption can be broken [0038] where “the term "criteria" used in the context of a discussion with cryptographic processes such as encryption and decryption will be understood to refer to families of cryptographic algorithms, specific cryptographic algorithms, a key or keys used with a specific cryptographic algorithm, and so on. Cryptographic criteria refers to the information, such as encryption/decryption key(s) and/or algorithm, that is applied to un-encrypted ("clear") data to produce encrypted data, and conversely to decrypt encrypted data to produce clear data” [0018]; [0037]; “when the technology has advanced to a point where the first encryption criteria is no longer deemed to provide adequate security against unauthorized access” [0038]);
identifying, in response to determining that the encryption algorithm is at-risk, data protected by the encryption algorithm (e.g. OSAKI “the block location on the physical storage device 104 for the block of data that is identified by the "processed position" datum 108 is accessed. The data block is read from the physical storage device 104 at that block location. As discussed above, the data is initially encrypted according to the first criteria 106” [0034]); and
executing a security action on the data protected by the encryption algorithm (e.g. OSAKI “Therefore, the data block is decrypted using the first criteria 106 to produce an un-encrypted data block, in a step 203.  The second cryptographic criteria 107 are then applied, in a step 204, to the un-encrypted data block to produce a converted data block, which is now encrypted according to the second cryptographic criteria 107. The converted data block is then written back (step 205) to the block location on the physical storage device 104 from which it was initially read in step 202” [0034]; [0037]).


As to Claim 3:
OSAKI discloses the method of claim 1, wherein the data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps time periods to encryption algorithms (e.g. OSAKI data address table includes mapping of encryption criteria/algorithm with specific set of data blocks by particular modification date [0056]), wherein all data associated with a first time-frame mapped to the encryption algorithm is identified (e.g. OSAKI “However, it may be desirable to convert the data blocks that belong to a specific file or set of files. In general, it may be desirable to convert a specific set of data blocks as determined by some criterion or criteria; such as for example, files of a specific type, or having a particular modification date, and so on. One of ordinary skill will realize that the selection of specific blocks of data can be identified. For example, if it is desired to convert the data blocks for a specific set of files, the blocks might be identified using a data address table which shows addresses of the data blocks of the selected files. Such a data address table is typically maintained by file system 613” [0056]).
As to Claim 4:
OSAKI discloses the method of claim 1, wherein the data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps encryption algorithms to data locations, wherein data locations mapped to the encryption algorithm are identified (e.g. OSAKI “The file system therefore provides a mapping between a file (e.g., File-A) and the data blocks which comprise File-A, and maintains the block location information for the blocks which comprise its constituent files. Thus, in step 202, when the converted data block is written to the same location on the physical storage device 104 as its corresponding unconverted data block. This preserves the locations of the data on the physical storage device from the point of view of the file system in the host device 101” [0035]; “For example, if it is desired to convert the data blocks for a specific set of files, the blocks might be identified using a data address table which shows addresses of the data blocks of the selected files. Such a data address table is typically maintained by file system 613. The processed position datum 108 can be implemented according to the file system implementation; for example it can be a list of addresses of data blocks which have already been converted by the second cryptographic criteria. This list can then be searched in steps 303 and 402 (FIGS. 3 and 4) to determine if the block has already been converted or not in order to service and I/O request” [0056]).
As to Claim 5:
OSAKI discloses the method of claim 1, wherein the security action includes decrypting the data protected by the encryption algorithm and encrypting the data with a second encryption algorithm (e.g. OSAKI “Therefore, the data block is decrypted using the first criteria 106 to produce an un-encrypted data block, in a step 203.  The second cryptographic criteria 107 are then applied, in a step 204, to the un-encrypted data block to produce a converted data block, which is now encrypted according to the second cryptographic criteria 107. The converted data block is then written back (step 205) to the block location on the physical storage device 104 from which it was initially read in step 202” [0034]; [0037]; “the term "criteria" used in the context of a discussion with cryptographic processes such as encryption and decryption will be understood to refer to families of cryptographic algorithms, specific cryptographic algorithms, a key or keys used with a specific cryptographic algorithm, and so on. Cryptographic criteria refers to the information, such as encryption/decryption key(s) and/or algorithm, that is applied to un-encrypted ("clear") data to produce encrypted data, and conversely to decrypt encrypted data to produce clear data” [0018]).
As to Claim 8:
OSAKI discloses a system (e.g. OSAKI “The present invention is generally related to storage systems and in particular to a system and method for cryptographic storage technique to provide secure long term retention of data” [0002]; [0007]) comprising:
one or more processors (e.g. OSAKI FIG. 1A CPU 110; processing unit [0021]; cryptographic component [0027]); and
one or more computer-readable storage media (e.g. OSAKI memory component contains program code [0024]; [0025]) collectively storing program instructions which, when executed by the one or more processors, are configured to cause the one or more processor to perform a method comprising:
determining whether an encryption algorithm is at-risk (e.g. OSAKI when determining the first encryption criteria/algorithm is no longer deemed to provide adequate security against unauthorized access… for example when AES encryption can be broken [0038] where “the term "criteria" used in the context of a discussion with cryptographic processes such as encryption and decryption will be understood to refer to families of cryptographic algorithms, specific cryptographic algorithms, a key or keys used with a specific cryptographic algorithm, and so on. Cryptographic criteria refers to the information, such as encryption/decryption key(s) and/or algorithm, that is applied to un-encrypted ("clear") data to produce encrypted data, and conversely to decrypt encrypted data to produce clear data” [0018]; [0037]; “when the technology has advanced to a point where the first encryption criteria is no longer deemed to provide adequate security against unauthorized access” [0038]);
identifying, in response to determining that the encryption algorithm is at-risk, data protected by the encryption algorithm (e.g. OSAKI “the block location on the physical storage device 104 for the block of data that is identified by the "processed position" datum 108 is accessed. The data block is read from the physical storage device 104 at that block location. As discussed above, the data is initially encrypted according to the first criteria 106” [0034]); and
executing a security action on the data protected by the encryption algorithm (e.g. OSAKI “Therefore, the data block is decrypted using the first criteria 106 to produce an un-encrypted data block, in a step 203.  The second cryptographic criteria 107 are then applied, in a step 204, to the un-encrypted data block to produce a converted data block, which is now encrypted according to the second cryptographic criteria 107. The converted data block is then written back (step 205) to the block location on the physical storage device 104 from which it was initially read in step 202” [0034]; [0037]).
As to Claim 10:
OSAKI discloses the system of claim 8, wherein the data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps time periods to encryption algorithms (e.g. OSAKI data address table includes mapping of encryption criteria/algorithm with specific set of data blocks by particular modification date [0056]), wherein all data associated with a first time-frame mapped to the encryption algorithm is identified (e.g. OSAKI “However, it may be desirable to convert the data blocks that belong to a specific file or set of files. In general, it may be desirable to convert a specific set of data blocks as determined by some criterion or criteria; such as for example, files of a specific type, or having a particular modification date, and so on. One of ordinary skill will realize that the selection of specific blocks of data can be identified. For example, if it is desired to convert the data blocks for a specific set of files, the blocks might be identified using a data address table which shows addresses of the data blocks of the selected files. Such a data address table is typically maintained by file system 613” [0056]).
As to Claim 11:
OSAKI discloses the system of claim 8, wherein the data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps encryption algorithms to data locations, wherein data locations mapped to the encryption algorithm are identified (e.g. OSAKI “The file system therefore provides a mapping between a file (e.g., File-A) and the data blocks which comprise File-A, and maintains the block location information for the blocks which comprise its constituent files. Thus, in step 202, when the converted data block is written to the same location on the physical storage device 104 as its corresponding unconverted data block. This preserves the locations of the data on the physical storage device from the point of view of the file system in the host device 101” [0035]; “For example, if it is desired to convert the data blocks for a specific set of files, the blocks might be identified using a data address table which shows addresses of the data blocks of the selected files. Such a data address table is typically maintained by file system 613. The processed position datum 108 can be implemented according to the file system implementation; for example it can be a list of addresses of data blocks which have already been converted by the second cryptographic criteria. This list can then be searched in steps 303 and 402 (FIGS. 3 and 4) to determine if the block has already been converted or not in order to service and I/O request” [0056]).
As to Claim 12:
OSAKI discloses the system of claim 8, wherein the security action includes decrypting the data protected by the encryption algorithm and encrypting the data with a second encryption algorithm (e.g. OSAKI “Therefore, the data block is decrypted using the first criteria 106 to produce an un-encrypted data block, in a step 203.  The second cryptographic criteria 107 are then applied, in a step 204, to the un-encrypted data block to produce a converted data block, which is now encrypted according to the second cryptographic criteria 107. The converted data block is then written back (step 205) to the block location on the physical storage device 104 from which it was initially read in step 202” [0034]; [0037]; “the term "criteria" used in the context of a discussion with cryptographic processes such as encryption and decryption will be understood to refer to families of cryptographic algorithms, specific cryptographic algorithms, a key or keys used with a specific cryptographic algorithm, and so on. Cryptographic criteria refers to the information, such as encryption/decryption key(s) and/or algorithm, that is applied to un-encrypted ("clear") data to produce encrypted data, and conversely to decrypt encrypted data to produce clear data” [0018]).
As to Claim 15:
OSAKI discloses a computer program product comprising one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media (e.g. OSAKI memory component contains program code [0024]; [0025]), the program instructions comprising instructions configured to cause one or more processors (e.g. OSAKI FIG. 1A CPU 110; processing unit [0021]; cryptographic component [0027]) to perform a method comprising:
determining whether an encryption algorithm is at-risk (e.g. OSAKI when determining the first encryption criteria/algorithm is no longer deemed to provide adequate security against unauthorized access… for example when AES encryption can be broken [0038] where “the term "criteria" used in the context of a discussion with cryptographic processes such as encryption and decryption will be understood to refer to families of cryptographic algorithms, specific cryptographic algorithms, a key or keys used with a specific cryptographic algorithm, and so on. Cryptographic criteria refers to the information, such as encryption/decryption key(s) and/or algorithm, that is applied to un-encrypted ("clear") data to produce encrypted data, and conversely to decrypt encrypted data to produce clear data” [0018]; [0037]; “when the technology has advanced to a point where the first encryption criteria is no longer deemed to provide adequate security against unauthorized access” [0038]);
identifying, in response to determining that the encryption algorithm is at-risk, data protected by the encryption algorithm (e.g. OSAKI “the block location on the physical storage device 104 for the block of data that is identified by the "processed position" datum 108 is accessed. The data block is read from the physical storage device 104 at that block location. As discussed above, the data is initially encrypted according to the first criteria 106” [0034]); and
executing a security action on the data protected by the encryption algorithm (e.g. OSAKI “Therefore, the data block is decrypted using the first criteria 106 to produce an un-encrypted data block, in a step 203.  The second cryptographic criteria 107 are then applied, in a step 204, to the un-encrypted data block to produce a converted data block, which is now encrypted according to the second cryptographic criteria 107. The converted data block is then written back (step 205) to the block location on the physical storage device 104 from which it was initially read in step 202” [0034]; [0037]).
As to Claim 17:
OSAKI discloses the computer program product of claim 15, wherein the data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps time periods to encryption algorithms (e.g. OSAKI data address table includes mapping of encryption criteria/algorithm with specific set of data blocks by particular modification date [0056]), wherein all data associated with a first time-frame mapped to the encryption algorithm is identified (e.g. OSAKI “However, it may be desirable to convert the data blocks that belong to a specific file or set of files. In general, it may be desirable to convert a specific set of data blocks as determined by some criterion or criteria; such as for example, files of a specific type, or having a particular modification date, and so on. One of ordinary skill will realize that the selection of specific blocks of data can be identified. For example, if it is desired to convert the data blocks for a specific set of files, the blocks might be identified using a data address table which shows addresses of the data blocks of the selected files. Such a data address table is typically maintained by file system 613” [0056]).
As to Claim 18:
OSAKI discloses the computer program product of claim 15, wherein the data protected by the encryption algorithm is identified using a look-up table, wherein the look-up table maps encryption algorithms to data locations, wherein data locations mapped to the encryption algorithm are identified (e.g. OSAKI “The file system therefore provides a mapping between a file (e.g., File-A) and the data blocks which comprise File-A, and maintains the block location information for the blocks which comprise its constituent files. Thus, in step 202, when the converted data block is written to the same location on the physical storage device 104 as its corresponding unconverted data block. This preserves the locations of the data on the physical storage device from the point of view of the file system in the host device 101” [0035]; “For example, if it is desired to convert the data blocks for a specific set of files, the blocks might be identified using a data address table which shows addresses of the data blocks of the selected files. Such a data address table is typically maintained by file system 613. The processed position datum 108 can be implemented according to the file system implementation; for example it can be a list of addresses of data blocks which have already been converted by the second cryptographic criteria. This list can then be searched in steps 303 and 402 (FIGS. 3 and 4) to determine if the block has already been converted or not in order to service and I/O request” [0056]).
As to Claim 19:
OSAKI discloses the computer program product of claim 15, wherein the security action includes decrypting the data protected by the encryption algorithm and encrypting the data with a second encryption algorithm (e.g. OSAKI “Therefore, the data block is decrypted using the first criteria 106 to produce an un-encrypted data block, in a step 203.  The second cryptographic criteria 107 are then applied, in a step 204, to the un-encrypted data block to produce a converted data block, which is now encrypted according to the second cryptographic criteria 107. The converted data block is then written back (step 205) to the block location on the physical storage device 104 from which it was initially read in step 202” [0034]; [0037]; “the term "criteria" used in the context of a discussion with cryptographic processes such as encryption and decryption will be understood to refer to families of cryptographic algorithms, specific cryptographic algorithms, a key or keys used with a specific cryptographic algorithm, and so on. Cryptographic criteria refers to the information, such as encryption/decryption key(s) and/or algorithm, that is applied to un-encrypted ("clear") data to produce encrypted data, and conversely to decrypt encrypted data to produce clear data” [0018]).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 2, 9, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over OSAKI in view of Ene-Pietrosanu et al. (US 20050235342 A1, IDS submitted 03/07/2022, hereinafter Ene-Pietrosanu).
As to Claim 2:
OSAKI discloses the method of claim 1, but does not specifically disclose:
determining a risk value for the encryption algorithm and comparing the risk value to a risk threshold.
However, the analogous art Ene-Pietrosanu does disclose determining a risk value for the encryption algorithm (e.g. Ene-Pietrosanu establishing a current relative strength for each cryptography algorithm [0049]) and comparing the risk value to a risk threshold (e.g. Ene-Pietrosanu comparing to cryptography service parameter thresholds to identify acceptable or unacceptable (too “weak”) cryptography algorithms [0049]; [0054]).  OSAKI and Ene-Pietrosanu are analogous art because they are from the same field of endeavor in security assessment of cryptographic algorithms.
(e.g. see Ene-Pietrosanu, “Algorithms, for example, may be categorized as being certified, old/out-of-date, weak, strong, etc” [0014]; “the current relative "strength" for each available cryptography algorithm logic 206 is established. Here, for example, the cryptography correctness parameter(s) and/or other like information as provided in act 302 may include one or more cryptography service parameter thresholds. Such parameter thresholds can identify acceptable ("strong" enough) and/or unacceptable (too " weak") cryptography algorithms, or acceptable/unacceptable cryptography key size parameters. Cryptography algorithms can be specified using algorithm identifiers” [0049]; “cryptography correctness detection logic 204 determines if the requested cryptography service/algorithm meets the conditions established in acts 302/304 via the cryptography correctness parameters/information. For example, in act 308 it can be determined if the identified cryptography algorithm is considered to be "strong" enough or too "weak" for a given process, time, user, data, etc. This may include, for example, determining a category for the algorithm/key” [0054]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of OSAKI and Ene-Pietrosanu before him or her, to modify the invention of OSAKI with the teachings of Ene-Pietrosanu to include determining a risk value for the encryption algorithm and comparing the risk value to a risk threshold as claimed because OSAKI provides a cryptographic system and method to increase encryption strength of encrypted data stored on a storage system when a first encryption algorithm is no longer deemed to provide adequate security (OSAKI [Abstract]-[0057]) which could be determined by use of cryptography service parameter thresholds (Ene-Pietrosanu [0049]; [0054]).  The suggestion/motivation for doing so would have been to inform certain processes and/or even the user about the relative strength/weakness of cryptography services being used (Ene-Pietrosanu [0011]).  Therefore, it would have been obvious to combine OSAKI and Ene-Pietrosanu to obtain the invention as specified in the instant claim(s).
As to Claim 9:
OSAKI discloses the system of claim 8, but does not specifically disclose:
determining a risk value for the encryption algorithm and comparing the risk value to a risk threshold.
However, the analogous art Ene-Pietrosanu does disclose determining a risk value for the encryption algorithm (e.g. Ene-Pietrosanu establishing a current relative strength for each cryptography algorithm [0049]) and comparing the risk value to a risk threshold (e.g. Ene-Pietrosanu comparing to cryptography service parameter thresholds to identify acceptable or unacceptable (too “weak”) cryptography algorithms [0049]; [0054]).  OSAKI and Ene-Pietrosanu are analogous art because they are from the same field of endeavor in security assessment of cryptographic algorithms.
(e.g. see Ene-Pietrosanu, “Algorithms, for example, may be categorized as being certified, old/out-of-date, weak, strong, etc” [0014]; “the current relative "strength" for each available cryptography algorithm logic 206 is established. Here, for example, the cryptography correctness parameter(s) and/or other like information as provided in act 302 may include one or more cryptography service parameter thresholds. Such parameter thresholds can identify acceptable ("strong" enough) and/or unacceptable (too " weak") cryptography algorithms, or acceptable/unacceptable cryptography key size parameters. Cryptography algorithms can be specified using algorithm identifiers” [0049]; “cryptography correctness detection logic 204 determines if the requested cryptography service/algorithm meets the conditions established in acts 302/304 via the cryptography correctness parameters/information. For example, in act 308 it can be determined if the identified cryptography algorithm is considered to be "strong" enough or too "weak" for a given process, time, user, data, etc. This may include, for example, determining a category for the algorithm/key” [0054]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of OSAKI and Ene-Pietrosanu before him or her, to modify the invention of OSAKI with the teachings of Ene-Pietrosanu to include determining a risk value for the encryption algorithm and comparing the risk value to a risk threshold as claimed because OSAKI provides a cryptographic system and method to increase encryption strength of encrypted data stored on a storage system when a first encryption algorithm is no longer deemed to provide adequate security (OSAKI [Abstract]-[0057]) which could be determined by use of cryptography service parameter thresholds (Ene-Pietrosanu [0049]; [0054]).  The suggestion/motivation for doing so would have been to inform certain processes and/or even the user about the relative strength/weakness of cryptography services being used (Ene-Pietrosanu [0011]).  Therefore, it would have been obvious to combine OSAKI and Ene-Pietrosanu to obtain the invention as specified in the instant claim(s).
As to Claim 16:
OSAKI discloses the computer program product of claim 15, but does not specifically disclose:
determining a risk value for the encryption algorithm and comparing the risk value to a risk threshold.
However, the analogous art Ene-Pietrosanu does disclose determining a risk value for the encryption algorithm (e.g. Ene-Pietrosanu establishing a current relative strength for each cryptography algorithm [0049]) and comparing the risk value to a risk threshold (e.g. Ene-Pietrosanu comparing to cryptography service parameter thresholds to identify acceptable or unacceptable (too “weak”) cryptography algorithms [0049]; [0054]).  OSAKI and Ene-Pietrosanu are analogous art because they are from the same field of endeavor in security assessment of cryptographic algorithms.
(e.g. see Ene-Pietrosanu, “Algorithms, for example, may be categorized as being certified, old/out-of-date, weak, strong, etc” [0014]; “the current relative "strength" for each available cryptography algorithm logic 206 is established. Here, for example, the cryptography correctness parameter(s) and/or other like information as provided in act 302 may include one or more cryptography service parameter thresholds. Such parameter thresholds can identify acceptable ("strong" enough) and/or unacceptable (too " weak") cryptography algorithms, or acceptable/unacceptable cryptography key size parameters. Cryptography algorithms can be specified using algorithm identifiers” [0049]; “cryptography correctness detection logic 204 determines if the requested cryptography service/algorithm meets the conditions established in acts 302/304 via the cryptography correctness parameters/information. For example, in act 308 it can be determined if the identified cryptography algorithm is considered to be "strong" enough or too "weak" for a given process, time, user, data, etc. This may include, for example, determining a category for the algorithm/key” [0054]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of OSAKI and Ene-Pietrosanu before him or her, to modify the invention of OSAKI with the teachings of Ene-Pietrosanu to include determining a risk value for the encryption algorithm and comparing the risk value to a risk threshold as claimed because OSAKI provides a cryptographic system and method to increase encryption strength of encrypted data stored on a storage system when a first encryption algorithm is no longer deemed to provide adequate security (OSAKI [Abstract]-[0057]) which could be determined by use of cryptography service parameter thresholds (Ene-Pietrosanu [0049]; [0054]).  The suggestion/motivation for doing so would have been to inform certain processes and/or even the user about the relative strength/weakness of cryptography services being used (Ene-Pietrosanu [0011]).  Therefore, it would have been obvious to combine OSAKI and Ene-Pietrosanu to obtain the invention as specified in the instant claim(s).
Claims 6 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over OSAKI in view of Heeter (US 20190258814 A1, IDS submitted 03/07/2022).
As to Claim 6:
OSAKI discloses the method of claim 1, but does not specifically disclose:
wherein the security action includes disconnecting the data from at least one network.
However, the analogous art Heeter does disclose wherein the security action includes disconnecting the data from at least one network (e.g. Heeter encrypted data on storage device is disconnected from the internet or similar network [0163]).  OSAKI and Heeter are analogous art because they are from the same field of endeavor in management of encrypted data.
(e.g. see Heeter, “The data would preferably be encrypted, but the local software program used to read the data storage device or stream pathway would preferably disconnect from the internet just prior to decrypting the data so that at no time was the decrypted data accessible to the internet or similar networks” [0163]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of OSAKI and Heeter before him or her, to modify the invention of OSAKI with the teachings of Heeter to include wherein the security action includes disconnecting the data from at least one network as claimed because OSAKI provides a cryptographic system and method to increase encryption strength of encrypted data stored on a storage system by converting the encryption algorithm of the encrypted data (OSAKI [Abstract]-[0057]) which could be disconnected from the internet prior to decrypting (Heeter [0163]).  The suggestion/motivation for doing so would have been so that at no time was the decrypted data accessible to the internet or similar networks (Heeter [0163]).  Therefore, it would have been obvious to combine OSAKI and Heeter to obtain the invention as specified in the instant claim(s).
As to Claim 13:
OSAKI discloses the system of claim 8, but does not specifically disclose:
wherein the security action includes disconnecting the data from at least one network.
However, the analogous art Heeter does disclose wherein the security action includes disconnecting the data from at least one network (e.g. Heeter encrypted data on storage device is disconnected from the internet or similar network [0163]).  OSAKI and Heeter are analogous art because they are from the same field of endeavor in management of encrypted data.
(e.g. see Heeter, “The data would preferably be encrypted, but the local software program used to read the data storage device or stream pathway would preferably disconnect from the internet just prior to decrypting the data so that at no time was the decrypted data accessible to the internet or similar networks” [0163]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of OSAKI and Heeter before him or her, to modify the invention of OSAKI with the teachings of Heeter to include wherein the security action includes disconnecting the data from at least one network as claimed because OSAKI provides a cryptographic system and method to increase encryption strength of encrypted data stored on a storage system by converting the encryption algorithm of the encrypted data (OSAKI [Abstract]-[0057]) which could be disconnected from the internet prior to decrypting (Heeter [0163]).  The suggestion/motivation for doing so would have been so that at no time was the decrypted data accessible to the internet or similar networks (Heeter [0163]).  Therefore, it would have been obvious to combine OSAKI and Heeter to obtain the invention as specified in the instant claim(s).
Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over OSAKI in view of Lowenstein et al. (US 20120079281 A1, hereinafter Lowenstein).
As to Claim 7:
OSAKI discloses the method of claim 1, wherein the security action includes further encrypting the data protected by the encryption algorithm with a second encryption algorithm (e.g. OSAKI The second cryptographic criteria 107 are then applied, in a step 204, to the un-encrypted data block to produce a converted data block, which is now encrypted according to the second cryptographic criteria 107. The converted data block is then written back (step 205) to the block location on the physical storage device 104 from which it was initially read in step 202” [0034]; [0037]), but does not specifically disclose:
without decrypting the data.
However, the analogous art Lowenstein does disclose without decrypting the data (e.g. encrypt data sets that have been previously been encrypted using other encryption algorithms, “A result of encrypting such encrypted data sets using diversified encryption algorithms is that the resulting cipher text (or encrypted data set) is less susceptible to flaw or weaknesses discovered in other computing systems because the diversified encryption algorithm is unique to the computing system implementing the diversified encryption algorithm [0071]”).  OSAKI and Lowenstein are analogous art because they are from the same field of endeavor in use of multiple cryptographic algorithms.
(e.g. see Lowenstein, “Diversified encryption algorithms and diversified obfuscation modules can be used in various combinations with one another and with other encryption algorithms to enhance data security and/or to improve resistance to reverse engineering. For example, a diversified encryption algorithm can be used to encrypt data sets that have previously been encrypted using other encryption algorithms. For example, a data set encrypted using one or more of the following algorithms can be encrypted using a diversified encryption algorithm: AES, DES, Blowfish, RSA, RC4, RSA, or ElGamal. A result of encrypting such encrypted data sets using diversified encryption algorithms is that the resulting cipher text (or encrypted data set) is less susceptible to flaw or weaknesses discovered in other computing systems because the diversified encryption algorithm is unique to the computing system implementing the diversified encryption algorithm (and any complimentary computing systems). Additionally, such encryption takes advantage of the robustness, research and security of publicly-available and proven encryption algorithms without being subject to a weakness found in any one of such algorithms” [0071]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of OSAKI and Lowenstein before him or her, to modify the invention of OSAKI with the teachings of Lowenstein to include without decrypting the data as claimed because OSAKI provides a cryptographic system and method to increase encryption strength of encrypted data stored on a storage system by encrypting with a second cryptographic algorithm (OSAKI [Abstract]-[0057]) which could be done redundantly on encrypted data (Lowenstein [0071]).  The suggestion/motivation for doing so would have been so that the resulting cipher text (or encrypted data set) is less susceptible to flaw or weaknesses discovered in other computing systems because the diversified encryption algorithm is unique to the computing system implementing the diversified encryption algorithm and to take advantage of the robustness, research and security of publicly-available and proven encryption algorithms without being subject to a weakness found in any one of such algorithms (Lowenstein [0071]).  Therefore, it would have been obvious to combine OSAKI and Lowenstein to obtain the invention as specified in the instant claim(s).
As to Claim 14:
OSAKI discloses the system of claim 8, wherein the security action includes further encrypting the data protected by the encryption algorithm with a second encryption algorithm (e.g. OSAKI The second cryptographic criteria 107 are then applied, in a step 204, to the un-encrypted data block to produce a converted data block, which is now encrypted according to the second cryptographic criteria 107. The converted data block is then written back (step 205) to the block location on the physical storage device 104 from which it was initially read in step 202” [0034]; [0037]), but does not specifically disclose:
without decrypting the data.
However, the analogous art Lowenstein does disclose without decrypting the data (e.g. encrypt data sets that have been previously been encrypted using other encryption algorithms, “A result of encrypting such encrypted data sets using diversified encryption algorithms is that the resulting cipher text (or encrypted data set) is less susceptible to flaw or weaknesses discovered in other computing systems because the diversified encryption algorithm is unique to the computing system implementing the diversified encryption algorithm [0071]”).  OSAKI and Lowenstein are analogous art because they are from the same field of endeavor in use of multiple cryptographic algorithms.
(e.g. see Lowenstein, “Diversified encryption algorithms and diversified obfuscation modules can be used in various combinations with one another and with other encryption algorithms to enhance data security and/or to improve resistance to reverse engineering. For example, a diversified encryption algorithm can be used to encrypt data sets that have previously been encrypted using other encryption algorithms. For example, a data set encrypted using one or more of the following algorithms can be encrypted using a diversified encryption algorithm: AES, DES, Blowfish, RSA, RC4, RSA, or ElGamal. A result of encrypting such encrypted data sets using diversified encryption algorithms is that the resulting cipher text (or encrypted data set) is less susceptible to flaw or weaknesses discovered in other computing systems because the diversified encryption algorithm is unique to the computing system implementing the diversified encryption algorithm (and any complimentary computing systems). Additionally, such encryption takes advantage of the robustness, research and security of publicly-available and proven encryption algorithms without being subject to a weakness found in any one of such algorithms” [0071]).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of OSAKI and Lowenstein before him or her, to modify the invention of OSAKI with the teachings of Lowenstein to include without decrypting the data as claimed because OSAKI provides a cryptographic system and method to increase encryption strength of encrypted data stored on a storage system by encrypting with a second cryptographic algorithm (OSAKI [Abstract]-[0057]) which could be done redundantly on encrypted data (Lowenstein [0071]).  The suggestion/motivation for doing so would have been so that the resulting cipher text (or encrypted data set) is less susceptible to flaw or weaknesses discovered in other computing systems because the diversified encryption algorithm is unique to the computing system implementing the diversified encryption algorithm and to take advantage of the robustness, research and security of publicly-available and proven encryption algorithms without being subject to a weakness found in any one of such algorithms (Lowenstein [0071]).  Therefore, it would have been obvious to combine OSAKI and Lowenstein to obtain the invention as specified in the instant claim(s).
Claims 20-25 are rejected under 35 U.S.C. 103 as being unpatentable over OSAKI in view of Sumner et al. (US 20070100913 A1, IDS submitted 03/07/2022, hereinafter Sumner).
As to Claim 20:
OSAKI discloses a method (e.g. OSAKI “The present invention is generally related to storage systems and in particular to a system and method for cryptographic storage technique to provide secure long term retention of data” [0002]; [0007]) comprising:
determining that the encryption algorithm used to encrypt data is at-risk (e.g. OSAKI when determining the first encryption criteria/algorithm is no longer deemed to provide adequate security against unauthorized access… for example when AES encryption can be broken [0038] where “the term "criteria" used in the context of a discussion with cryptographic processes such as encryption and decryption will be understood to refer to families of cryptographic algorithms, specific cryptographic algorithms, a key or keys used with a specific cryptographic algorithm, and so on. Cryptographic criteria refers to the information, such as encryption/decryption key(s) and/or algorithm, that is applied to un-encrypted ("clear") data to produce encrypted data, and conversely to decrypt encrypted data to produce clear data” [0018]; [0037]; “when the technology has advanced to a point where the first encryption criteria is no longer deemed to provide adequate security against unauthorized access” [0038]);
locating the data set using the tag (e.g. OSAKI “the block location on the physical storage device 104 for the block of data that is identified by the "processed position" datum 108 is accessed. The data block is read from the physical storage device 104 at that block location. As discussed above, the data is initially encrypted according to the first criteria 106” [0034]); and
executing a security action on the data set (e.g. OSAKI “Therefore, the data block is decrypted using the first criteria 106 to produce an un-encrypted data block, in a step 203.  The second cryptographic criteria 107 are then applied, in a step 204, to the un-encrypted data block to produce a converted data block, which is now encrypted according to the second cryptographic criteria 107. The converted data block is then written back (step 205) to the block location on the physical storage device 104 from which it was initially read in step 202” [0034]; [0037]);
But OSAKI does not specifically disclose:
storing an encryption tag with a data set, the encryption tag including an encryption algorithm indicator specifying an encryption algorithm used to encrypt the data set.
However, the analogous art Sumner does disclose storing an encryption tag with a data set (e.g. Sumner encryption algorithm ID is combined with the data in a fixed-length block and processed to produce a block hash [0068]), the encryption tag including an encryption algorithm indicator specifying an encryption algorithm used to encrypt the data set (e.g. Sumner encryption algorithm identifier is for blocks encrypted by that encryption algorithm [0068]).  OSAKI and Sumner are analogous art because they are from the same field of endeavor in use of multiple cryptographic algorithms.
(e.g. see Sumner, “the client-device file encryption key 1420, a compression-algorithm identifier 1422, and an encryption algorithm identifier 1424 are combined with the data within an approximately fixed-length block 1426 and processed by a cryptographic hash function, such as the MD5 hash function 1428, to produce a block hash 1430. Inclusion of the file encryption key, compression algorithm ID, and encryption algorithm ID ensures that, should the file encryption key, compression algorithm, or encryption algorithm be changed by a client, blocks encrypted and compressed by new encryption keys and/or compression algorithms can be easily distinguished from blocks encrypted and/or compressed by previously used encryption keys, encryption algorithms, and/or compression algorithms… the block hash is, to an extremely high probability, guaranteed to be a unique identifier of the approximately fixed-length block” [0068]; [0069]; FIG. 14B).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of OSAKI and Sumner before him or her, to modify the invention of OSAKI with the teachings of Sumner to include storing an encryption tag with a data set, the encryption tag including an encryption algorithm indicator specifying an encryption algorithm used to encrypt the data set as claimed because OSAKI provides a cryptographic system and method to increase encryption strength of stored data that is encrypted by a first encryption algorithm (OSAKI [Abstract]-[0057]) which could be stored with an encryption algorithm identifier (Sumner [0068]).  The suggestion/motivation for doing so would have been to ensure that, should the file encryption key, compression algorithm, or encryption algorithm be changed by a client, blocks encrypted and compressed by new encryption keys and/or algorithms can be easily distinguished from blocks encrypted and/or compressed by previously used encryption keys, encryption algorithms, and/or compression algorithms (Sumner [0068]).  Therefore, it would have been obvious to combine OSAKI and Sumner to obtain the invention as specified in the instant claim(s).
As to Claim 21:
OSAKI in view of Sumner discloses the method of claim 20, wherein executing the security action includes decrypting the data set and encrypting the data set with a second encryption algorithm (e.g. OSAKI “Therefore, the data block is decrypted using the first criteria 106 to produce an un-encrypted data block, in a step 203.  The second cryptographic criteria 107 are then applied, in a step 204, to the un-encrypted data block to produce a converted data block, which is now encrypted according to the second cryptographic criteria 107. The converted data block is then written back (step 205) to the block location on the physical storage device 104 from which it was initially read in step 202” [0034]; [0037]; “the term "criteria" used in the context of a discussion with cryptographic processes such as encryption and decryption will be understood to refer to families of cryptographic algorithms, specific cryptographic algorithms, a key or keys used with a specific cryptographic algorithm, and so on. Cryptographic criteria refers to the information, such as encryption/decryption key(s) and/or algorithm, that is applied to un-encrypted ("clear") data to produce encrypted data, and conversely to decrypt encrypted data to produce clear data” [0018]).
As to Claim 22:
OSAKI in view of Sumner discloses the method of claim 21, wherein the encryption tag is updated such that the encryption algorithm indicator specifies that the data set is now protected by the second encryption algorithm (e.g. see Sumner, “the client-device file encryption key 1420, a compression-algorithm identifier 1422, and an encryption algorithm identifier 1424 are combined with the data within an approximately fixed-length block 1426 and processed by a cryptographic hash function, such as the MD5 hash function 1428, to produce a block hash 1430. Inclusion of the file encryption key, compression algorithm ID, and encryption algorithm ID ensures that, should the file encryption key, compression algorithm, or encryption algorithm be changed by a client, blocks encrypted and compressed by new encryption keys and/or compression algorithms can be easily distinguished from blocks encrypted and/or compressed by previously used encryption keys, encryption algorithms, and/or compression algorithms… the block hash is, to an extremely high probability, guaranteed to be a unique identifier of the approximately fixed-length block” [0068]; [0069]; FIG. 14B).  The Examiner supplies the same rationale for the combination of references OSAKI and Sumner as in Claim 20 above.
As to Claim 23:
OSAKI discloses a system (e.g. OSAKI “The present invention is generally related to storage systems and in particular to a system and method for cryptographic storage technique to provide secure long term retention of data” [0002]; [0007]) comprising:
one or more processors (e.g. OSAKI FIG. 1A CPU 110; processing unit [0021]; cryptographic component [0027]); and
one or more computer-readable storage media (e.g. OSAKI memory component contains program code [0024]; [0025]) collectively storing program instructions which, when executed by the one or more processors, are configured to cause the one or more processor to perform a method comprising:
determining that the encryption algorithm used to encrypt data is at-risk (e.g. OSAKI when determining the first encryption criteria/algorithm is no longer deemed to provide adequate security against unauthorized access… for example when AES encryption can be broken [0038] where “the term "criteria" used in the context of a discussion with cryptographic processes such as encryption and decryption will be understood to refer to families of cryptographic algorithms, specific cryptographic algorithms, a key or keys used with a specific cryptographic algorithm, and so on. Cryptographic criteria refers to the information, such as encryption/decryption key(s) and/or algorithm, that is applied to un-encrypted ("clear") data to produce encrypted data, and conversely to decrypt encrypted data to produce clear data” [0018]; [0037]; “when the technology has advanced to a point where the first encryption criteria is no longer deemed to provide adequate security against unauthorized access” [0038]);
locating the data set using the tag (e.g. OSAKI “the block location on the physical storage device 104 for the block of data that is identified by the "processed position" datum 108 is accessed. The data block is read from the physical storage device 104 at that block location. As discussed above, the data is initially encrypted according to the first criteria 106” [0034]); and
executing a security action on the data set (e.g. OSAKI “Therefore, the data block is decrypted using the first criteria 106 to produce an un-encrypted data block, in a step 203.  The second cryptographic criteria 107 are then applied, in a step 204, to the un-encrypted data block to produce a converted data block, which is now encrypted according to the second cryptographic criteria 107. The converted data block is then written back (step 205) to the block location on the physical storage device 104 from which it was initially read in step 202” [0034]; [0037]);
But OSAKI does not specifically disclose:
storing an encryption tag with a data set, the encryption tag including an encryption algorithm indicator specifying an encryption algorithm used to encrypt the data set.
However, the analogous art Sumner does disclose storing an encryption tag with a data set (e.g. Sumner encryption algorithm ID is combined with the data in a fixed-length block and processed to produce a block hash [0068]), the encryption tag including an encryption algorithm indicator specifying an encryption algorithm used to encrypt the data set (e.g. Sumner encryption algorithm identifier is for blocks encrypted by that encryption algorithm [0068]).  OSAKI and Sumner are analogous art because they are from the same field of endeavor in use of multiple cryptographic algorithms.
(e.g. see Sumner, “the client-device file encryption key 1420, a compression-algorithm identifier 1422, and an encryption algorithm identifier 1424 are combined with the data within an approximately fixed-length block 1426 and processed by a cryptographic hash function, such as the MD5 hash function 1428, to produce a block hash 1430. Inclusion of the file encryption key, compression algorithm ID, and encryption algorithm ID ensures that, should the file encryption key, compression algorithm, or encryption algorithm be changed by a client, blocks encrypted and compressed by new encryption keys and/or compression algorithms can be easily distinguished from blocks encrypted and/or compressed by previously used encryption keys, encryption algorithms, and/or compression algorithms… the block hash is, to an extremely high probability, guaranteed to be a unique identifier of the approximately fixed-length block” [0068]; [0069]; FIG. 14B).
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of OSAKI and Sumner before him or her, to modify the invention of OSAKI with the teachings of Sumner to include storing an encryption tag with a data set, the encryption tag including an encryption algorithm indicator specifying an encryption algorithm used to encrypt the data set as claimed because OSAKI provides a cryptographic system and method to increase encryption strength of stored data that is encrypted by a first encryption algorithm (OSAKI [Abstract]-[0057]) which could be stored with an encryption algorithm identifier (Sumner [0068]).  The suggestion/motivation for doing so would have been to ensure that, should the file encryption key, compression algorithm, or encryption algorithm be changed by a client, blocks encrypted and compressed by new encryption keys and/or algorithms can be easily distinguished from blocks encrypted and/or compressed by previously used encryption keys, encryption algorithms, and/or compression algorithms (Sumner [0068]).  Therefore, it would have been obvious to combine OSAKI and Sumner to obtain the invention as specified in the instant claim(s).
As to Claim 24:
OSAKI in view of Sumner discloses the system of claim 23, wherein executing the security action includes decrypting the data set and encrypting the data set with a second encryption algorithm (e.g. OSAKI “Therefore, the data block is decrypted using the first criteria 106 to produce an un-encrypted data block, in a step 203.  The second cryptographic criteria 107 are then applied, in a step 204, to the un-encrypted data block to produce a converted data block, which is now encrypted according to the second cryptographic criteria 107. The converted data block is then written back (step 205) to the block location on the physical storage device 104 from which it was initially read in step 202” [0034]; [0037]; “the term "criteria" used in the context of a discussion with cryptographic processes such as encryption and decryption will be understood to refer to families of cryptographic algorithms, specific cryptographic algorithms, a key or keys used with a specific cryptographic algorithm, and so on. Cryptographic criteria refers to the information, such as encryption/decryption key(s) and/or algorithm, that is applied to un-encrypted ("clear") data to produce encrypted data, and conversely to decrypt encrypted data to produce clear data” [0018]).
As to Claim 25:
OSAKI in view of Sumner discloses the system of claim 24, wherein the encryption tag is updated such that the encryption algorithm indicator specifies that the data set is now protected by the second encryption algorithm (e.g. see Sumner, “the client-device file encryption key 1420, a compression-algorithm identifier 1422, and an encryption algorithm identifier 1424 are combined with the data within an approximately fixed-length block 1426 and processed by a cryptographic hash function, such as the MD5 hash function 1428, to produce a block hash 1430. Inclusion of the file encryption key, compression algorithm ID, and encryption algorithm ID ensures that, should the file encryption key, compression algorithm, or encryption algorithm be changed by a client, blocks encrypted and compressed by new encryption keys and/or compression algorithms can be easily distinguished from blocks encrypted and/or compressed by previously used encryption keys, encryption algorithms, and/or compression algorithms… the block hash is, to an extremely high probability, guaranteed to be a unique identifier of the approximately fixed-length block” [0068]; [0069]; FIG. 14B).  The Examiner supplies the same rationale for the combination of references OSAKI and Sumner as in Claim 23 above.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicants’ disclosure.
Guo et al. (US 20150222421 A1) is cited for techniques for preventing side-channel attacks on cryptographic algorithms.
Wray et al. (US 20130343539 A1) is cited for a method to prevent information leakage in a cryptographic protocol due to exploits.
Gula et al. (US 9043920 B2) is cited for vulnerability discovery on networks using exploit algorithms. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kenneth W Chang whose telephone number is (571)270-7530. The examiner can normally be reached Monday - Friday 9-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 571-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KENNETH W CHANG/Primary Examiner, Art Unit 2438                                                                                                                                                                                                        
    PNG
    media_image1.png
    35
    280
    media_image1.png
    Greyscale

09.06.2022