DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-18 are pending in this office action, of which claims 1, 7 and 13 are independent claims.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


The following Claims are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
The limitation in claim 1, 7 and 13 “upon the determination that the cumulative skew has reached the first threshold but not the second threshold, triggering the clock-violation alert while continuing to allow deletions of files having retention locks that have expired according to the system clock;” do not claim the subject matter as described in the specification and described in paragraph 0073 as to continuing to allow deletions of file. 



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-18 are rejected under 35 U.S.C. 103 as being unpatentable over Gangadharaiah et al., US 20170060885 A1 (hereinafter “Gangadharaiah”) and in view of McGovern et al., US 20050097260 A1 (hereinafter “McGovern”).


As to claims 1, 7 and 13,
Gangadharaiah teaches a method of ensuring retention lock compliance for files in a filesystem (Gangadharaiah, para 0077, use of a compliance or trusted clock for file retention) comprising: 
initializing a system clock and a secure clock to a same time (Gangadharaiah, para 0055, command is run on the regular file to setting the time); 
setting a first threshold and a second threshold, greater than the first threshold, the first threshold corresponding to a clock-violation alert and the second threshold corresponding to one or more clock-violation actions (Gangadharaiah, para 0059, the event-retain file is still protected from normal modifications, including deletion, but can only be modified by adding a retention date. Likewise, the file's attributes/properties except, for example, the last access time or other field for adding the retention time, are now fixed. In this manner, the future retention date is fixed in the last access time field, and made immutable); 
upon arrival of each time interval, updating the secure clock based on the time interval and calculating a skew between the system clock and the secure clock (Gangadharaiah, para 0077, a recent trusted clock time can be stored in system memory and compared to the time in each file to locate the expired ones. Alternatively, the retention date of each file can be read and then a current clock time can be retrieved and compared); 
maintaining a cumulative skew between the system clock and the secure clock (Gangadharaiah, para 0077, a recent trusted clock time can be stored in system memory and compared to the time in each file to locate the expired ones. Alternatively, the retention date of each file can be read and then a current clock time can be retrieved and compared); 
determining that the cumulative skew has reached the first threshold but not the second threshold (Gangadharaiah, para 0075, If the retention date is not greater than or equal to the clock date (or some minimum future date after the clock date for further skew protection), then the requestor is prevented from taking any action on the file.); 
upon the determination that the cumulative skew has reached the first threshold but not the second threshold, triggering the clock-violation alert while continuing to allow deletions of files having retention locks that have expired according to the system clock (Gangadharaiah, para 0075, If the retention date is not greater than or equal to the clock date (or some minimum future date after the clock date for further skew protection), then the requestor is prevented from taking any action on the file); 
determining that the cumulative skew has reached the second threshold (Gangadharaiah, para 0076, the retention date is less than or equal to the compliance clock date (or clock date plus a “safety” margin), then the user or administrator is permitted to take limited action on the file, or action is automatically taken. In an illustrative embodiment, that action is typically limited only to deletion of the file from the volume, however other file-handling options may be permitted for an enterprise model WORM implementation. In this manner, other actions that may tamper with the integrity of the file while leaving it intact are still prevented); and 
upon the determination that the cumulative skew has reached the second threshold, triggering a first clock-violation action comprising blocking the deletions of files having retention locks that have expired according to the system clock (Gangadharaiah, para 0076, the retention date is less than or equal to the compliance clock date (or clock date plus a “safety” margin), then the user or administrator is permitted to take limited action on the file, or action is automatically taken. In an illustrative embodiment, that action is typically limited only to deletion of the file from the volume, however other file-handling options may be permitted for an enterprise model WORM implementation. In this manner, other actions that may tamper with the integrity of the file while leaving it intact are still prevented.).  

Gangadharaiah teaches the invention as claimed above, Gangadharaiah does not explicitly teach scheduling a time interval at which the secure clock is to be updated.  
However, McGovern teaches scheduling a time interval at which the secure clock is to be updated (McGovern, para 0134, While system downtime and other factors may cause a shift or skew in the compliance clock's reported time versus actual time (e.g. Greenwich Mean Time and Date), this shift/skew can be accounted for by interfacing the compliance clock with another clock, such as the filer's system clock. As shown in FIG. 14, the compliance clock 279 can be provided with an input from the conventional system hardware/software system clock (or another generally trusted clock) 1416 from which it can compare its reported time to the allegedly actual time. This comparison can be both on an absolute basis (e.g. current reported date/time versus system reported date/time) and based upon the relative passage of time (e.g. number of seconds elapsed for the system clock versus the compliance clock)); 

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Gangadharaiah by adding the compliance clock that can be provided with an input from the conventional system hardware/software system clock (or another generally trusted clock) from which it can compare its reported time to the allegedly actual time. This comparison can be both on an absolute basis (e.g. current reported date/time versus system reported date/time) and based upon the relative passage of time (e.g. number of seconds elapsed for the system clock versus the compliance clock) to enhance data integrity as taught by McGovern.

As to claims 2, 8 and 14,
The combination of Gangadharaiah and McGovern teaches the method of claim 1 further comprising: intercepting an operation to delete a file having a retention lock that has expired according to the system clock, the interception being before a next time interval at which the secure clock is scheduled to be updated (Gangadharaiah, para 0075, If the retention date is not greater than or equal to the clock date (or some minimum future date after the clock date for further skew protection), then the requestor is prevented from taking any action on the file. Naturally, where an indefinite retention date is set, it is never less than the clock date and action is never permitted by the utility); 
calculating a latest skew between the system clock and the secure clock; adding the latest skew to the cumulative skew to calculate a new cumulative skew (Gangadharaiah, para 0075, If the retention date is not greater than or equal to the clock date (or some minimum future date after the clock date for further skew protection), then the requestor is prevented from taking any action on the file. Naturally, where an indefinite retention date is set, it is never less than the clock date and action is never permitted by the utility); 
if the new cumulative skew has not reached the second threshold, allowing the operation to delete the file having the retention lock that has expired according to the system clock; and if the new cumulative skew has reached the second threshold, blocking the operation to delete the file having the retention lock that has expired according to the system clock (Note: this is a contingent limitation, if the precedent condition is not met, the limitation is not performed).  
As to claims 3, 9 and 15,
The combination of Gangadharaiah and McGovern teaches the method of claim 1 further comprising: upon the determination that the cumulative skew has reached the second threshold, trigging one or more other clock-violation actions, the one or more other clock-violation actions comprising at least one of disabling the filesystem, making the filesystem read-only, updating effective expiration dates of files in the filesystem by adding the cumulative skew to recorded expiration dates of the files, or disabling deletion operations for all files in the filesystem (Gangadharaiah, para 0075, If the retention date is not greater than or equal to the clock date (or some minimum future date after the clock date for further skew protection), then the requestor is prevented from taking any action on the file. Naturally, where an indefinite retention date is set, it is never less than the clock date and action is never permitted by the utility. Additionally, where a retention date has not been set, as in the case of an event retain WORM file where the date has not been set, the system application will determine that the file has not expired).  
As to claims 4, 10 and 16,
The combination of Gangadharaiah and McGovern teaches the combination of Gangadharaiah and McGovern teaches the method of claim 1 further comprising: storing data of the secure clock in a binary format that is proprietary to the filesystem (Gangadharaiah, para 0005, a common type of file system).
As to claims 5, 11 and 17,
The combination of Gangadharaiah and McGovern teaches the method of claim 1 further comprising: restricting access to data of the secure clock to a cryptographically protected system shell (Gangadharaiah, para 0017, A representation of the digital signature of a record is used as the “key,” or “content address,” with which any future reference to the stored object must be made. This is often described as similar to a “claim check” system whereby the storage system generates a unique key for every object stored).  
As to claims 6, 12 and 18,
The combination of Gangadharaiah and McGovern teaches the method of claim 1 further comprising: during an initial configuration of the filesystem, prompting an administrator user to provide one or more of a plurality of configuration values, the plurality of configuration values comprising: 
the first threshold corresponding to the clock-violation alert, the second threshold corresponding to the one or more clock-violation actions, a selection of the one or more clock-violation actions to be triggered when the second threshold is reached, a maximum amount of time that the system clock can be changed, and a maximum change frequency for the system clock (Gangadharaiah, para 0046, the files either must be manually deleted on the retention date using a privileged delete feature, or the user must develop a customized API to automatically delete the file on the retention date using privileged delete. Accordingly, a process for setting files to event based retention that are WORM files is needed that does not require an API to use the privilege delete features. In some embodiments, this process will work at least with NFS and CIFS clients. See also 55 and 0069).  
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
The reference Wolfson et al. (US 20200134065 A1) discloses data provenance techniques using distributed ledgers. An exemplary method comprises obtaining an indication of a data operation that operates on a data item, wherein the data operation comprises an operation type; creating an operation transaction in a first data ledger for the data operation, wherein the operation transaction comprises an identifier of the operation type, an identifier of an operator entity that performs the data operation; an identifier of the data item, and a timestamp of the data operation; and maintaining a provenance graph comprising a provenance graph transaction for a plurality of data operations in the first data ledger and/or a second data ledger, wherein a given provenance graph transaction comprises an identifier of source data items used to create the data item associated with the given provenance graph transaction and sources of the source data items, wherein the first data ledger and/or the second data ledger are used to determine an origin and/or recipients of one or more data items.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NARGIS SULTANA whose telephone number is (571)272-6350. The examiner can normally be reached Monday, Tuesday, Thursday and Friday 8:30am to 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashish Thomas can be reached on 571 272 0631. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

9/24/2022
/NARGIS SULTANA/Examiner, Art Unit 2164