Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
The following claims are objected to for minor informalities: 
24. A non-transitory computer readable storage medium tangibly embodying a computer readable program code having computer readable instructions that, when executed, causes a computing device to: extract data from a first storage; containerize the extracted data to form a container of data, the container being self- contained and configured to be moved and stored as a unit; and store the container image in a second storage different than the first storage.  

25. The non-transitory computer readable storage medium of claim 24, wherein the computer readable instructions that, when executed, causes a computing device to: containerize the extracted data by Dockerizing the extracted data.
  
26. The non-transitory computer readable storage medium of claim 25, wherein the extracted data includes deduplicated data.  

27. A method of storing data, comprising: receiving, by a storage system, a container image, the container image being self- contained and including metadata and a data file containing data, the container image being configured to be moved and stored as a unit, die container image being received from a second system separate from the storage system, via a network; and storing, by storage system, the container image.  

28. The method of claim 27, wherein the container image includes an executable routine, the method further comprising: loading, by the storage system, the container image to an executable space; generating, in the executable space, a container from the loaded container image; and 526124-18 running, in the executable space, the executable routine in the container on the data file and/or on the container as a unit.  
29. The method of claim 28, wherein the executable routine is a checksum routine and/or a self-destruct routine.  

30. The method of claim 27, wherein the storage system is a cloud storage system.

	The claims quoted above were numbered incorrectly by Applicant. Appropriate correction is required. 
For the purposes of this office action, the above claims will be assigned the following numbers: 
[26].  A non-transitory computer readable storage medium tangibly embodying a computer readable program code having computer readable instructions that, when executed, causes a computing device to: extract data from a first storage; containerize the extracted data to form a container of data, the container being self- contained and configured to be moved and stored as a unit; and store the container image in a second storage different than the first storage.  

[27]. The non-transitory computer readable storage medium of claim [26], wherein the computer readable instructions that, when executed, causes a computing device to: containerize the extracted data by Dockerizing the extracted data.
  
[28]. The non-transitory computer readable storage medium of claim [27] wherein the extracted data includes deduplicated data.  

[29]. A method of storing data, comprising: receiving, by a storage system, a container image, the container image being self- contained and including metadata and a data file containing data, the container image being configured to be moved and stored as a unit, die container image being received from a second system separate from the storage system, via a network; and storing, by storage system, the container image.  

[30]. The method of claim [29], wherein the container image includes an executable routine, the method further comprising: loading, by the storage system, the container image to an executable space; generating, in the executable space, a container from the loaded container image; and 526124-18 running, in the executable space, the executable routine in the container on the data file and/or on the container as a unit.  

[31]. The method of claim [30], wherein the executable routine is a checksum routine and/or a self-destruct routine.  

[32]. The method of claim [29], wherein the storage system is a cloud storage system.
Statement Regarding Statutory Subject Matter Under 35 USC 101 (not a rejection) 
Claim 1 is directed to patent eligible subject matter. The extracting, containerizing, and storing elements in claim 1 (1) cannot be performed in the human mind (i.e. the claim does not recite observation, evaluation, judgement and/or opinion) , (2) are not mathematical concepts (i.e. mathematical relationships, formulas, equations, and/or calculations);  and (3) not do not recite methods of organizing human activity1  As such, it does not recite an abstract idea or any other judicial exception.  See MPEP 2106.04(a). Claim 16 and claim 26 are  subject to the same analysis
Claim 292 is directed to patent eligible subject matter. The receiving and storing elements in claim 29 (1) cannot be performed in the human mind (i.e. the claim does not recite observation, evaluation, judgement and/or opinion), (2) are not mathematical concepts (i.e. mathematical relationships, formulas, equations, and/or calculations);  and (3) not do not recite methods of organizing human activity. As such, it does not recite an abstract idea or any other judicial exception.  See MPEP 2106.04(a). 
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 14 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 14 recites the limitations “. . .the number of containers. . . the source. . . the backup stream. . . the reconstructed data. . . the requesting client machine. . .” There are insufficient antecedent bases for these limitations in the claim. This renders the claim vague and indefinite. 
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 293, 30, and 32 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Estes US 20180324203 A1. 
With respect to claim 29, Estes US 20180324203 A1 teaches “[29]. A method of storing data, comprising: receiving, by a storage system, a container image, 
[0002] Docker container technology is very popular in the cloud computing platform and has become the standard for developers to package their cloud native applications since the docker containers provide agility and portability to application deployment. However, there are many security concerns regarding docker containers. New security features are constantly emerging from cloud service providers.

[0051] The vulnerability advisor 113 analyzes static 114 and runtime 119 images of docker containers as present in the repository 109 to determine a vulnerability assessment of containers 123 present in nodes 126 of the cloud managed platform 118. The vulnerability advisor 113 can also receive input directly from the recording/tracking module 115 regarding the deployed nodes of the cloud managed platform 118. It should be noted that the vulnerability assessment of the nodes can change as docker containers are changed due to container alteration, deletion and addition to nodes. The placement engine 102 can regroup or move the containers between nodes to decrease security risk and group containers with similar vulnerabilities together. In some embodiments, the vulnerability advisor 113 can display the vulnerability assessment to the user via an interface.

(cloud native applications are data; native applications must exist on a storage system; first storage is whatever storage system the container is moved from)” in ¶ 2 
 [0002] Docker container technology is very popular in the cloud computing platform and has become the standard for developers to package their cloud native applications since the docker containers provide agility and portability to application deployment. However, there are many security concerns regarding docker containers. New security features are constantly emerging from cloud service providers.

“the container image being self- contained and including metadata and a data file containing data” in  ¶¶ 1-2
[0001] The present invention relates to resource placement in a cloud computing platform, and more specifically to intelligent container resource placement based on container image vulnerability assessment.

[0002] Docker container technology is very popular in the cloud computing platform and has become the standard for developers to package their cloud native applications since the docker containers provide agility and portability to application deployment. However, there are many security concerns regarding docker containers. New security features are constantly emerging from cloud service providers.
(a container image being “self-contained” is redundant; cloud native applications are data); 
“the container image being configured to be moved and stored as a unit” 
[0002] Docker container technology is very popular in the cloud computing platform and has become the standard for developers to package their cloud native applications since the docker containers provide agility and portability to application deployment. However, there are many security concerns regarding docker containers. New security features are constantly emerging from cloud service providers.
[0051] The vulnerability advisor 113 analyzes static 114 and runtime 119 images of docker containers as present in the repository 109 to determine a vulnerability assessment of containers 123 present in nodes 126 of the cloud managed platform 118. The vulnerability advisor 113 can also receive input directly from the recording/tracking module 115 regarding the deployed nodes of the cloud managed platform 118. It should be noted that the vulnerability assessment of the nodes can change as docker containers are changed due to container alteration, deletion and addition to nodes. The placement engine 102 can regroup or move the containers between nodes to decrease security risk and group containers with similar vulnerabilities together. In some embodiments, the vulnerability advisor 113 can display the vulnerability assessment to the user via an interface.


“the container image being received from a second system separate from the storage system, via a network;” 
[0051] The vulnerability advisor 113 analyzes static 114 and runtime 119 images of docker containers as present in the repository 109 to determine a vulnerability assessment of containers 123 present in nodes 126 of the cloud managed platform 118. The vulnerability advisor 113 can also receive input directly from the recording/tracking module 115 regarding the deployed nodes of the cloud managed platform 118. It should be noted that the vulnerability assessment of the nodes can change as docker containers are changed due to container alteration, deletion and addition to nodes. The placement engine 102 can regroup or move the containers between nodes to decrease security risk and group containers with similar vulnerabilities together. In some embodiments, the vulnerability advisor 113 can display the vulnerability assessment to the user via an interface.

(second storage system is whatever storage system the container is moved to);
“and storing, by storage system, the container image.” 
[0051] The vulnerability advisor 113 analyzes static 114 and runtime 119 images of docker containers as present in the repository 109 to determine a vulnerability assessment of containers 123 present in nodes 126 of the cloud managed platform 118. The vulnerability advisor 113 can also receive input directly from the recording/tracking module 115 regarding the deployed nodes of the cloud managed platform 118. It should be noted that the vulnerability assessment of the nodes can change as docker containers are changed due to container alteration, deletion and addition to nodes. The placement engine 102 can regroup or move the containers between nodes to decrease security risk and group containers with similar vulnerabilities together. In some embodiments, the vulnerability advisor 113 can display the vulnerability assessment to the user via an interface.

With respect to claim 30, Estes teaches “[30]. The method of claim [29], wherein the container image includes an executable routine” in ¶2, ¶ 26, ¶ 27, (the words “docker container technology” inherently include all the elements of claim [30]; in other words, Examiner finds that “docker container technology” inherently teaches “generating, in the executable space, a container from the loaded container image and running, in the executable space, the executable routine in the container on the data file and/or on the container as a unit4”); 
“the method further comprising: loading, by the storage system, the container image to an executable space” in ¶¶ 2, 26-28; 
“generating, in the executable space, a container from the loaded container image” in ¶¶ 2, 26-28; 
“and running, in the executable space, the executable routine in the container on the data file and/or on the container as a unit” in ¶¶ 2, 26-28. 
With respect to claim 32, Estes teaches “30. The method of claim [29], wherein the storage system is a cloud storage system” in ¶ 2. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 16, 17, and  26-27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Estes US 20180324203 A1. 
With respect to claim 1, Estes US 20180324203 A1 teaches “1, A computer implemented method of storing data, comprising:. . . , by a processing device, data from a first storage of a storage system” 
0002] Docker container technology is very popular in the cloud computing platform and has become the standard for developers to package their cloud native applications since the docker containers provide agility and portability to application deployment. However, there are many security concerns regarding docker containers. New security features are constantly emerging from cloud service providers.

[0051] The vulnerability advisor 113 analyzes static 114 and runtime 119 images of docker containers as present in the repository 109 to determine a vulnerability assessment of containers 123 present in nodes 126 of the cloud managed platform 118. The vulnerability advisor 113 can also receive input directly from the recording/tracking module 115 regarding the deployed nodes of the cloud managed platform 118. It should be noted that the vulnerability assessment of the nodes can change as docker containers are changed due to container alteration, deletion and addition to nodes. The placement engine 102 can regroup or move the containers between nodes to decrease security risk and group containers with similar vulnerabilities together. In some embodiments, the vulnerability advisor 113 can display the vulnerability assessment to the user via an interface.

(cloud native applications are data; native applications must exist on a storage system; first storage is whatever storage system the container is moved from); 
“containerizing, by the processing device, the data to form a container image of data” in ¶ 2 
 [0002] Docker container technology is very popular in the cloud computing platform and has become the standard for developers to package their cloud native applications since the docker containers provide agility and portability to application deployment. However, there are many security concerns regarding docker containers. New security features are constantly emerging from cloud service providers.

“the container image being self-contained and configured to be moved and stored as a unit and” in the title, ¶¶ 1-2
[0001] The present invention relates to resource placement in a cloud computing platform, and more specifically to intelligent container resource placement based on container image vulnerability assessment.

[0002] Docker container technology is very popular in the cloud computing platform and has become the standard for developers to package their cloud native applications since the docker containers provide agility and portability to application deployment. However, there are many security concerns regarding docker containers. New security features are constantly emerging from cloud service providers.
(a container image being “self-contained” is redundant; cloud native applications are data); 
“storing, by the processing device, the container image in at least one second storage different from the first storage” 
[0051] The vulnerability advisor 113 analyzes static 114 and runtime 119 images of docker containers as present in the repository 109 to determine a vulnerability assessment of containers 123 present in nodes 126 of the cloud managed platform 118. The vulnerability advisor 113 can also receive input directly from the recording/tracking module 115 regarding the deployed nodes of the cloud managed platform 118. It should be noted that the vulnerability assessment of the nodes can change as docker containers are changed due to container alteration, deletion and addition to nodes. The placement engine 102 can regroup or move the containers between nodes to decrease security risk and group containers with similar vulnerabilities together. In some embodiments, the vulnerability advisor 113 can display the vulnerability assessment to the user via an interface.

(second storage system is whatever storage system the container is moved to);
It appears fails Estes to explicitly teach that the data that is placed into a container is “extracted.”  However, Examiner takes official notice that extracting data from a from storage system was well known in the art before the effective filing date of the invention. 
It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the data in Estes to include extracting the data from a storage device. The motivation would have been to allow a user to easily create a container using a remote or local data source. 
Claim 16 is rejected for the same reason.  Claim 26 is rejected for the same reason.  
With respect to claim 17, Estes teaches”17. The system of claim 16 wherein the at least one processing device is configured to containerize the data by: Dockerizing the data” in ¶¶ 3 and 51.  
With respect to claim 27, Estes teaches “[27]. The non-transitory computer readable storage medium of claim [26], wherein the computer readable instructions that, when executed, causes a computing device to: containerize the extracted data by Dockerizing the extracted data.” in ¶¶ 3 and 51. 
Claim(s) 2-3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Estes US 20180324203 A1 as applied to claim 1 and further in view of  Kane, Docker: Up and Running, Second Edition, 2018. 
With respect to claim 2, Estes teaches the method of claim 1, comprising: containerizing the data into a container image” in at least the title, abstract, and ¶¶ 2-3 (see above). 
It appears Estes fails to explicitly teach “2. The method of claim 1, comprising: containerizing the data into a container image by process meeting an Open Container Initiative ("OCI") specification.”   
However, Kane teaches “containerizing the data into a container image by process meeting an Open Container Initiative ("OCI") specification” on in Chap. 11 p.  44 
When we start a new container, dockerd will handle making sure that the image is present or will pull it from the repository specified in the image name. (In the future this responsibility may shift to containerd, which already supports image pulls.) The Docker daemon also does most of the rest of the setup around the container, like setting up any logging drivers and volumes or volume drivers. It then talks to containerd and asks it to run the container. containerd will take the image and apply the container configuration passed in from dockerd to generate an OCI (Open Container Initiative) bundle that runc can execute.2 It will then execute docker-containerd-shim to start the container. This will in turn execute runc to actually construct and start the container. However, runc will not stay running, and the docker-containerd-shim will be the actual parent process of the new container process.

Kane and Estes are analogous art because they are from the same field of endeavor as the claimed invention. 
It would have been obvious to one skilled in the art before the effective filing date of the invention to modify “containerizing the data into a container image” taught by Estes to include “containerizing the data into a container image by process meeting an Open Container Initiative ("OCI" specification” as taught by Kane. The motivation would have been to “run any of your favorite applications or daemons that are compatible with the container server.” See Kane chapter 5 page 1 last line and page 2 first 3 lines. 
With respect to claim 3, Kane teaches “3, The method of claim 2, wherein the OCI-compliant process is Dockerizing” in Chapter 5 page 4 
The docker create and docker start commands both contain all the options that pertain to how a container is initially set up. In Chapter 4, we demonstrated that with the docker run command you could map network ports in the underlying container to the host using the -p argument, and that -e could be used to pass environment variables into the container.

Claim(s) 4 , 5, 18, and 28 is/are rejected under 35 U.S.C. 103 as being unpatentable over Estes US 20180324203 A1 as applied to claim 1 claim 16 and claim 24 and further in view of  Anand US 20200341638 A. 
	With respect to claim 4, it appears Estes fails to explicitly teach “4. The method of claim 1, wherein the extracted data includes deduplicated data.” 
	However, Anand US 20200341638 A teaches “4. The method of claim 1, wherein the extracted data includes deduplicated data” in at least ¶ 137

[0137] After generating the application data map (608) and the virtual machine backup (610), the production host (600) sends the aforementioned data structures to the backup storage (620). Using the aforementioned data structures, the backup storage (620) generates containerized backups (622.2) by deduplicating and storing the virtual machine backup (610, FIG. 6.2) in the deduplicated repository (622) in a containerized format as illustrated in FIG. 6.3. Additionally, the backup storage (620) generates a global application data map (624) using the application data map (608, FIG. 2). In the state illustrated in FIG. 6.3, the system is able to perform application level backups using both the containerized backups and (622.2) and the global application data map.

Anand and Estes are analogous art because they are from the same field of endeavor as the claimed invention. 
It would have been obvious to one skilled in the art before the effective filing date of the invention to modify “the extracted data” in Estes to include “deduplicated data” as taught by Anand. The motivation would have been  “[t]o maximize the quantity of backup data storable in the backup storages.” Anand ¶ 22. 
Claim 18 is rejected for the same reason. Claim 28 is rejected for the same reason. 
With respect to claim 5, Anand teaches 5, The method of claim 4,. wherein, prior to extracting the data, the method further comprises: receiving a backup data . . . from a source” 
0133] Consider a scenario as illustrated in FIG. 6.1 in which a production host (600) is providing computer implemented services to clients (not shown). To provide the computer incremented services, the production host (600) hosts a virtual machine (602). The virtual machine (602) hosts a database application (602.2) and email application (602.4). Each of these applications store corresponding application data in a first virtual disk (604) and a second virtual disk (606). Specifically, the database application (602.2) stores database application data (604.2) in the first virtual disk (604). Similarly, the email application (602.4) stores email application data (606.2) in the second virtual disk (606).

[0134] To provide data protection services, a backup storage (620) is tasked with storing backups from the production host (600). To do so, the backup storage (620) includes a deduplicated repository (622).
	(source includes production host, for example); 

[0018] Additional embodiments of the invention may provide a method for performing selective restorations of entities using portions of the backup data stored in the small storage footprint format. For example, embodiments of the invention may provide a method for identifying limited portions of the backup data that are associated with an application. The method may further include selectively obtaining only those portions of the backup data, providing high-performance access to the obtained portions of the backup data, and restoring applications to prior states using the portions of the backup data. By only using limited portions of the backup data for restoration purposes, the computational cost for performing restorations may be reduced when compared to methods that utilize larger quantities of the backup data for performing restorations. Thus, embodiments of the invention may improve the computational efficiency for providing data protection services in a distributed system.

“deduplicating the backup data. . . ” 
[0137] After generating the application data map (608) and the virtual machine backup (610), the production host (600) sends the aforementioned data structures to the backup storage (620). Using the aforementioned data structures, the backup storage (620) generates containerized backups (622.2) by deduplicating and storing the virtual machine backup (610, FIG. 6.2) in the deduplicated repository (622) in a containerized format as illustrated in FIG. 6.3. Additionally, the backup storage (620) generates a global application data map (624) using the application data map (608, FIG. 2). In the state illustrated in FIG. 6.3, the system is able to perform application level backups using both the containerized backups and (622.2) and the global application data map.

[0022] To maximize the quantity of backup data storable in the backup storages (120), the backups may be stored in a format that is not indexed and/or the data stored in the backup storages (120) may be deduplicated against other data stored in the backup storages (120). By doing so, the footprint of data stored in the backup storages (120) may be reduced which allows a greater quantity of backup data to be stored using the same quantity of storage resources. However, the data stored in all, or a portion, of the backup storages (120) may not be natively searchable in a computationally efficient manner due to the lack of metadata that would otherwise provide for computationally efficient searching of the data.

“and storing the deduplicated data from the backup data . . . in the first storage  wherein the extracted data includes the deduplicated data” 
[0137] After generating the application data map (608) and the virtual machine backup (610), the production host (600) sends the aforementioned data structures to the backup storage (620). Using the aforementioned data structures, the backup storage (620) generates containerized backups (622.2) by deduplicating and storing the virtual machine backup (610, FIG. 6.2) in the deduplicated repository (622) in a containerized format as illustrated in FIG. 6.3. Additionally, the backup storage (620) generates a global application data map (624) using the application data map (608, FIG. 2). In the state illustrated in FIG. 6.3, the system is able to perform application level backups using both the containerized backups and (622.2) and the global application data map.

Anand and Estes are analogous art because they are from the same field of endeavor as the claimed invention. 
It would have been obvious to one skilled in the art before the effective filing date of the invention to modify “the extracted data” in Estes to include “deduplicated data” as taught by Anand. The motivation would have been  “[t]o maximize the quantity of backup data storable in the backup storages.” Anand ¶ 22. 
It would have been obvious to one skilled in the art before the effective filing date of the invention to modify “the first storage” in Estes to include “deduplicated repository” as taught by Anand. The motivation would have been  “[t]o maximize the quantity of backup data storable in the backup storages.” Anand ¶ 22. 
Examiner takes official notice that  backup data streams were well known in the art before the effective filing date of the invention. 
It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the backup data in Estes et al. to include a stream. The motivation would have been to allow real-time backup of data. 
Claim(s) 7-9 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Estes US 20180324203 A1 as applied to claim 1 and further in view of  Anand US 20200341638 A as applied to claim 4 and further in view of Snider US 20100241619 A1 as applied to claim 7 and further in view of Sun, Tapping the Potential: Secure Chunk-based
Deduplication of Encrypted Data for Cloud Backup, 2018. 
With respect to claim 7, it appears Estes et al. fails to teach, but Snider US 20100241619 A1 teaches “7. The method of claim 4, further comprising: sharding the deduplicated data into a plurality of sharded deduplicated data files” 

[0038] It is particularly pointed out that the use of fingerprint store 220 serves to de-duplicate potential storage of identical shards and even between user1 on a first apparatus 300 and an unaffiliated user2 on a second apparatus 400. It even eliminates the need to encrypt and transmit an eshard and encrypt and transmit a shard key if the shards are identical. Every fingerprint stored in fingerprint store 420 of user2 will be found in fingerprint store 220 of storage apparatus 200 whether it was originally stored by apparatus 300, apparatus 400, or another. The use of shards and fingerprinting each shard allows for significant disk savings even if every single file of each user was slightly different from every single file of every other user. Furthermore, the present invention addresses limitations on the size of files and file transfers and file comparisons which limit conventional backup solution deployment across public networks.

[0039] It is particularly pointed out that the random keys are not stored and are specifically deleted after use. In apparatus 300 a random key is generated to encrypt a shard into an eshard and used in generating a shard key in combination with a public key. It is then deleted. In apparatus 200 a random key for use in decrypting an eshard is recovered by decrypting a shard key by using a private key. After the eshard is decrypted and successfully transmitted to apparatus 400, the random key used in decrypting the eshard is not stored and specifically deleted. The present invention is distinguished from conventional file backup and offsite storage by reduced duplicative data transfer, improved security, and superior granularity. It provides high end data center capacity and security to small and medium sized enterprises with shared usage to lower each customer's cost of operation and management. It is particularly pointed out that the apparatus de-duplicates storage and data transmission by operating on the fingerprints of shards which are distinguished from files. It is particularly pointed out that each eshard is encrypted with a randomly selected random key and that each random key is encrypted with a public/private key encryption algorithm. No user has access to random keys or to the private key necessary to recover a random key. Users without common files benefit from de-duplication of shards and enjoy savings in encryption, data transmission, storage and use of public networks and servers operated by independent providers for unaffiliated customers.

Estes et al. and Snider are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the deduplicated data files in Estes et al to include e sharding the deduplicated data into a plurality of sharded deduplicated data files.” The motivation would have been to save disk space. 
It appears Snider et al. fails to explicitly teach  “and containerizing each of the plurality of sharded, de-duplicated data files to form respective containers images” 
However, Sun teaches 
“and containerizing each of the plurality of sharded, de-duplicated data files to form respective containers images” on p. 2 (emphasis added): 
Similar to data compression that identifies intra-file redundancy, deduplication is used to eliminate both intra and inter file duplicates. . . 1) Chunking Algorithms: . . . A bit more CPU-intensive variable-sized chunking method can be used to address this problem. Briefly, this algorithm adopts a fixed-length sliding window to move onwards the data stream byte by byte. . . 2) Chunk Fragmentation: A succinct chunk ID is computed by applying a hash function, such as SHA11, over this chunk.  We can determine whether the chunk has already been stored by looking up a key-value index table that maintains unique chunk IDs and their corresponding chunk storage locations. To achieve high write performance, each unique chunk is not directly written into the storage; instead, it is stored into a fixed sized container (typically 2MB or 4MB) in the cache and the whole container is flushed to the storage once it is full. .
   
pp. 3-4
There are three entities in our secure client-side cross user deduplication system, key server (KS), clients (C’s) and public cloud storage server (SS) as shown in Fig. 1. We consider a periodical file backup service provided to C’s in an enterprise network. The key server KS is set up in charge of client authentication and chunk encryption key generation. Specifically, a client Cj performs the chunking algorithm on his backup data. KS authenticates Cj upon request and generates the CE key k for each chunk ch of Cj ’s backup data in an oblivious manner. Then Cj encrypts the data chunks with the associated keys and uploads ciphertexts to SS2, such as Microsoft Azure Backup. SS stores the deduplicated incoming data stream in the corresponding containers before writing them into storage. As a result, the entire data protection phase, including key generation and data encryption, is transparent to SS. SS only offers a basic and simple interface to its clients as in the plaintext data backup scenario.
	. . . 
A. Randomized Oblivious Key Generation
Chunk encryption key can be generated by running a secure
(oblivious) two-party computation between Cj and KS, so that
KS learns nothing on the Cj ’s input and algorithm output
while Cj cannot infer KS’s secret. In general, such desired
protocol can be realized by any blind signature scheme. Here
we use the widely-adopted blind RSA signature similar to
prior work [4] and further introduce the randomness into the
oblivious key generation.

and on p. 7 
Specifically, the system maintains a set of dedicated chunk containers cnti,j in the cache for each KS secret di, where 1 ≤ i ≤ n and j indicates a distinct container for the same key3. We achieve high spatial locality by storing cnti,j in separate locations of the disk according to i, such as in different partitions. Therefore, chunks under the same KS secret are stored close to each other. When restoring a client’s data, read access is only restricted to a limited scope of the disk instead of random accessing the whole storage.

(Examiner finds chunks are shards and are encrypted, sharded deduplicated data files that form respective container images). 
Estes et al. and Sun are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the plurality of encrypted, sharded deduplicated data files” in Snider to include “containerizing each of the plurality of sharded, de-duplicated data files to form respective containers images” as taught by Sun. The motivation would have been to protect data from being comprised and minimize deduplication performance. See Sun p. 2 (“Similarly, we attempt to introduce the randomness into the chunk key generation. This gives us the desired asymmetry between security and performance i.e. resilient to multiple compromised clients, compared to existing work, but only with minimal dedupe performance loss.”).
With respect to claim 19, it appears Estes fails to teach, but Snider US 20100241619 A1 teaches “The system of claim 18. wherein the at least one processing device is further configured to: shard the extracted deduplicated data into a plurality of sharded deduplicated data file” 
 [0038] It is particularly pointed out that the use of fingerprint store 220 serves to de-duplicate potential storage of identical shards and even between user1 on a first apparatus 300 and an unaffiliated user2 on a second apparatus 400. It even eliminates the need to encrypt and transmit an eshard and encrypt and transmit a shard key if the shards are identical. Every fingerprint stored in fingerprint store 420 of user2 will be found in fingerprint store 220 of storage apparatus 200 whether it was originally stored by apparatus 300, apparatus 400, or another. The use of shards and fingerprinting each shard allows for significant disk savings even if every single file of each user was slightly different from every single file of every other user. Furthermore, the present invention addresses limitations on the size of files and file transfers and file comparisons which limit conventional backup solution deployment across public networks.

[0039] It is particularly pointed out that the random keys are not stored and are specifically deleted after use. In apparatus 300 a random key is generated to encrypt a shard into an eshard and used in generating a shard key in combination with a public key. It is then deleted. In apparatus 200 a random key for use in decrypting an eshard is recovered by decrypting a shard key by using a private key. After the eshard is decrypted and successfully transmitted to apparatus 400, the random key used in decrypting the eshard is not stored and specifically deleted. The present invention is distinguished from conventional file backup and offsite storage by reduced duplicative data transfer, improved security, and superior granularity. It provides high end data center capacity and security to small and medium sized enterprises with shared usage to lower each customer's cost of operation and management. It is particularly pointed out that the apparatus de-duplicates storage and data transmission by operating on the fingerprints of shards which are distinguished from files. It is particularly pointed out that each eshard is encrypted with a randomly selected random key and that each random key is encrypted with a public/private key encryption algorithm. No user has access to random keys or to the private key necessary to recover a random key. Users without common files benefit from de-duplication of shards and enjoy savings in encryption, data transmission, storage and use of public networks and servers operated by independent providers for unaffiliated customers.

Estes et al. and Snider are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the deduplicated data files in Estes et al to include e sharding the deduplicated data into a plurality of sharded deduplicated data files.” The motivation would have been to save disk space.
It appears Snider et al. fails to explicitly teach  “and containerizing each of the plurality of sharded, de-duplicated data files to form respective containers images” 
However, Sun, Tapping the Potential: Secure Chunk-based
Deduplication of Encrypted Data for Cloud Backup, 2018 teaches 
“and containerizing each of the plurality of sharded, de-duplicated data files to form respective containers images” on p. 2 (emphasis added): 
Similar to data compression that identifies intra-file redundancy, deduplication is used to eliminate both intra and inter file duplicates. . . 1) Chunking Algorithms: . . . A bit more CPU-intensive variable-sized chunking method can be used to address this problem. Briefly, this algorithm adopts a fixed-length sliding window to move onwards the data stream byte by byte. . . 2) Chunk Fragmentation: A succinct chunk ID is computed by applying a hash function, such as SHA11, over this chunk.  We can determine whether the chunk has already been stored by looking up a key-value index table that maintains unique chunk IDs and their corresponding chunk storage locations. To achieve high write performance, each unique chunk is not directly written into the storage; instead, it is stored into a fixed sized container (typically 2MB or 4MB) in the cache and the whole container is flushed to the storage once it is full. .
   
pp. 3-4
There are three entities in our secure client-side cross user deduplication system, key server (KS), clients (C’s) and public cloud storage server (SS) as shown in Fig. 1. We consider a periodical file backup service provided to C’s in an enterprise network. The key server KS is set up in charge of client authentication and chunk encryption key generation. Specifically, a client Cj performs the chunking algorithm on his backup data. KS authenticates Cj upon request and generates the CE key k for each chunk ch of Cj ’s backup data in an oblivious manner. Then Cj encrypts the data chunks with the associated keys and uploads ciphertexts to SS2, such as Microsoft Azure Backup. SS stores the deduplicated incoming data stream in the corresponding containers before writing them into storage. As a result, the entire data protection phase, including key generation and data encryption, is transparent to SS. SS only offers a basic and simple interface to its clients as in the plaintext data backup scenario.
	. . . 
A. Randomized Oblivious Key Generation
Chunk encryption key can be generated by running a secure
(oblivious) two-party computation between Cj and KS, so that
KS learns nothing on the Cj ’s input and algorithm output
while Cj cannot infer KS’s secret. In general, such desired
protocol can be realized by any blind signature scheme. Here
we use the widely-adopted blind RSA signature similar to
prior work [4] and further introduce the randomness into the
oblivious key generation.

and on p. 7 
Specifically, the system maintains a set of dedicated chunk containers cnti,j in the cache for each KS secret di, where 1 ≤ i ≤ n and j indicates a distinct container for the same key3. We achieve high spatial locality by storing cnti,j in separate locations of the disk according to i, such as in different partitions. Therefore, chunks under the same KS secret are stored close to each other. When restoring a client’s data, read access is only restricted to a limited scope of the disk instead of random accessing the whole storage.

(Examiner finds chunks are shards and are encrypted, sharded deduplicated data files that form respective container images). 
Sun and Snider et al. are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the plurality of encrypted, sharded deduplicated data files” in Snider to include “containerizing each of the plurality of sharded, de-duplicated data files to form respective containers images” as taught by Sun. The motivation would have been to protect data from being comprised and minimize deduplication performance. See Sun p. 2 (“Similarly, we attempt to introduce the randomness into the chunk key generation. This gives us the desired asymmetry between security and performance i.e. resilient to multiple compromised clients, compared to existing work, but only with minimal dedupe performance loss.”)
With respect to claim 8, it appears Estes et al. fails to teach, but Snider US 20100241619 A1  teaches “8. The method of claim 4, further comprising: encrypting each of the plurality of sharded deduplicated data files” 
[0038] It is particularly pointed out that the use of fingerprint store 220 serves to de-duplicate potential storage of identical shards and even between user1 on a first apparatus 300 and an unaffiliated user2 on a second apparatus 400. It even eliminates the need to encrypt and transmit an eshard and encrypt and transmit a shard key if the shards are identical. Every fingerprint stored in fingerprint store 420 of user2 will be found in fingerprint store 220 of storage apparatus 200 whether it was originally stored by apparatus 300, apparatus 400, or another. The use of shards and fingerprinting each shard allows for significant disk savings even if every single file of each user was slightly different from every single file of every other user. Furthermore, the present invention addresses limitations on the size of files and file transfers and file comparisons which limit conventional backup solution deployment across public networks.

[0039] It is particularly pointed out that the random keys are not stored and are specifically deleted after use. In apparatus 300 a random key is generated to encrypt a shard into an eshard and used in generating a shard key in combination with a public key. It is then deleted. In apparatus 200 a random key for use in decrypting an eshard is recovered by decrypting a shard key by using a private key. After the eshard is decrypted and successfully transmitted to apparatus 400, the random key used in decrypting the eshard is not stored and specifically deleted. The present invention is distinguished from conventional file backup and offsite storage by reduced duplicative data transfer, improved security, and superior granularity. It provides high end data center capacity and security to small and medium sized enterprises with shared usage to lower each customer's cost of operation and management. It is particularly pointed out that the apparatus de-duplicates storage and data transmission by operating on the fingerprints of shards which are distinguished from files. It is particularly pointed out that each eshard is encrypted with a randomly selected random key and that each random key is encrypted with a public/private key encryption algorithm. No user has access to random keys or to the private key necessary to recover a random key. Users without common files benefit from de-duplication of shards and enjoy savings in encryption, data transmission, storage and use of public networks and servers operated by independent providers for unaffiliated customers.

Estes et al. and Snider are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the sharded deduplicated data files in Estes et al to include encrypting each of the plurality of sharded deduplicated data files. The motivation would have been to protect user data from malicious attacks. 
It appears Snider et al. fails to explicitly teach  “and containerizing each of the plurality of encrypted, sharded deduplicated data files to form the respective container images” 
However, Sun teaches 
“and containerizing each of the plurality of encrypted, sharded deduplicated data files to form the respective container images” on p. 2 (emphasis added): 
Similar to data compression that identifies intra-file redundancy, deduplication is used to eliminate both intra and inter file duplicates. . . 1) Chunking Algorithms: . . . A bit more CPU-intensive variable-sized chunking method can be used to address this problem. Briefly, this algorithm adopts a fixed-length sliding window to move onwards the data stream byte by byte. . . 2) Chunk Fragmentation: A succinct chunk ID is computed by applying a hash function, such as SHA11, over this chunk.  We can determine whether the chunk has already been stored by looking up a key-value index table that maintains unique chunk IDs and their corresponding chunk storage locations. To achieve high write performance, each unique chunk is not directly written into the storage; instead, it is stored into a fixed sized container (typically 2MB or 4MB) in the cache and the whole container is flushed to the storage once it is full. .
   
pp. 3-4
There are three entities in our secure client-side cross user deduplication system, key server (KS), clients (C’s) and public cloud storage server (SS) as shown in Fig. 1. We consider a periodical file backup service provided to C’s in an enterprise network. The key server KS is set up in charge of client authentication and chunk encryption key generation. Specifically, a client Cj performs the chunking algorithm on his backup data. KS authenticates Cj upon request and generates the CE key k for each chunk ch of Cj ’s backup data in an oblivious manner. Then Cj encrypts the data chunks with the associated keys and uploads ciphertexts to SS2, such as Microsoft Azure Backup. SS stores the deduplicated incoming data stream in the corresponding containers before writing them into storage. As a result, the entire data protection phase, including key generation and data encryption, is transparent to SS. SS only offers a basic and simple interface to its clients as in the plaintext data backup scenario.
	. . . 
A. Randomized Oblivious Key Generation
Chunk encryption key can be generated by running a secure
(oblivious) two-party computation between Cj and KS, so that
KS learns nothing on the Cj ’s input and algorithm output
while Cj cannot infer KS’s secret. In general, such desired
protocol can be realized by any blind signature scheme. Here
we use the widely-adopted blind RSA signature similar to
prior work [4] and further introduce the randomness into the
oblivious key generation.

and on p. 7 
Specifically, the system maintains a set of dedicated chunk containers cnti,j in the cache for each KS secret di, where 1 ≤ i ≤ n and j indicates a distinct container for the same key3. We achieve high spatial locality by storing cnti,j in separate locations of the disk according to i, such as in different partitions. Therefore, chunks under the same KS secret are stored close to each other. When restoring a client’s data, read access is only restricted to a limited scope of the disk instead of random accessing the whole storage.

(Examiner finds chunks are shards and are encrypted, sharded deduplicated data files that form respective container images). 
	Sun and Snider et al. are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the plurality of encrypted, sharded deduplicated data files” in Snider to include “containerizing each of the plurality of encrypted, sharded deduplicated data files to form the respective container images” as taught by Sun. The motivation would have been to protect data from being comprised and minimize deduplication performance. See Sun p. 2 (“Similarly, we attempt to introduce the randomness into the chunk key generation. This gives us the desired asymmetry between security and performance i.e. resilient to multiple compromised clients, compared to existing work, but only with minimal dedupe performance loss.”). 
With respect to claim 9, Sun teaches “9. The method of claim 8, further comprising:  creating a respective checksum file for each of the plurality of encrypted, sharded deduplicated data files” on p. 2 
2) Chunk Fragmentation: A succinct chunk ID is computed
by applying a hash function, such as SHA11, over this chunk.
We can determine whether the chunk has already been stored
by looking up a key-value index table that maintains unique
chunk IDs and their corresponding chunk storage locations
(Examiner finds chunk ID is a checksum file because it is computed with the SHA11 hash function); 
“each respective checksum file including a checksum for each of the plurality of encrypted sharded deduplicated data files” on p. 2 
2) Chunk Fragmentation: A succinct chunk ID is computed
by applying a hash function, such as SHA11, over this chunk.
We can determine whether the chunk has already been stored
by looking up a key-value index table that maintains unique
chunk IDs and their corresponding chunk storage locations

(A chunk is a shard); 
“associating the respective checksum file with each encrypted, sharded deduplicated data file” on p. 2 
2) Chunk Fragmentation: A succinct chunk ID is computed
by applying a hash function, such as SHA11, over this chunk.
We can determine whether the chunk has already been stored
by looking up a key-value index table that maintains unique
chunk IDs and their corresponding chunk storage locations

(chunk IDs associated with chunks (encrypted, sharded deduplicated data file)); 
“associated a checksum routine with each encrypted, sharded deduplicated data file” on p. 2 
2) Chunk Fragmentation: A succinct chunk ID is computed
by applying a hash function, such as SHA11, over this chunk.
We can determine whether the chunk has already been stored
by looking up a key-value index table that maintains unique
chunk IDs and their corresponding chunk storage locations

(Determining whether the chunk has already been stored is a routine); 
“and containerizing each encrypted, sharded deduplicated data file, associated respective checksum file, and associated checksum routine to form the respective container images” on pp. 3-4
There are three entities in our secure client-side crossover deduplication system, key server (KS), clients (C’s) and public cloud storage server (SS) as shown in Fig. 1. We consider a periodical file backup service provided to C’s in an enterprise network. The key server KS is set up in charge of client authentication and chunk encryption key generation. Specifically, a client Cj performs the chunking algorithm on his backup data. KS authenticates Cj upon request and generates the CE key k for each chunk ch of Cj ’s backup data in an oblivious manner. Then Cj encrypts the data chunks with the associated keys and uploads ciphertexts to SS2, such as Microsoft Azure Backup. SS stores the deduplicated incoming data stream in the corresponding containers before writing them into storage. As a result, the entire data protection phase, including key generation and data encryption, is transparent to SS. SS only offers a basic and simple interface to its clients as in the plaintext data backup scenario.
	. . . 
A. Randomized Oblivious Key Generation
Chunk encryption key can be generated by running a secure
(oblivious) two-party computation between Cj and KS, so that
KS learns nothing on the Cj ’s input and algorithm output
while Cj cannot infer KS’s secret. In general, such desired
protocol can be realized by any blind signature scheme. Here
we use the widely-adopted blind RSA signature similar to
prior work [4] and further introduce the randomness into the
oblivious key generation.

p. 7 
Specifically, the system maintains a set of dedicated chunk containers cnti,j in the cache for each KS secret di, where 1 ≤ i ≤ n and j indicates a distinct container for the same key3. We achieve high spatial locality by storing cnti,j in separate locations of the disk according to i, such as in different partitions. Therefore, chunks under the same KS secret are stored close to each other. When restoring a client’s data, read access is only restricted to a limited scope of the disk instead of random accessing the whole storage.

Claim(s) 20 is rejected under 35 U.S.C. 103 as being unpatentable over Estes US 20180324203 A1 as applied to claim 16 above and further in view of  Anand US 20200341638 A as applied to claim 18  and further view of Snider and Sun.  
With respect to claim 20, it appears Estes et al. fails to teach, but Snider US 20100241619 A1  teaches “encrypt the de-duplicated data file”  
[0038] It is particularly pointed out that the use of fingerprint store 220 serves to de-duplicate potential storage of identical shards and even between user1 on a first apparatus 300 and an unaffiliated user2 on a second apparatus 400. It even eliminates the need to encrypt and transmit an eshard and encrypt and transmit a shard key if the shards are identical. Every fingerprint stored in fingerprint store 420 of user2 will be found in fingerprint store 220 of storage apparatus 200 whether it was originally stored by apparatus 300, apparatus 400, or another. The use of shards and fingerprinting each shard allows for significant disk savings even if every single file of each user was slightly different from every single file of every other user. Furthermore, the present invention addresses limitations on the size of files and file transfers and file comparisons which limit conventional backup solution deployment across public networks.

[0039] It is particularly pointed out that the random keys are not stored and are specifically deleted after use. In apparatus 300 a random key is generated to encrypt a shard into an eshard and used in generating a shard key in combination with a public key. It is then deleted. In apparatus 200 a random key for use in decrypting an eshard is recovered by decrypting a shard key by using a private key. After the eshard is decrypted and successfully transmitted to apparatus 400, the random key used in decrypting the eshard is not stored and specifically deleted. The present invention is distinguished from conventional file backup and offsite storage by reduced duplicative data transfer, improved security, and superior granularity. It provides high end data center capacity and security to small and medium sized enterprises with shared usage to lower each customer's cost of operation and management. It is particularly pointed out that the apparatus de-duplicates storage and data transmission by operating on the fingerprints of shards which are distinguished from files. It is particularly pointed out that each eshard is encrypted with a randomly selected random key and that each random key is encrypted with a public/private key encryption algorithm. No user has access to random keys or to the private key necessary to recover a random key. Users without common files benefit from de-duplication of shards and enjoy savings in encryption, data transmission, storage and use of public networks and servers operated by independent providers for unaffiliated customers.

Estes et al. and Snider are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the deduplicated data files in Estes et al to include encrypting the deduplicated data files. The motivation would have been to protect user data from malicious attacks.
It appears Snider et al. fails to explicitly teach  “and containerizing each of the deduplicated data files to form the respective container images” 
However, Sun teaches 
“and containerizing each of the deduplicated data files to form the respective container images” on p. 2 (emphasis added): 
Similar to data compression that identifies intra-file redundancy, deduplication is used to eliminate both intra and inter file duplicates. . . 1) Chunking Algorithms: . . . A bit more CPU-intensive variable-sized chunking method can be used to address this problem. Briefly, this algorithm adopts a fixed-length sliding window to move onwards the data stream byte by byte. . . 2) Chunk Fragmentation: A succinct chunk ID is computed by applying a hash function, such as SHA11, over this chunk.  We can determine whether the chunk has already been stored by looking up a key-value index table that maintains unique chunk IDs and their corresponding chunk storage locations. To achieve high write performance, each unique chunk is not directly written into the storage; instead, it is stored into a fixed sized container (typically 2MB or 4MB) in the cache and the whole container is flushed to the storage once it is full. .
   
pp. 3-4
There are three entities in our secure client-side cross user deduplication system, key server (KS), clients (C’s) and public cloud storage server (SS) as shown in Fig. 1. We consider a periodical file backup service provided to C’s in an enterprise network. The key server KS is set up in charge of client authentication and chunk encryption key generation. Specifically, a client Cj performs the chunking algorithm on his backup data. KS authenticates Cj upon request and generates the CE key k for each chunk ch of Cj ’s backup data in an oblivious manner. Then Cj encrypts the data chunks with the associated keys and uploads ciphertexts to SS2, such as Microsoft Azure Backup. SS stores the deduplicated incoming data stream in the corresponding containers before writing them into storage. As a result, the entire data protection phase, including key generation and data encryption, is transparent to SS. SS only offers a basic and simple interface to its clients as in the plaintext data backup scenario.
	. . . 
A. Randomized Oblivious Key Generation
Chunk encryption key can be generated by running a secure
(oblivious) two-party computation between Cj and KS, so that
KS learns nothing on the Cj ’s input and algorithm output
while Cj cannot infer KS’s secret. In general, such desired
protocol can be realized by any blind signature scheme. Here
we use the widely-adopted blind RSA signature similar to
prior work [4] and further introduce the randomness into the
oblivious key generation.

and on p. 7 
Specifically, the system maintains a set of dedicated chunk containers cnti,j in the cache for each KS secret di, where 1 ≤ i ≤ n and j indicates a distinct container for the same key3. We achieve high spatial locality by storing cnti,j in separate locations of the disk according to i, such as in different partitions. Therefore, chunks under the same KS secret are stored close to each other. When restoring a client’s data, read access is only restricted to a limited scope of the disk instead of random accessing the whole storage.

(Examiner finds chunks are shards and are encrypted, sharded deduplicated data files that form respective container images). 
	Sun and Snider et al. are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the data files in Snider to include and containerizing each of the deduplicated data files to form the respective container images” as taught by Sun. The motivation would have been to protect data from being comprised and minimize deduplication performance. See Sun p. 2 (“Similarly, we attempt to introduce the randomness into the chunk key generation. This gives us the desired asymmetry between security and performance i.e. resilient to multiple compromised clients, compared to existing work, but only with minimal dedupe performance loss.”). 
Claim(s) 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Estes US 20180324203 A1 as applied to claim 16 above and further in view of Anand as applied to claim 18 above as applied to claim 1 claim 16 and claim 24 and further in view of Sun. 
With respect to claim 21, it appears Estes et al. fails to teach, but Sun teaches “creating a respective checksum file for each of the deduplicated data files” on p. 2 
2) Chunk Fragmentation: A succinct chunk ID is computed
by applying a hash function, such as SHA11, over this chunk.
We can determine whether the chunk has already been stored
by looking up a key-value index table that maintains unique
chunk IDs and their corresponding chunk storage locations

(Examiner finds chunk ID is a checksum file because it is computed with the SHA11 hash function); 
“the checksum file including a checksum  the de-duplicated data file on p. 2 
2) Chunk Fragmentation: A succinct chunk ID is computed
by applying a hash function, such as SHA11, over this chunk.
We can determine whether the chunk has already been stored
by looking up a key-value index table that maintains unique
chunk IDs and their corresponding chunk storage locations

(A chunk is a shard); 

“associating the respective checksum file with the deduplicated data file” on p. 2 
2) Chunk Fragmentation: A succinct chunk ID is computed
by applying a hash function, such as SHA11, over this chunk.
We can determine whether the chunk has already been stored
by looking up a key-value index table that maintains unique
chunk IDs and their corresponding chunk storage locations

(chunk IDs associated with chunks (encrypted, sharded deduplicated data file)); 

“associated a checksum routine with the deduplicated data file” on p. 2 
2) Chunk Fragmentation: A succinct chunk ID is computed
by applying a hash function, such as SHA11, over this chunk.
We can determine whether the chunk has already been stored
by looking up a key-value index table that maintains unique
chunk IDs and their corresponding chunk storage locations

(Determining whether the chunk has already been stored is a routine); 
“and containerizing the deduplicated data file, associated respective checksum file, and associated checksum routine to form the respective container images” on pp. 3-4
There are three entities in our secure client-side crossover deduplication system, key server (KS), clients (C’s) and public cloud storage server (SS) as shown in Fig. 1. We consider a periodical file backup service provided to C’s in an enterprise network. The key server KS is set up in charge of client authentication and chunk encryption key generation. Specifically, a client Cj performs the chunking algorithm on his backup data. KS authenticates Cj upon request and generates the CE key k for each chunk ch of Cj ’s backup data in an oblivious manner. Then Cj encrypts the data chunks with the associated keys and uploads ciphertexts to SS2, such as Microsoft Azure Backup. SS stores the deduplicated incoming data stream in the corresponding containers before writing them into storage. As a result, the entire data protection phase, including key generation and data encryption, is transparent to SS. SS only offers a basic and simple interface to its clients as in the plaintext data backup scenario.
	. . . 
A. Randomized Oblivious Key Generation
Chunk encryption key can be generated by running a secure
(oblivious) two-party computation between Cj and KS, so that
KS learns nothing on the Cj ’s input and algorithm output
while Cj cannot infer KS’s secret. In general, such desired
protocol can be realized by any blind signature scheme. Here
we use the widely-adopted blind RSA signature similar to
prior work [4] and further introduce the randomness into the
oblivious key generation.

p. 7 
Specifically, the system maintains a set of dedicated chunk containers cnti,j in the cache for each KS secret di, where 1 ≤ i ≤ n and j indicates a distinct container for the same key3. We achieve high spatial locality by storing cnti,j in separate locations of the disk according to i, such as in different partitions. Therefore, chunks under the same KS secret are stored close to each other. When restoring a client’s data, read access is only restricted to a limited scope of the disk instead of random accessing the whole storage.

	Sun and Snider et al. are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify the deduplicated data files in Estes et al.  to include create a respective checksum file for the deduplicated data files, the checksum file including a checksum the deduplicated data file; associate the respective checksum file with the deduplicated data file; associate a checksum routine with the deduplicated data file; and containerize the deduplicated data file, associated checksum file, and associated checksum routine to form a container image” as taught by Sun. The motivation would have been to protect data from being comprised and minimize deduplication performance. See Sun p. 2 (“Similarly, we attempt to introduce the randomness into the chunk key generation. This gives us the desired asymmetry between security and performance i.e. resilient to multiple compromised clients, compared to existing work, but only with minimal dedupe performance loss.”). 
Claim(s)10 are rejected under 35 U.S.C. 103 as being unpatentable over Estes US 20180324203 A1 as applied to claim 1 and further in view of  Anand US 20200341638 A as applied to claim 4 and further in view of Snider US 20100241619 A1 as applied to claim 7 and further in view of Sun, Tapping the Potential: Secure Chunk-based
Deduplication of Encrypted Data for Cloud Backup, 2018 as applied to claim 8 above and further in view of Savitha  An enhancement to SePeCloud with improved security and efficient data management, 2018. 
With respect to claim 10, Estes et al fails to explicitly teach, but Savitha  teaches “10. The method of claim 8, further comprising: associating a respective self-destruct timer with each of the plurality of encrypted, sharded deduplicated data files” on p. S3263 
In the SeDas system, when a data owner uploads a file, the file name, the key and ttl values are passed as arguments to the cloud. The user defined encryption algorithm encrypts the data where the key shares are generated to the data users. Once the file is uploaded in the cloud an Active Storage Object (ASO) is created where the files are stored as objects. Until self-destruct operation is triggered, the cloud user can access the shared keys and are allowed to decrypt the files. Once the operation is activated, the users cannot access the key
	. . . 
In this scheme, independent and parallel data destruction is
built to support multiple applications. An application index is maintained to map different application’s file types to the independent fingerprint (FP) index or sketch index. FP/ sketch indices are mapped to hash-table based index called container that stores the chunk. The chunk of same file types are indexed together and an ID is maintained in the container. The time validation of each file chunk is also maintained in the container so that once the system time is matched with the time-to-live factor of the files, the self destruction operation is triggered. The files stored in the container are then moved to the deleted file list. The application aware SeDas yielded better data reduction and throughput than the basic SeDas.

“associating a self-destruct routine with each encrypted, sharded deduplicated data file” on p. S3263 
In the SeDas system, when a data owner uploads a file, the file name, the key and ttl values are passed as arguments to the cloud. The user defined encryption algorithm encrypts the data where the key shares are generated to the data users. Once the file is uploaded in the cloud an Active Storage Object (ASO) is created where the files are stored as objects. Until self-destruct operation is triggered, the cloud user can access the shared keys and are allowed to decrypt the files. Once the operation is activated, the users cannot access the keys
	. . .
In this scheme, independent and parallel data destruction is
built to support multiple applications. An application index is maintained to map different application’s file types to the independent fingerprint (FP) index or sketch index. FP/ sketch indices are mapped to hash-table based index called container that stores the chunk. The chunk of same file types are indexed together and an ID is maintained in the container. The time validation of each file chunk is also maintained in the container so that once the system time is matched with the time-to-live factor of the files, the self destruction operation is triggered. The files stored in the container are then moved to the deleted file list. The application aware SeDas yielded better data reduction and throughput than the basic SeDas.

(the routine is that the data file can accessed until the self-destruct date); 

“and containerizing each encrypted, sharded deduplicated data file, associated self-destruct timer, and associated self-destruct routine to form the respective container images” on p. S3263 
In this scheme, independent and parallel data destruction is
built to support multiple applications. An application index is maintained to map different application’s file types to the independent fingerprint (FP) index or sketch index. FP/ sketch indices are mapped to hash-table based index called container that stores the chunk. The chunk of same file types are indexed together and an ID is maintained in the container. The time validation of each file chunk is also maintained in the container so that once the system time is matched with the time-to-live factor of the files, the self destruction operation is triggered. The files stored in the container are then moved to the deleted file list. The application aware SeDas yielded better data reduction and throughput than the basic SeDas.

Savitha and are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify each of the plurality of encrypted, sharded deduplicated data files in Estes et al. to include “associating a respective self-destruct timer with each of the plurality of encrypted, sharded deduplicated data files associating a self-destruct routine with each encrypted, sharded deduplicated data file; and containerizing each encrypted, sharded deduplicated data file, associated self-destruct timer, and associated self-destruct routine to form the respective container images” as taught by Savita. The motivation would have been to protect user privacy by appropriately eliminating files containing sensitive information. See Savita abstract and p. S3263
 In SePeCloudv3.1, SeDasis implemented as an extension to
the SePeCloudv2.2 that automatically removes the unused
files and decryption keys at the user-specified time. This
protects the data privacy improving the storage performance of the system. In the SeDas system, when a data owner uploads a file,
the file name, the key and ttl values are passed as arguments to the cloud. The user defined encryption algorithm encrypts the data where the key shares are generated to the data users. Once the file is uploaded in the cloud an Active Storage Object (ASO) is created where the files are stored
as objects. Until self-destruct operation is triggered, the cloud user can access the shared keys and are allowed to decrypt the files. Once the operation is activated, the users cannot access the keys. SeDas performs secured deletion on the user’s specified sensitive files. 

Claim(s) 22 is rejected under 35 U.S.C. 103 as being unpatentable over Estes US 20180324203 A1 as applied to claim 16 above and further in view of  Anand US 20200341638 A as applied to claim 18 above and further in view of  Savitha An Enhancement to SePeCloud with improved security and efficient data management, 2018. 
With respect to claim 22,  it appears Estes et al. fails to explicitly teach “22. The system of claim 18, wherein the processing device is further configured to: associate a self-destruct timer with the deduplicated data file; associate a self-destruct routine with the deduplicated data file; and containerize the deduplicated data file, associated self-destruct timer, and associated self- destruct routine to form the respective container image.”
However, Savitha  An enhancement to SePeCloud with improved security and efficient data management, 2018 teaches “22. The system of claim 18, wherein the processing device is further configured to: associate a self-destruct timer with the deduplicated data file;” on p. S3263 
In the SeDas system, when a data owner uploads a file, the file name, the key and ttl values are passed as arguments to the cloud. The user defined encryption algorithm encrypts the data where the key shares are generated to the data users. Once the file is uploaded in the cloud an Active Storage Object (ASO) is created where the files are stored as objects. Until self-destruct operation is triggered, the cloud user can access the shared keys and are allowed to decrypt the files. Once the operation is activated, the users cannot access the key
	. . . 
In this scheme, independent and parallel data destruction is
built to support multiple applications. An application index is maintained to map different application’s file types to the independent fingerprint (FP) index or sketch index. FP/ sketch indices are mapped to hash-table based index called container that stores the chunk. The chunk of same file types are indexed together and an ID is maintained in the container. The time validation of each file chunk is also maintained in the container so that once the system time is matched with the time-to-live factor of the files, the self destruction operation is triggered. The files stored in the container are then moved to the deleted file list. The application aware SeDas yielded better data reduction and throughput than the basic SeDas.

“associate a self-destruct routine with the deduplicated data file” on p. S3263 
In the SeDas system, when a data owner uploads a file, the file name, the key and ttl values are passed as arguments to the cloud. The user defined encryption algorithm encrypts the data where the key shares are generated to the data users. Once the file is uploaded in the cloud an Active Storage Object (ASO) is created where the files are stored as objects. Until self-destruct operation is triggered, the cloud user can access the shared keys and are allowed to decrypt the files. Once the operation is activated, the users cannot access the keys
	. . .
In this scheme, independent and parallel data destruction is
built to support multiple applications. An application index is maintained to map different application’s file types to the independent fingerprint (FP) index or sketch index. FP/ sketch indices are mapped to hash-table based index called container that stores the chunk. The chunk of same file types are indexed together and an ID is maintained in the container. The time validation of each file chunk is also maintained in the container so that once the system time is matched with the time-to-live factor of the files, the self destruction operation is triggered. The files stored in the container are then moved to the deleted file list. The application aware SeDas yielded better data reduction and throughput than the basic SeDas.

(the routine is that the data file can accessed until the self-destruct date); 
“and containerize the deduplicated data file, associated self-destruct timer, and associated self- destruct routine to form the respective container image” on p. S3263 
In this scheme, independent and parallel data destruction is
built to support multiple applications. An application index is maintained to map different application’s file types to the independent fingerprint (FP) index or sketch index. FP/ sketch indices are mapped to hash-table based index called container that stores the chunk. The chunk of same file types are indexed together and an ID is maintained in the container. The time validation of each file chunk is also maintained in the container so that once the system time is matched with the time-to-live factor of the files, the self destruction operation is triggered. The files stored in the container are then moved to the deleted file list. The application aware SeDas yielded better data reduction and throughput than the basic SeDas.

Savitha and are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify each of the deduplicated data files in Estes et al. to include associate a self-destruct timer with the deduplicated data file; associate a self-destruct routine with the deduplicated data file; and containerize the deduplicated data file, associated self-destruct timer, and associated self- destruct routine to form the respective container image” as taught by Savita. 
The motivation would have been to protect user privacy by appropriately eliminating files containing sensitive information. See Savita abstract and p. S3263
 In SePeCloudv3.1, SeDasis implemented as an extension to
the SePeCloudv2.2 that automatically removes the unused
files and decryption keys at the user-specified time. This
protects the data privacy improving the storage performance of the system. In the SeDas system, when a data owner uploads a file,
the file name, the key and ttl values are passed as arguments to the cloud. The user defined encryption algorithm encrypts the data where the key shares are generated to the data users. Once the file is uploaded in the cloud an Active Storage Object (ASO) is created where the files are stored
as objects. Until self-destruct operation is triggered, the cloud user can access the shared keys and are allowed to decrypt the files. Once the operation is activated, the users cannot access the keys. SeDas performs secured deletion on the user’s specified sensitive files. 

Claim(s) 15 is rejected under 35 U.S.C. 103 as being unpatentable over Estes US 20180324203 A1 as applied to claim 1 and further in view of Tripahty US 20180067658 A1. 
With respect to claim 15, it appears Anand fails to explicitly teach “15. The method of claim 1, wherein the extracted data includes data ejected from a virtual tape library.” 
However, Tripahty US 20180067658 A1 teaches “wherein the extracted data includes data ejected from a virtual tape library” in ¶ 136. Examiner finds an emulated, virtual ejection reads on “ejected.” Tripahty and Anand are analogous because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing of the invention to modify the extracted data to include “data ejected from a virtual tape library” as taught by Tripahty. The motivation would have to allow to quickly archive data. See Tripathy ¶ 2. 
Claim(s) 31 are rejected under 35 U.S.C. 103 as being unpatentable over Estes as applied to claim 30 and claim 29 above and further in view of Savitha. 
With respect to claim 31,  it appears Estes fails to explicitly teach “[31]. The method of claim [30], wherein the executable routine is a checksum routine and/or a self-destruct routine.” 
However, Savitha teaches “wherein the executable routine is a checksum routine and/or a self-destruct routine” at least on page S3263 
In the SeDas system, when a data owner uploads a file, the file name, the key and ttl values are passed as arguments to the cloud. The user defined encryption algorithm encrypts the data where the key shares are generated to the data users. Once the file is uploaded in the cloud an Active Storage Object (ASO) is created where the files are stored as objects. Until self-destruct operation is triggered, the cloud user can access the shared keys and are allowed to decrypt the files. Once the operation is activated, the users cannot access the key
	. . . 
In this scheme, independent and parallel data destruction is
built to support multiple applications. An application index is maintained to map different application’s file types to the independent fingerprint (FP) index or sketch index. FP/ sketch indices are mapped to hash-table based index called container that stores the chunk. The chunk of same file types are indexed together and an ID is maintained in the container. The time validation of each file chunk is also maintained in the container so that once the system time is matched with the time-to-live factor of the files, the self destruction operation is triggered. The files stored in the container are then moved to the deleted file list. The application aware SeDas yielded better data reduction and throughput than the basic SeDas.

Savitha and Estes are analogous art because they are from the same field of endeavor as the claimed invention. It would have been obvious to one skilled in the art before the effective filing date of the invention to modify “the executable routine” in Estes to include “a checksum routine and/or a self-destruct routine.” The motivation would have been to protect user privacy by appropriately eliminating files containing sensitive information. See Savita abstract and p. S3263
 In SePeCloudv3.1, SeDasis implemented as an extension to
the SePeCloudv2.2 that automatically removes the unused
files and decryption keys at the user-specified time. This
protects the data privacy improving the storage performance of the system. In the SeDas system, when a data owner uploads a file,
the file name, the key and ttl values are passed as arguments to the cloud. The user defined encryption algorithm encrypts the data where the key shares are generated to the data users. Once the file is uploaded in the cloud an Active Storage Object (ASO) is created where the files are stored
as objects. Until self-destruct operation is triggered, the cloud user can access the shared keys and are allowed to decrypt the files. Once the operation is activated, the users cannot access the keys. SeDas performs secured deletion on the user’s specified sensitive files. 

Allowable Subject Matter
Claims 6, 11-13, and 23-25 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALBERT M PHILLIPS, III whose telephone number is (571)270-3256. The examiner can normally be reached 10a-6:30pm EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mariela D. Reyes can be reached on (571)270-1006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALBERT M PHILLIPS, III/         Primary Examiner, Art Unit 2159                                                                                                                                                                                               


    
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 See MPEP 2106.04: 
        fundamental economic principles or practices (including hedging, insurance, mitigating risk) commercial or legal interactions (including agreements in the form of contracts, legal obligations, advertising, marketing or sales activities or behaviors, and business relations); and managing personal behavior or relationships or interactions between people, (including social activities, teaching, and following rules or instructions
        
        2 See objections above. 
        3 See objections above. 
        4 See Kasireddy (PTO-893 reference “X”) on at least pp. 9-19 for an enabled disclosure of “docker container technology.”  See MPEP 2131.01 
        . .. rejection over multiple references has been held to be proper when the extra references are cited to:
        (A) Prove the primary reference contains an "enabled disclosure;" 
        (B) Explain the meaning of a term used in the primary reference; or
        (C) Show that a characteristic not disclosed in the reference is inherent.. . 
        	(emphasis added)