DETAILED ACTION
Claims 1-3, 5-15, 17-18 and 20-23 are pending in this application.
Claims 6, 11-12, 21 and 23 are objected to.
Claims 1-3, 5, 7-10 and 13-15, 17-18, 20 and 22 are rejected

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 6, 11-12, 21 and 23 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  
Claim 6 recites the limitation “The apparatus of claim 4 wherein the result of the determination is that the particular data was encrypted using the private key of the second host device, and the indication directs the second host device to decrypt the particular data using the public key of the second host device.”
Said limitation is taught by the specification of the instant application as originally filed at least at [Page 19 line 14 – Page 20 line 2].  Said limitations, in combination with the other recited limitations of claim 6, are not taught or suggested by the prior art of record.
Claim 21 contains similar limitations to claim 6, and is considered allowable for at least the same reasons as claim 6.
Claim 11 recites the limitation “The apparatus of claim 9 wherein the command is received in the storage system from a multi-path input-output driver of the second host device”
Said limitation is taught by the specification of the instant application as originally filed at least at [Page 26].  Said limitations, in combination with the other recited limitations of claim 6, are not taught or suggested by the prior art of record.
Claim 12 depends from claim 11, and is considered allowable for at least the same reasons as claim 11. Claim 23 contains similar limitations to claim 11, and is considered allowable for at least the same reasons as claim 11.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5, 7-9 and 13-15, 17-18, 20 and 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Karr et al. (U.S. PGPub No. 2021/0173945) in view of Blumenau et al. (U.S. PGPub No. 2002/0194294) in view of Pham et al. (U.S. PGPub No. 2022/0078169).

Claim 1
Karr (2021/0173945) teaches:
An apparatus comprising: 
at least one processing device comprising a processor coupled to a memory; FIG. 1A and P. 0042 System 100 includes a number of computing devices 164A-B
[…] wherein data encrypted using a private key of the first host device is written to the first logical storage device; P. 0210 when transmitting the write to the first storage system 402 for storage in the first datastore 403 (first logical storage device), client may encrypt the block with a local key; P. 0256 first storage system 508 receives 510 data 506 encrypted using a first encryption key (private key) from a computing device 502 (first host device)
to generate a copy of the first logical storage device in the storage system; to associate the copy of the first logical storage device with a second logical storage device of the storage system, P. 0209 a first storage system 430 is configured to replicate to a paired second storage system 432; P. 0261 data, encrypted using the second encryption key, is sent 522 from the first storage system 508 to the second storage system 526 
wherein data encrypted using a private key of a second host device is written to the second logical storage device; and P. 0213 the key local to the second storage system is used by target 426 to encrypt the data block and the encrypted, compressed block is stored in the target datastore 428 (second logical storage device); P. 0267 unencrypted data received by the second storage system 526 is encrypted data with a third encryption key (private key) then stored on the second storage system 526
to provide the second host device with access to […] a public key of the first host device P. 0212-213 second storage system 432 receives a UUID for a global key (public key) from replication server of the first storage system 
so that the second host device can access particular data of the second logical storage device that was written using the private key of the first host device. P. 0272 and FIG. 5C second storage system 526 may service an I/O operation from computing device 533 (second host) by sending data encrypted with a first encryption key (private key of first host); P. 0239 the storage systems could exchange the original encrypted form of any blocks as received from the client host, and each storage system may separately decrypt the blocks if the storage system has access to the keys
[…] wherein responsive to a request from the second host device for particular data of the second logical storage device, the at least one processing device is further configured to determine if the particular data was encrypted using the private key of the first host device or the private key of the second host device, and P. 0260 data stored in first storage system 508 by computing device 502 should include necessary metadata to determine the encryption key and the initialization vector information used to encrypt the stored data; P. 0210 when requesting encrypted data from first storage system 402, system 402 may return an identifier of the  key used to encrypt the data
to provide the second host device with the particular data and an indication of a result of the determination. P. 0210 a requested block will be returned from source 402 with an identifier of the local key; P. 0272 computing device 533 may send a request to read data from second storage system 526, the data will have to be decrypted using the third encryption key or second encryption key (it is obvious the storage system 526 will determine which is appropriate)
Karr does not explicitly state associating a logical storage device with a host device.
Blumenau (2002/0194294) teaches:
at least one processing device comprising a processor coupled to a memory; wherein the at least one processing device is configured: P. 0059 and FIG. 1 storage controller 27 includes a dual port cache memory 32, a plurality of port adapters 35, 36; P. 0063 Each port adapter 35, 36 has one or more processors for handling the communication protocol
to associate a first logical storage device of a storage system with a first host device, P. 0085 port adapter 35 stores information defining a correspondence between hosts and the sets of volumes assigned to each host
It would have been obvious to a person with ordinary skill in the art at the effective filing date of the application was filed to include the invention of Karr with associating a logical storage device with a host device taught by Blumenau.
The motivation being to maintain private storage for each host (see Blumenau P. 0007)
The systems of Karr and Blumenau do not explicitly state encrypting a first host’s public key with a second host’s public key, and sending the encrypted first host’s public key to the second host.
Pham (2022/0078169) teaches:
[…] to provide the second host device with access to an encrypted version of a public key of the first host device, encrypted using a public key of the second host device, to allow the second host device to obtain therefrom the public key of the first host device, P. 0038 each user device can then transmit a message to the server (first host device) that includes the public key of the user device and that is encrypted using the public key of the server (second host device)
It would have been obvious to a person with ordinary skill in the art at the effective filing date of the application was filed to include the invention of Karr and Blumenau with encrypting a first host’s public key with a second host’s public key, and sending the encrypted first host’s public key to the second host taught by Pham
The motivation being to allow the server to encrypt data with the user’s public key, before transmitting the encrypted data to the user (See Pham P. 0040)
The systems of Karr, Blumenau and Pham are analogous because they are from the “same field of endeavor” and from the same “problem solving area.” Namely, they are both from the field of memory systems.
Therefore, it would have been obvious to combine Karr and Blumenau with Pham to obtain the invention as recited in claims 1-14.
	
Claim 2
Blumenau (2002/0194294) teaches:
The apparatus of claim 1 wherein the at least one processing device comprises at least a portion of the storage system. P. 0059 and FIG. 1 storage controller 27 in subsystem 20 includes a plurality of port adapters 35, 36; P. 0063 Each port adapter 35, 36 has one or more processors for handling the communication protocol

Claim 3
Karr (2021/0173945) teaches:
The apparatus of claim 1 generating a copy of the first logical storage device comprises generating a snapshot of the first logical storage device. P. 0209 a first storage system 430 is configured to replicate to a paired second storage system 432; P. 0211 the method of replication may be snapshotting

Claim 5
Karr (2021/0173945) teaches:
The apparatus of claim 1 wherein the result of the determination is that the particular data was encrypted using the private key of the first host device, and the indication directs the second host device to decrypt the particular data using the public key of the first host device, P. 0210 a requested block will be returned from source 402 with an identifier of the local key; P. 0272 computing device 533 may send a request to read data 506 from second storage system 526, the data originally encrypted with first encryption key (private key of first host), the data will have to be decrypted using the third encryption key or second encryption key (either is analogous to the public key of the first host device)
Pham (2022/0078169) teaches:
[…] which is obtained by the second host device decrypting the encrypted version of the public key of the first host device using the private key of the second host device. P. 0038 each user device can then transmit a message to the server (first host device) that includes the public key of the user device and that is encrypted using the public key of the server (second host device)

Claim 7
Karr (2021/0173945) teaches:
The apparatus of claim 1 wherein the at least one processing device is configured to store the public key of the first host device for use in decrypting encrypted data written by the first host device to the first logical storage device. P. 0272 and FIG. 5C second storage system 526 may service an I/O operation from computing device 533 (second host) by sending data encrypted with a first encryption key (private key of first host), which is decrypted with the second or third encryption key (either is analogous to the public key of first host)

Claim 8
Karr (2021/0173945) teaches:
The apparatus of claim 1 wherein the at least one processing device is configured to store the public key of the second host device for use in decrypting encrypted data written by the second host device to the second logical storage device. P. 0210 key storage 406 may store mappings of global keys to local keys; P. 0212-213 second storage system 432 receives a transmission of a global key, finds the corresponding local key (which is local to second storage system) and uses it to decrypt the data

Claim 9
Pham (2022/0078169) teaches:
The apparatus of claim 1 wherein providing the second host device with access to an encrypted version of a public key of the first host device comprises providing the encrypted version of the public key of the first host device to the second host device in response to a command received from the second host device. P. 0038 server (second host) may transmit a message (analogous to a command) indicating the user device (first host) should generate a new key pair, the user device can then transmit the public key of the user device encrypted using the public key of the server

Claim 13
Karr (2021/0173945) teaches:
The apparatus of claim 1 wherein the indication of the result of the determination comprises a check condition notification sent by the storage system to the second host device to direct the second host device to perform one of the following operations: to decrypt the particular data using the public key of the first host device; and P. 0210 a requested block will be returned from source 402 with an identifier of the local key (analogous to a check condition notification, as there is no explicit definition for the term)
to decrypt the particular data using the public key of the second host device. P. 0272 and FIG. 5C second storage system 526 may service an I/O operation from computing device 533 (second host) by sending data encrypted with a first encryption key (private key of first host), which is decrypted with the second or third encryption key (either is analogous to the public key of first host)

Claim 14
Karr (2021/0173945) teaches:
The apparatus of claim 1 wherein the indication of the result of the determination comprises a status value sent by the storage system to the second host device to direct the second host device to perform one of the following operations: P. 0210 a requested block will be returned from source 402 with an identifier of the local key (analogous to a status value, as there is no explicit definition for the term)
to decrypt the particular data using the public key of the first host device; and P. 0272 and FIG. 5C second storage system 526 may service an I/O operation from computing device 533 (second host) by sending data encrypted with a first encryption key (private key of first host), which is decrypted with the second or third encryption key (either is analogous to the public key of first host)
to decrypt the particular data using the public key of the second host device. Note: only one of the operations are required to be taught by the prior art

Claim 15
Karr (2021/0173945) teaches:
A computer program product comprising a non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code, when executed by at least one processing device comprising a processor coupled to a memory, causes the at least one processing device: FIG. 1 and P. 0042 System 100 includes a number of computing devices 164A-B; P. 0351 illustrative blocks, modules and components herein, can be implemented by processors executing appropriate software
[…] wherein data encrypted using a private key of the first host device is written to the first logical storage device; P. 0210 when transmitting the write to the first storage system 402 for storage in the first datastore 403 (first logical storage device), client may encrypt the block with a local key; P. 0256 first storage system 508 receives 510 data 506 encrypted using a first encryption key (private key) from a computing device 502 (first host device)
to generate a copy of the first logical storage device in the storage system; to associate the copy of the first logical storage device with a second logical storage device of the storage system, P. 0209 a first storage system 430 is configured to replicate to a paired second storage system 432; P. 0261 data, encrypted using the second encryption key, is sent 522 from the first storage system 508 to the second storage system 526 
wherein data encrypted using a private key of a second host device is written to the second logical storage device; P. 0213 the key local to the second storage system is used by target 426 to encrypt the data block and the encrypted, compressed block is stored in the target datastore 428 (second logical storage device); P. 0267 unencrypted data received by the second storage system 526 is encrypted data with a third encryption key (private key) then stored on the second storage system 526
to provide the second host device with access to an encrypted version of a public key of the first host device, […] so that the second host device can access particular data of the second logical storage device that was written using the private key of the first host device. P. 0212-213 second storage system 432 receives a UUID for a global key (public key) from replication server of the first storage system 
[…] wherein the program code, when executed by the at least one processing device, further causes the at least one processing device, responsive to a request from the second host device for particular data of the second logical storage device, P. 0260 data stored in first storage system 508 by computing device 502 should include necessary metadata to determine the encryption key and the initialization vector information used to encrypt the stored data; P. 0210 when requesting encrypted data from first storage system 402, system 402 may return an identifier of the  key used to encrypt the data
to determine if the particular data was encrypted using the private key of the first host device or the private key of the second host device, and to provide the second host device with the particular data and an indication of a result of the determination. P. 0210 a requested block will be returned from source 402 with an identifier of the local key; P. 0272 computing device 533 may send a request to read data from second storage system 526, the data will have to be decrypted using the third encryption key or second encryption key (it is obvious the storage system 526 will determine which is appropriate)
Karr does not explicitly state associating a logical storage device with a host device.
Blumenau (2002/0194294) teaches:
[…] to associate a first logical storage device of a storage system with a first host device, P. 0085 port adapter 35 stores information defining a correspondence between hosts and the sets of volumes assigned to each host
It would have been obvious to a person with ordinary skill in the art at the effective filing date of the application was filed to include the invention of Karr with associating a logical storage device with a host device taught by Blumenau.
The motivation being to maintain private storage for each host (see Blumenau P. 0007)
The systems of Karr and Blumenau do not explicitly state encrypting a first host’s public key with a second host’s public key, and sending the encrypted first host’s public key to the second host.
Pham (2022/0078169) teaches:
[…] encrypted using a public key of the second host device, to allow the second host device to obtain therefrom the public key of the first host device, so that the second host device can access particular data of the second logical storage device that was written using the private key of the first host device. P. 0038 each user device can then transmit a message to the server (first host device) that includes the public key of the user device and that is encrypted using the public key of the server (second host device)
It would have been obvious to a person with ordinary skill in the art at the effective filing date of the application was filed to include the invention of Karr and Blumenau with encrypting a first host’s public key with a second host’s public key, and sending the encrypted first host’s public key to the second host taught by Pham
The motivation being to allow the server to encrypt data with the user’s public key, before transmitting the encrypted data to the user (See Pham P. 0040)
The systems of Karr, Blumenau and Pham are analogous because they are from the “same field of endeavor” and from the same “problem solving area.” Namely, they are both from the field of memory systems.
Therefore it would have been obvious to combine Karr and Blumenau with Pham to obtain the invention as recited in claims 15-17

Claim 17
Karr (2021/0173945) teaches:
The computer program product of claim 15 wherein the result of the determination is that the particular data was encrypted using the private key of the first host device, and the indication directs the second host device to decrypt the particular data using the public key of the first host device, P. 0210 a requested block will be returned from source 402 with an identifier of the local key; P. 0272 computing device 533 may send a request to read data 506 from second storage system 526, the data originally encrypted with first encryption key (private key of first host), the data will have to be decrypted using the third encryption key or second encryption key (either is analogous to the public key of the first host device)
Pham (2022/0078169) teaches:
[…] which is obtained by the second host device decrypting the encrypted version of the public key of the first host device using the private key of the second host device. P. 0038 each user device can then transmit a message to the server (first host device) that includes the public key of the user device and that is encrypted using the public key of the server (second host device)

Claim 18
Karr (2021/0173945) teaches:
A method comprising:  […] wherein data encrypted using a private key of the first host device is written to the first logical storage device; P. 0210 when transmitting the write to the first storage system 402 for storage in the first datastore 403 (first logical storage device), client may encrypt the block with a local key; P. 0256 first storage system 508 receives 510 data 506 encrypted using a first encryption key (private key) from a computing device 502 (first host device)
generating a copy of the first logical storage device in the storage system; associating the copy of the first logical storage device with a second logical storage device of the storage system, P. 0209 a first storage system 430 is configured to replicate to a paired second storage system 432; P. 0261 data, encrypted using the second encryption key, is sent 522 from the first storage system 508 to the second storage system 526 
wherein data encrypted using a private key of a second host device is written to the second logical storage device; and P. 0213 the key local to the second storage system is used by target 426 to encrypt the data block and the encrypted, compressed block is stored in the target datastore 428 (second logical storage device); P. 0267 unencrypted data received by the second storage system 526 is encrypted data with a third encryption key (private key) then stored on the second storage system 526
providing the second host device with access to an encrypted version of a public key of the first host device, […] P. 0212-213 second storage system 432 receives a UUID for a global key (public key) from replication server of the first storage system 
to allow the second host device to obtain therefrom the public key of the first host device, so that the second host device can access particular data of the second logical storage device that was written using the private key of the first host device. P. 0272 and FIG. 5C second storage system 526 may service an I/O operation from computing device 533 (second host) by sending data encrypted with a first encryption key (private key of first host); P. 0239 the storage systems could exchange the original encrypted form of any blocks as received from the client host, and each storage system may separately decrypt the blocks if the storage system has access to the keys
[…] responsive to a request from the second host device for particular data of the second logical storage device, determining if the particular data was encrypted using the private key of the first host device or the private key of the second host device, and P. 0260 data stored in first storage system 508 by computing device 502 should include necessary metadata to determine the encryption key and the initialization vector information used to encrypt the stored data; P. 0210 when requesting encrypted data from first storage system 402, system 402 may return an identifier of the  key used to encrypt the data
providing the second host device with the particular data and an indication of a result of the determination. P. 0210 a requested block will be returned from source 402 with an identifier of the local key; P. 0272 computing device 533 may send a request to read data from second storage system 526, the data will have to be decrypted using the third encryption key or second encryption key (it is obvious the storage system 526 will determine which is appropriate)
Karr does not explicitly state associating a logical storage device with a host device.
Blumenau (2002/0194294) teaches:
[…] associating a first logical storage device of a storage system with a first host device, P. 0059 and FIG. 1 storage controller 27 includes a dual port cache memory 32, a plurality of port adapters 35, 36; P. 0063 Each port adapter 35, 36 has one or more processors for handling the communication protocol; P. 0085 port adapter 35 stores information defining a correspondence between hosts and the sets of volumes assigned to each host
It would have been obvious to a person with ordinary skill in the art at the effective filing date of the application was filed to include the invention of Karr with associating a logical storage device with a host device taught by Blumenau.
The motivation being to maintain private storage for each host (see Blumenau P. 0007)
The systems of Karr and Blumenau do not explicitly state encrypting a first host’s public key with a second host’s public key, and sending the encrypted first host’s public key to the second host.
Pham (2022/0078169) teaches:
[…] encrypted using a public key of the second host device, to allow the second host device to obtain therefrom the public key of the first host device, so that the second host device can access particular data of the second logical storage device that was written using the private key of the first host device. P. 0038 each user device can then transmit a message to the server (first host device) that includes the public key of the user device and that is encrypted using the public key of the server (second host device)
It would have been obvious to a person with ordinary skill in the art at the effective filing date of the application was filed to include the invention of Karr and Blumenau with encrypting a first host’s public key with a second host’s public key, and sending the encrypted first host’s public key to the second host taught by Pham
The motivation being to allow the server to encrypt data with the user’s public key, before transmitting the encrypted data to the user (See Pham P. 0040)
The systems of Karr, Blumenau and Pham are analogous because they are from the “same field of endeavor” and from the same “problem solving area.” Namely, they are both from the field of memory systems.
Therefore it would have been obvious to combine Karr and Blumenau with Pham to obtain the invention as recited in claims 18-20.

Claim 20
Karr (2021/0173945) teaches:
The method of claim 18 wherein the result of the determination is that the particular data was encrypted using the private key of the first host device, and the indication directs the second host device to decrypt the particular data using the public key of the first host device, P. 0210 a requested block will be returned from source 402 with an identifier of the local key; P. 0272 computing device 533 may send a request to read data 506 from second storage system 526, the data originally encrypted with first encryption key (private key of first host), the data will have to be decrypted using the third encryption key or second encryption key (either is analogous to the public key of the first host device)
Pham (2022/0078169) teaches:
[…] which is obtained by the second host device decrypting the encrypted version of the public key of the first host device using the private key of the second host device. P. 0038 each user device can then transmit a message to the server (first host device) that includes the public key of the user device and that is encrypted using the public key of the server (second host device)

Claim 22
Pham (2022/0078169) teaches:
The method of claim 18 wherein providing the second host device with access to an encrypted version of a public key of the first host device comprises providing the encrypted version of the public key of the first host device to the second host device in response to a command received from the second host device. P. 0038 server (second host) may transmit a message (analogous to a command) indicating the user device (first host) should generate a new key pair, the user device can then transmit the public key of the user device encrypted using the public key of the server

Claim 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Karr et al. (U.S. PGPub No. 2021/0173945) in view of Blumenau et al. (U.S. PGPub No. 2002/0194294) in view of Pham et al. (U.S. PGPub No. 2022/0078169) in view of Olarig et al. (U.S. PGPub No. 2018/0189635).

Claim 10
The systems of Karr, Blumenau and Pham do not explicitly teach a vendor unique command of a storage access protocol
Olarig (2018/0189635) teaches:
The apparatus of claim 9 wherein the command comprises a vendor unique command of a storage access protocol utilized by the first and second host devices to access the storage system over a network. P. 0030 The data storage device 100 can receive a command 150 from an application running on the host computer. According to one embodiment, the command 150 can be a vendor-specific fabric command
It would have been obvious to a person with ordinary skill in the art at the effective filing date of the application was filed to include the invention of Karr, Blumenau and Pham with the vendor unique command of a storage access protocol taught by Olarig.
The motivation being to allow vendors to communicate over a specific protocol.
The systems of Karr, Blumenau, Pham and Olarig are analogous because they are from the “same field of endeavor” and from the same “problem solving area.” Namely, they are both from the field of memory systems.
Therefore it would have been obvious to combine Karr, Blumenau and Pham with Olarig to obtain the invention as recited in claim 10.

Response to Arguments
Applicant's arguments filed 7/19/2022 on page 7 have been fully considered but they are not persuasive. 
The applicant states “the § 103 rejection of claim 1 argues that the recited first and second logical storage devices are met by the respective source datastore 403 and target datastore 428 of FIG. 4A in Karr. See the Office Action at pages 3-4. However, the datastores 403 and 428 are not described in Karr as logical storage devices, and such datastores instead appear to be physical storage system components”
The examiner respectfully notes a logical storage device is typically an abstraction of a physical storage device, a person of ordinary skill in the art would recognize a logical storage device could be mapped directly to a physical storage device (i.e. the address space of the logical storage device corresponds to the address space of the physical storage device). In this mapping, the logical storage device would effectively be the same as the physical storage device, any requests targeting the logical storage device would also target the corresponding physical storage device. The only difference would be requests using the addressing format of the logical storage device instead of addresses of the physical storage device, but since the address spaces of logical and physical storage devices are directly mapped, it would obvious to substitute the physical storage device for the logical storage device. Karr describes a logical storage as all of the Flash memory devices 120 a-n in a storage device 118 (see FIG. 1C and P. 0074), in other words the logical storage is effectively the entire storage device 118.

Applicant's arguments filed 7/19/2022 on page 7-8 have been fully considered but they are not persuasive. 
The applicant states “Moreover, Karr does not teach or suggest generating a copy of the source datastore 403 and associating that copy of the source datastore 403 with the target datastore 428.”
The examiner respectfully notes Karr states in P. 0209 “a first storage system 430 is configured to replicate to a paired second storage system 432”, and the first storage system 430 includes source datastore 403 and the second storage system 432 includes target datastore 428. A person of ordinary skill in the art would recognize generating a copy of a storage is equivalent to replication, and replicating a storage system would inherently replicate the datastore within said storage system. Further, Karr P. 0211 states replication may be implemented with snapshotting, the “already transferred snapshot” of the first storage system is analogous to a generated copy of a storage device and associated with a second storage device.
 
Applicant's arguments filed 7/19/2022 on pages 8/10 have been fully considered but they are not persuasive. 
The applicant states “the §103 rejection of dependent claim 4 argues that Karr teaches the claimed arrangement, relying primarily on paragraphs [0210], [0260] and [0272] of Karr, with the recited first and second host devices allegedly corresponding to the respective computing devices 502 and 533. See the Office Action at pages 6-7. However, Karr clearly does not teach or suggest any arrangement in which, for example, the first storage system 508 or the second storage system 526 performs the recited determination responsive to a request from computing device 533 for particular data of the recited second logical storage device, and provides the computing device 533 with an indication of the result of that determination”
The examiner respectfully notes Karr P. 0272 states “data may first need to be decrypted (with the third encryption key or second encryption key, as appropriate”, it is obvious a determination of which encryption key is appropriate is performed, this determination being analogous to the determination of which private key encrypted the requested data claimed. The second encryption key is equivalent to a private key of the first host (see P. 0259 “the second encryption key may be a key that is only known by the first storage system 508”) and the third encryption key is equivalent to a private key of the second host (see P. 0271 “the third encryption key may be utilized by and known only by the second storage system 526”).  Additionally, P. 0248 states “use different keys for interaction with different hosts that are accessing the same dataset”, in other words each host has a corresponding key, or a private key.  And P. 0249 states “This model further creates the possibility in replication or snapshot copy scenarios where hosts which access a replica or perhaps a snapshot, such as a rehydrated snapshot, can use different keys”. Karr P. 0272 further states “servicing 524, by the second storage system 526, the I/O operation directed to the data”, and as part of the servicing “data may first need to be decrypted (with the third encryption key or second encryption key, as appropriate)”. The I/O operation is equivalent to the claimed request from a second host device, and P. 0272 further states “the computing device 502 that initially caused the data to be stored on the first storage system 508 is depicted as being distinct from the computing device 533 that reads the data from the second storage system 526” where computing device 533 is analogous to the claimed second host device. For providing the host with the indication of a result of the determination, P. 0210 states “A replication server 410 may request the block from a source and the source 402 may provide an identifier of the local key, an initialization vector, and the encrypted block”. While this request is from a replication server and not a second host (i.e. computing device 533), the claim is directed towards a processing device that “is configured” to perform the following functions, the art is only required to show a processing device capable of performing the said functions and there does not need to be explicit disclosure of the processing device performing said functions. Based on these portions of Karr, it would be obvious to a person of ordinary skill in the art that the system of Karr is capable of performing “responsive to a request from the second host device for particular data of the second logical storage device, the at least one processing device is further configured to determine if the particular data was encrypted using the private key of the first host device or the private key of the second host device, and to provide the second host device with the particular data and an indication of a result of the determination”

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHANIE WU whose telephone number is (571)272-0257. The examiner can normally be reached 11a-8p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jared Rutz can be reached on (571)272-5535. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/STEPHANIE WU/Examiner, Art Unit 2133