Notice of Pre-AIA  or AIA  Status
The present application, filed on or after December 06, 2018, is being examined under the first inventor to file provisions of the AIA .
Specification
	The specification filed on September 16, 2021 have been accepted.
Drawings
The Drawing submitted on September 16, 2021 have been accepted.

Detailed action
Claims 1-20 are pending and are being considered.
Claim Objections
Claim 1, 13 and 15 objected to because of the following informalities: 
Claim 1, 13 and 15 line 4 recites “a cryptographic function” should read as “a first cryptographic function” because the subsequent limitation recites “second, third and fourth cryptographic function”
Claims 1, 13 and 15 recites “private key accessible only to the storage device” the examiner suggests to clarify why the private key is only accessible by the storage device in view of [0027] of spec which discloses that the private key is only know to the storage device in order to protect data secret identifier from brute force attack, or else the purpose of not exposing the private key will be unclear.
Claims 15 recites “client device further generated a data secret identifier” should read as “client device further generates a data secret identifier”
  Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 14 recites the limitation " the partitioned original data sub-parts".  There is insufficient antecedent basis for this limitation in the claim. 
Claim 15 line 8 and 12 recites the limitation " the storage device".  There is insufficient antecedent basis for this limitation in the claim. The claims should read as “the verifiable storage device” as previously recited in the claim.
Dependent claims 16-20 are also rejected due to inheriting the deficiency of parent claim 15.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-14 of U.S. Patent No. 11151259. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1-20 of instant application are anticipated by the claims 1-14 of US patent No. 11151259. Claims of instant application are effectively a subset of the claims in the patent. Thus, the claims recited in the instant application are anticipated by the claims recited in the patent.


                                                Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 9, 13, 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Li et al (hereinafter Li) (US 20180300493) in view of PLATT (US 20100042833). 
Regarding claim 1 Li teaches A method for managing secured data within independent computer systems and digital networks, the method comprising (Li on [0007] teaches a method for secure cloud storage of user data. The method includes deriving, using content of the user data);
generating a cryptographic data stream by processing original data representing the secured data on a local client device through a cryptographic function (Li on [0015] teaches a user can upload a file to the cloud is described as follows. A user plans to outsource data D.sub.u to the cloud (i.e. original data). See also Fig 1 and text on [0022] teaches a user 101 and a trusted gateway 102 are located at customer premises 100. The user 101 can be a physical computing device. See on [0024] teaches First a user can blind its data with a random mask r and send the blinded data B.sub.u=B(D.sub.u, r) to the gateway. See on [0007] teaches content of user data encrypted using encryption key (cryptographic function can be encryption scheme in view of para 0034 of instant application));
generating blinded data by providing the cryptographic data stream and a blind factor to a second cryptographic function (Li on [0015] teaches user blinds its data with a random mask r (i.e. blind factor) and sends the blinded data B.sub.u=B(D.sub.u, r) to the gateway. See on [0024] a user can blind its data with a random mask r and send the blinded data B.sub.u=B(D.sub.u, r) to the gateway (i.e. cryptographic function can be random function in view of para 0026 of instant application));
generating a blinded signature by providing the generated blinded data and a private key to a third cryptographic function of a storage device, [[the private key accessible only to the storage device]] (Li on [0015] teaches gateway uses a secret key K which is protected in the TEE to sign the blinded data and provide sig(K, B.sub.u), which it sends back to the user. See on [0024] teaches gateway can then use a secret key K which is protected in a TEE to sign the blinded data and provide a masked signature sig(K, B.sub.u), which it sends back to the user);
and generating a data secret identifier by providing the generated blinded signature and the blind factor to a fourth cryptographic function (Li on [0024] teaches encryption key (i.e. data secret identifier in view of para 0026-0027 and 0047 of instant application) can be produced using a server-aided, or gateway-aided, key generation with blind signatures and user can produce the encryption key based on the unmasked signature: K.sub.e=sig(K, D.sub.u));
wherein the generated data secret identifier is mathematically binded with the generated cryptographic data stream (LI on [0025] teaches an all-or-nothing transform is applied on the encrypted data. The all-or-nothing transform can be applied to the blocks E.sub.1, E.sub.2, . . . , E.sub.m of encrypted data in order to provide output blocks E.sub.1', E.sub.2', . . . , E.sub.m' of transformed encrypted by shifting with random seed derived from the encryption key K.sub.e, s=PRF("shift", K.sub.e) to provide cyclic shifted blocks E.sub.1'', E.sub.2'', . . . , E.sub.m'' of transformed encrypted data (i.e. mathematically binded));
and the storage device is never in possession of the original data and the generated cryptographic data stream (Li on [0015] teaches gateway which is connected to cloud storage, user communicates with the gateway to outsource data (i.e. original data). the user blinds the data with random r and sends the blinded data to the gateway (i.e. the gateway only possess the blinded data)).
	Although Li teaches private key is protected from outside access, but fails to explicitly teach the private key accessible only to the storage device, however PLATT from analogous art teaches the private key accessible only to the storage device (PLATT on [0036] teaches private key only accessible client device having memory)
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of PLATT into the teaching of Li by having private key with a limited access to only client device. One would be motivated to do so in order to protect the key from unauthorized access (PLATT on [0002-0004]).
Regarding claim 9 the combination of Li and PLATT teaches all the limitations of claim 1 above, Li further teaches wherein said generating blinded data comprises providing a random value as the blind factor (Li on [0015 and 0024] teaches the user blinds its data with a random mask r).
Regarding claim 13 Li teaches A method for managing secured data within independent computer systems and digital networks, the method comprising (Li on [0007] teaches a method for secure cloud storage of user data. The method includes deriving, using content of the user data);
 generating a cryptographic data stream by processing original data representing the secured data on a local client device through a cryptographic function (Li on [0015] teaches a user can upload a file to the cloud is described as follows. A user plans to outsource data D.sub.u to the cloud (i.e. original data). See also Fig 1 and text on [0022] teaches a user 101 and a trusted gateway 102 are located at customer premises 100. The user 101 can be a physical computing device. See on [0024] teaches First a user can blind its data with a random mask r and send the blinded data B.sub.u=B(D.sub.u, r) to the gateway. See on [0007] teaches content of user data encrypted using encryption key (cryptographic function can be encryption scheme in view of para 0034 of instant application));
generating blinded data by providing the cryptographic data stream to a second cryptographic function (Li on [0015] teaches The user blinds its data with a random mask r (i.e. blind factor) and sends the blinded data B.sub.u=B(D.sub.u, r) to the gateway. See on [0024] a user can blind its data with a random mask r and send the blinded data B.sub.u=B(D.sub.u, r) to the gateway (i.e. cryptographic function can be random function in view of para 0026 of instant application));
generating a blinded signature by providing the generated blinded data and a private key to a third cryptographic function of a storage device being different than the local client device, [[the private key accessible only to the storage device]] (Li on [0015] teaches The gateway uses a secret key K which is protected in the TEE to sign the blinded data and provide sig(K, B.sub.u), which it sends back to the user. See on [0024] teaches The gateway can then use a secret key K which is protected in a TEE to sign the blinded data and provide a masked signature sig(K, B.sub.u), which it sends back to the user. See Fig 1 the gateway and the client devices are different devices); 
and generating a data secret identifier by providing the generated blinded signature to a fourth cryptographic function (Li on [0024] teaches The encryption key (i.e. data secret identifier in view of para 0026-0027 and 0047 of instant application) can be produced using a server-aided, or gateway-aided, key generation with blind signatures and user can produce the encryption key based on the unmasked signature: K.sub.e=sig(K, D.sub.u));
wherein the generated data secret identifier is mathematically binded with the generated cryptographic data stream (LI on [0025] teaches an all-or-nothing transform is applied on the encrypted data. The all-or-nothing transform can be applied to the blocks E.sub.1, E.sub.2, . . . , E.sub.m of encrypted data in order to provide output blocks E.sub.1', E.sub.2', . . . , E.sub.m' of transformed encrypted by shifting with random seed derived from the encryption key K.sub.e, s=PRF("shift", K.sub.e) to provide cyclic shifted blocks E.sub.1'', E.sub.2'', . . . , E.sub.m'' of transformed encrypted data (i.e. mathematically binded)).
	Although Li teaches private key is protected from outside access, but fails to explicitly teach the private key accessible only to the storage device, however PLATT from analogous art teaches the private key accessible only to the storage device (PLATT on [0036] teaches private key only accessible client device having memory)
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of PLATT into the teaching of Li by having private key with a limited access to only client device. One would be motivated to do so in order to protect the key from unauthorized access (PLATT on [0002-0004]).

Regarding claim 15 Li teaches A computer-implemented system for managing secured data within independent computer systems and digital networks, the method comprising (Li on [0007] teaches a method for secure cloud storage of user data. The method includes deriving, using content of the user data);
a client device for generating a cryptographic data stream by processing original data representing the secured data through a cryptographic function (Li on [0015] teaches a user can upload a file to the cloud is described as follows. A user plans to outsource data D.sub.u to the cloud (i.e. original data). See also Fig 1 and text on [0022] teaches a user 101 and a trusted gateway 102 are located at customer premises 100. The user 101 can be a physical computing device. See on [0024] teaches First a user can blind its data with a random mask r and send the blinded data B.sub.u=B(D.sub.u, r) to the gateway. See on [0007] teaches content of user data encrypted using encryption key (cryptographic function can be encryption scheme in view of para 0034 of instant application));
generating blinded data by providing the cryptographic data stream and a blind factor to a second cryptographic function (Li on [0015] teaches The user blinds its data with a random mask r (i.e. blind factor) and sends the blinded data B.sub.u=B(D.sub.u, r) to the gateway. See on [0024] a user can blind its data with a random mask r and send the blinded data B.sub.u=B(D.sub.u, r) to the gateway (i.e. cryptographic function can be random function in view of para 0026 of instant application));
a verifiable storage device in communication with the client device for generating a blinded signature by processing the generated blinded data and a private key to a third cryptographic function, [[the private key accessible only to the verifiable storage device]] (Li on [0015] teaches The gateway uses a secret key K which is protected in the TEE to sign the blinded data and provide sig(K, B.sub.u), which it sends back to the user. See on [0024] teaches The gateway can then use a secret key K which is protected in a TEE to sign the blinded data and provide a masked signature sig(K, B.sub.u), which it sends back to the user. See Fig 1 the gateway and the client devices are different devices);
and wherein the client device further generates a data secret identifier by providing the generated blinded signature and the blind factor to a fourth cryptographic function (Li on [0024] teaches The encryption key (i.e. data secret identifier in view of para 0026-0027 and 0047 of instant application) can be produced using a server-aided, or gateway-aided, key generation with blind signatures and user can produce the encryption key based on the unmasked signature: K.sub.e=sig(K, D.sub.u)); 
wherein the generated data secret identifier is mathematically binded with the generated cryptographic data stream (LI on [0025] teaches an all-or-nothing transform is applied on the encrypted data. The all-or-nothing transform can be applied to the blocks E.sub.1, E.sub.2, . . . , E.sub.m of encrypted data in order to provide output blocks E.sub.1', E.sub.2', . . . , E.sub.m' of transformed encrypted by shifting with random seed derived from the encryption key K.sub.e, s=PRF("shift", K.sub.e) to provide cyclic shifted blocks E.sub.1'', E.sub.2'', . . . , E.sub.m'' of transformed encrypted data (i.e. mathematically binded)). 
and the verifiable storage device is never in possession of the original data and the generated cryptographic data stream (Li on [0015] teaches A gateway which is connected to cloud storage, user communicates with the gateway to outsource data (i.e. original data). the user blinds the data with random r and sends the blinded data to the gateway (i.e. the gateway only possess the blinded data)).
	Although Li teaches private key is protected from outside access, but fails to explicitly teach the private key accessible only to the storage device, however PLATT from analogous art teaches the private key accessible only to the storage device (PLATT on [0036] teaches private key only accessible client device having memory)
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of PLATT into the teaching of Li by having private key with a limited access to only client device. One would be motivated to do so in order to protect the key from unauthorized access (PLATT on [0002-0004]).

Regarding claim 20 the combination of Li and PLATT teaches all the limitations of claim 15 above, PLATT further teaches wherein the verifiable storage device comprises at least one of a distributed hash table, a distributed database, a peer-to-peer hypermedia distributed storage, a distributed ledger, an operating memory, a centralized database, and a cloud-based storage (Li on [0021-0023] teaches a cloud base storage database).

Claims 2-4, 10-11, 14 and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Li et al (hereinafter Li) (US 20180300493) in view of PLATT (US 20100042833) and further in view of Orsini et al (hereinafter Orsini) (US 20120221854).

Regarding claim 2 and 16 the combination of Li and PLATT teaches all the limitations of claim 1 and 15 respectively, Li further teaches further comprising: generating one or more cryptographic data sub-parts by processing the partitioned original data sub-parts on the local client device through a first cryptographic function, wherein said generating the cryptographic data stream comprises processing the generated cryptographic data-sub parts through the cryptographic function (Li on [0025] teaches data is encrypted using the encryption key produced at 200. The user can use a block cipher E and key K.sub.e to encrypt the data and produce m output blocks E.sub.1, E.sub.2, . . . , E.sub.m of encrypted data. At 230, the cyclic-shifted blocks of transformed encrypted user data is portioned into data partitions. See on [0028] teaches At 260, the gateway can check a user's ownership and download data partitions on behalf of the user. The gateway can remove replicated partitions and send the reconstructed data E.sub.1'', E.sub.2'', . . . , E.sub.m'' to the user. The user can derive the random seed for cyclic shift: s=PRF ("shift", K.sub.e) and acquires ordered encrypted data blocks E.sub.1', E.sub.2', . . . , E.sub.m').
Although the combination teaches dividing the data but fails to explicitly teach partitioning the original data on the local client device into one or more original data sub- parts prior to said generating the cryptographic data stream, however Orsini from analogous art teaches partitioning the original data on the local client device into one or more original data sub- parts prior to said generating the cryptographic data stream (Orsini on [0011 and 0479] teaches The method comprises one or more steps of parsing, splitting and/or separating the data to be secured into two or more parts or portions. The method also comprises encrypting the data to be secured. Encryption of the data may be performed prior to or after the first parsing, splitting and/or separating of the data. See also on [0315] teaches in one embodiment, preferably into four or more portions of parsed and split data, encrypting all of the portions).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Orsini into the combined teaching of Li and PLATT by portioning the data before encrypting it. One would be motivated to do so in order to secure data from unauthorized access or use (Orsini on [0002]).

Regarding claim 3 and 17 the combination of Li, PLATT and Orsini teaches all the limitations of claim 2 and 16 Orsini further teaches further comprising deriving a tree structure from the generated cryptographic data-sub parts prior to said generating the cryptographic data stream (Orsini on [0518, 0540-0545] teaches utilizing a SHA-256 (FIPS 180-2) hash and computing a hash. further teaches cryptographic hash function (implemented by SHA-256) using hash -tree construction may be used to compute an integrity protection value. A hash value may be calculated for each share using a hashing technique such as SHA-256).
Regarding claim 4 and 18 the combination of Li, PLATT and Orsini teaches all the limitations of claim 2 and 16 the combination of Li and the cited section of  Orsini fails to explicitly teaches generating a set of salts by processing the partitioned original data sub-parts and the generated data secret identifier through a fifth cryptographic function, combining the set of salts and the partitioned original data sub-parts by associating a selected salt with its corresponding data sub-part; generating a set of cryptographic salts by processing the combined set of salts and the partitioned original data sub-parts data through a sixth cryptographic function  and generating the data public identifier by processing the set of cryptographic salts through a seventh cryptographic function, However Orsini on different section teaches generating a data public identifier, comprising: generating a set of salts by processing the partitioned original data sub-parts and the generated data secret identifier through a fifth cryptographic function (Orsini on [0147-0152] teaches when sensitive data "S" is received by the data splitting module of the authentication engine 215 or the cryptographic engine 220. Preferably, in step 810, the data splitting module then generates a substantially random number, value, or string or set of bits, "A.". The data splitting process 800 generates another statistically random number "C” and combines with sensitive data S and (i.e. the sensitive data S includes private cryptographic key data para 0152) new numbers "B" and "D" are generated. For example, number B may comprise the binary combination of A XOR S and number D may comprise the binary combination of C XOR S. The XOR function. See also on [0177] teaches The transaction ID may advantageously include a 192 bit quantity having a 32 bit timestamp concatenated with a 128 bit random quantity, or a " nonce," concatenated with a 32 bit vendor specific constant. Such a transaction ID uniquely identifies the transaction. See also on [0317] teaches assuming a random distribution, a key would be obtained to create a sequence of 23 random numbers (r1, r2, r3 through r23), each with a value between 1 and 4 corresponding to the four shares. Each of the units of data (in this example 23 individual bytes of data) is associated with one of the 23 random numbers corresponding to one of the four shares. The distribution of the bytes of data into the four shares would occur by placing the first byte of the data into share number r1, byte two into share r2, byte three into share r3, through the 23.sup.rd byte of data into share r23);
combining the set of salts and the partitioned original data sub-parts by associating a selected salt with its corresponding data sub-part; generating a set of cryptographic salts by processing the combined set of salts and the partitioned original data sub-parts data through a sixth cryptographic function  (Orsini on [0024] teaches receiving data at a trust engine, combining at the trust engine the data with a first substantially random value to form a first combined value, and combining the data with a second substantially random value to form a second combined value. The method comprises creating a first pairing of the first substantially random value with the second combined value, creating a second pairing of the first substantially random value with the second substantially random value. See on [0147-0152] teaches when sensitive data "S" is received by the data splitting module of the authentication engine 215 or the cryptographic engine 220. Preferably, in step 810, the data splitting module then generates a substantially random number, value, or string or set of bits, "A.". The data splitting process 800 generates another statistically random number "C” and combines with sensitive data S and (i.e. the sensitive data S includes private cryptographic key data para 0152) new numbers "B" and "D" are generated. For example, number B may comprise the binary combination of A XOR S and number D may comprise the binary combination of C XOR S. The XOR function. See also on [0177] teaches The transaction ID may advantageously include a 192 bit quantity having a 32 bit timestamp concatenated with a 128 bit random quantity, or a " nonce," concatenated with a 32 bit vendor specific constant. Such a transaction ID uniquely identifies the transaction. See also on [0317] teaches assuming a random distribution, a key would be obtained to create a sequence of 23 random numbers (r1, r2, r3 through r23), each with a value between 1 and 4 corresponding to the four shares. Each of the units of data (in this example 23 individual bytes of data) is associated with one of the 23 random numbers corresponding to one of the four shares. The distribution of the bytes of data into the four shares would occur by placing the first byte of the data into share number r1, byte two into share r2, byte three into share r3, through the 23.sup.rd byte of data into share r23);
and generating the data public identifier by processing the set of cryptographic salts through a seventh cryptographic function (Orsini on [0455] teaches Cipher feedback key generator 3014 may, externally to secure data parser 3000, generate for each secure data parser operation, a unique key, or random number (using for example random number generator 3012), to be used as a seed value for an operation that extends an original session key size (e.g., a value of 128, 256, 512, or 1024 bits) into a value equal to the length of the data to be parsed and split. See on [0528] teaches A session key 4604 may be generated using a random number generator such as a cryptographically secure pseudo -random number generator).
Regarding claim 10 the combination Li and PLATT teaches all the limitations of claim 1 above, the combination fails to explicitly teach  wherein said generating blinded data further comprises providing a public key of the storage device to the second cryptographic function, However Orsini from an analogous art teaches wherein said generating blinded data further comprises providing a public key of the storage device to the second cryptographic function (Orsini on [0023, 0121, 0126 and 0199] teaches The cryptographic system comprises one or more data storage facilities, wherein each data storage facility includes a computer accessible storage medium which stores at least one portion of one or more cryptographic keys. The cryptographic system also comprises a cryptographic engine which communicates with the data storage facilities. The cryptographic engine also comprises a data splitting module which operate on the cryptographic keys to create portions, a data assembling module which processes the portions from at least one of the data storage facilities to assemble the cryptographic keys, and a cryptographic handling module which receives the assembled cryptographic keys and performs cryptographic functions. See on [0163] teaches public -key encryption may be used to further secure the data at the data storage facilities D1 through D4).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Orsini cited on different section into the combined teaching of Li and PLATT generating set of salt and combining the partition data with the salt to generate identifier. One would be motivated to do so in order to secure data from unauthorized access or use (Orsini on [0002]).
Regarding claim 11 the combination Li and PLATT teaches all the limitations of claim 1 above, the combination fails to explicitly teach wherein said generating the cryptographic data stream comprises processing the original data through a hash function, However Orsini from an analogous art teaches  wherein said generating the cryptographic data stream comprises processing the original data through a hash function (Orsini on [0424-0425] teaches the secure data parser may include as an internal component, portions of data are created using the secure data parser. See on [0462]-0464 teaches the resultant encrypted data (or original data if no encryption took place) is then hashed to determine how to split the encrypted (or original) data among the output buckets).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Orsini into the combined teaching of Li and PLATT by generating hash of the original data. One would be motivated to do so in order to secure data from unauthorized access or use (Orsini on [0002]).
Regarding claim 14 the combination Li and PLATT teaches all the limitations of claim 14 above,  the combination fails to explicitly teache generating a set of salts by processing the partitioned original data sub-parts and the generated data secret identifier through a fifth cryptographic function, combining the set of salts and the partitioned original data sub-parts by associating a selected salt with its corresponding data sub-part; generating a set of cryptographic salts by processing the combined set of salts and the partitioned original data sub-parts data through a sixth cryptographic function  and generating the data public identifier by processing the set of cryptographic salts through a seventh cryptographic function, However Orsini from analogous art teaches generating a data public identifier, comprising: partitioning the original data on the local client device into original data sub-parts prior to said generating the cryptographic data stream (Orsini on [0011 and 0479] teaches The method comprises one or more steps of parsing, splitting and/or separating the data to be secured into two or more parts or portions. The method also comprises encrypting the data to be secured. Encryption of the data may be performed prior to or after the first parsing, splitting and/or separating of the data. See also on [0315] teaches in one embodiment, preferably into four or more portions of parsed and split data, encrypting all of the portions);
 generating a set of salts by processing the partitioned original data sub-parts and the generated data secret identifier through a fifth cryptographic function (Orsini on [0147-0152] teaches when sensitive data "S" is received by the data splitting module of the authentication engine 215 or the cryptographic engine 220. Preferably, in step 810, the data splitting module then generates a substantially random number, value, or string or set of bits, "A.". The data splitting process 800 generates another statistically random number "C” and combines with sensitive data S and (i.e. the sensitive data S includes private cryptographic key data para 0152) new numbers "B" and "D" are generated. For example, number B may comprise the binary combination of A XOR S and number D may comprise the binary combination of C XOR S. The XOR function. See also on [0177] teaches The transaction ID may advantageously include a 192 bit quantity having a 32 bit timestamp concatenated with a 128 bit random quantity, or a " nonce," concatenated with a 32 bit vendor specific constant. Such a transaction ID uniquely identifies the transaction. See also on [0317] teaches assuming a random distribution, a key would be obtained to create a sequence of 23 random numbers (r1, r2, r3 through r23), each with a value between 1 and 4 corresponding to the four shares. Each of the units of data (in this example 23 individual bytes of data) is associated with one of the 23 random numbers corresponding to one of the four shares. The distribution of the bytes of data into the four shares would occur by placing the first byte of the data into share number r1, byte two into share r2, byte three into share r3, through the 23.sup.rd byte of data into share r23);
combining the set of salts and the partitioned original data sub-parts by associating a selected salt with its corresponding data sub-part; generating a set of cryptographic salts by processing the combined set of salts and the partitioned original data sub-parts data through a sixth cryptographic function  (Orsini on [0024] teaches receiving data at a trust engine, combining at the trust engine the data with a first substantially random value to form a first combined value, and combining the data with a second substantially random value to form a second combined value. The method comprises creating a first pairing of the first substantially random value with the second combined value, creating a second pairing of the first substantially random value with the second substantially random value. See on [0147-0152] teaches when sensitive data "S" is received by the data splitting module of the authentication engine 215 or the cryptographic engine 220. Preferably, in step 810, the data splitting module then generates a substantially random number, value, or string or set of bits, "A.". The data splitting process 800 generates another statistically random number "C” and combines with sensitive data S and (i.e. the sensitive data S includes private cryptographic key data para 0152) new numbers "B" and "D" are generated. For example, number B may comprise the binary combination of A XOR S and number D may comprise the binary combination of C XOR S. The XOR function. See also on [0177] teaches The transaction ID may advantageously include a 192 bit quantity having a 32 bit timestamp concatenated with a 128 bit random quantity, or a " nonce," concatenated with a 32 bit vendor specific constant. Such a transaction ID uniquely identifies the transaction. See also on [0317] teaches assuming a random distribution, a key would be obtained to create a sequence of 23 random numbers (r1, r2, r3 through r23), each with a value between 1 and 4 corresponding to the four shares. Each of the units of data (in this example 23 individual bytes of data) is associated with one of the 23 random numbers corresponding to one of the four shares. The distribution of the bytes of data into the four shares would occur by placing the first byte of the data into share number r1, byte two into share r2, byte three into share r3, through the 23.sup.rd byte of data into share r23);
and generating the data public identifier by processing the set of cryptographic salts through a seventh cryptographic function (Orsini on [0455] teaches Cipher feedback key generator 3014 may, externally to secure data parser 3000, generate for each secure data parser operation, a unique key, or random number (using for example random number generator 3012), to be used as a seed value for an operation that extends an original session key size (e.g., a value of 128, 256, 512, or 1024 bits) into a value equal to the length of the data to be parsed and split. See on [0528] teaches A session key 4604 may be generated using a random number generator such as a cryptographically secure pseudo -random number generator).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Orsini into the combined teaching of Li and PLATT by generating set of salt and combining the partition data with the salt to generate identifier. One would be motivated to do so in order to secure data from unauthorized access or use (Orsini on [0002]).

Claims 7-8 are rejected under 35 U.S.C. 103 as being unpatentable over Li et al (hereinafter Li) (US 20180300493) in view of PLATT (US 20100042833), in view of Orsini et al (hereinafter Orsini) (US 20120221854) and further in view of Dubrovsky et al (hereinafter Dubrovsky) (US 7653712).

	Regarding claim 7 the combination of Li, PLATT and Orsini teaches all the limitations of claim 4 above, the combination fails to explicitly teach providing the generated cryptographic data stream and the data public identifier to a verifiable data structure, the verifiable data structure comparing a current checksum with the data public identifier, However Dubrovsky from analogous art teaches further comprising providing the generated cryptographic data stream and the data public identifier to a verifiable data structure, the verifiable data structure comparing a current checksum with the data public identifier (Dubrovsky on [Col 9 line 30-40] teaches Agent 385 also stores the checksum value 481 locally in corresponding memory of host resource 410 or other repository such as agent's cache. Consequently, agent 385 can identify changes to zone 450 by retrieving present zone configuration data 490 associated with zone 450, generating a checksum value based on contents of the retrieved zone configuration data 490 from switch resource 420, and comparing the generated checksum value to the previously stored identifier 481 for a given zone).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Dubrovsky into the combined teaching of Li, PLATT and Orsini by comparing checksum with identifier and generating a new checksum. One would be motivated to do so in order to verify the integrity and authenticity of data and keep track of data modification (Dubrovsky on [Col 9 line 30-40]).

Regarding claim 8 the combination of Li, PLATT, Orsini and Dubrovsky teaches all the limitations of claim 7 above, Dubrovsky further teaches further comprising producing a new checksum by processing the current checksum and the generated cryptographic data stream to a twelfth cryptographic data stream (Dubrovsky on [Col 5 line 25-35 and line 50-60] teaches the agent generates a checksum value associated with the first set of network configuration information that is different than a checksum value generated for the second set of network. further teaches a first checksum value for an object at a first level of the hierarchy. Additionally, the agent generates a second checksum value at a second level of the hierarchy. Thereafter, the agent utilizes the first checksum value and the second checksum value to generate the overall checksum value).

Claims 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Li et al (hereinafter Li) (US 20180300493) in view of PLATT (US 20100042833) and further in view of Diaz et al (hereinafter Diaz) (US 20200295934).

Regarding claim 12 the combination of Li and PLATT teaches all the limitations of claim 1 above, the combination  fails to explicitly teach further comprising creating an associated ledger transaction in a distributed ledger comprising said generated blinded signature of the storage device, How Diaz teaches creating an associated ledger transaction in a distributed ledger comprising said generated blinded signature of the storage device (Diaz on [0014-0024] teaches blockchain system having digital signature of blinded secret).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Diaz into the combined teaching of Li and PLATT by storing blinded signature in blockchain. One would be motivated to do so in order to securely managing sensitive data (Diaz on [0007-0008]).

Regarding claim 19 the combination of Li and PLATT teaches all the limitations of claim 15 above, the combination fails to explicitly teach further comprising a distributed ledger in communication with the verifiable storage device for managing ledger transactions based on any transaction occurring in the verifiable storage device, however Diaz teaches  a distributed ledger in communication with the verifiable storage device for managing ledger transactions based on any transaction occurring in the verifiable storage device (Diaz on [0034] teaches the client-server network interconnects clients through servers and it also comprises a blockchain system. In this invention, the blockchain is a distributed database wherein the nodes store the public keys of clients of the entire client-server network, and the clients and the server of the client-server network are configured to access to the data stored in the blockchain system). 
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Diaz into the combined teaching of Li and PLATT by having a storage device in communication with distributed ledger. One would be motivated to do so in order to securely managing sensitive data (Diaz on [0007-0008]).

Allowable Subject Matter
Claims 5-6 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Adam (US 20180083932) is directed towards systems and devices for hardened remote storage of private cryptography keys used for authentication. The storage device is tamper-responsive, such that receipt of a signal that indicates physical or non-physical tampering with the storage device or its components results in deletion of the private cryptography key(s) from the memory.
Rae et al (US 20170116693) is directed towards managing rights to digital assets and more specifically to a decentralized infrastructure and system including smart contracts to manage rights for digital assets utilizing blockchain rights ledgers.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522.  The examiner can normally be reached on 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOEEN KHAN/Examiner, Art Unit 2436