DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment / Arguments
Regarding claims rejected under 35 USC 112(a):
	Applicant’s amendment is considered to have overcome said rejection. Accordingly, the rejection has been withdrawn.

Regarding claims rejected under 35 USC 103:
Applicant’s arguments, in view of the amended claim language, have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of “Secure Data Processing in a Hybrid Cloud.”

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-8, 16-17, and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barron (US 2001/0042124 A1) in view of “Secure Data Processing in a Hybrid Cloud,” hereinafter “Khadilkar.”

Regarding claim 1, Barron discloses: A method comprising: receiving from a client at least one request to perform a first function on a first set of data and to perform the first function on a second set of data; 
Refer to at least 101-103 in FIG. 1 and [0049] of Barron with respect to a user at a client requesting a file transfer with a server. 
Refer to at least [0055] of Barron with respect to multiple files. 
in response to a determination that the first set of data is encrypted sending, to the client, the first set of data and computer code for performing the first function; and 
Refer to at least [0051]-[0052] of Barron with respect to an applet sent by the server to the client for encrypting data.
Refer to at least [0055] of Barron with respect to the server providing data to a requesting client. A decryption applet is providing for decrypting the data. The data may be re-encrypted via the encryption applet. 
receiving, from the client , first processed data representing an encrypted outcome of the function on the first set of data; and 
Refer to at least [0053] of Barron with respect to the client providing the encrypted data to the server for storage. 
Barron does not disclose: performed by a cloud service; determining whether the first set of data is encrypted and whether the second set of data is encrypted, wherein data for which the cloud service has a corresponding decryption key is not considered to be encrypted; in response to a determination that the second set of data is not encrypted: performing the first function on the second set of data. However, Barron in view of Khadilkar discloses: performed by a cloud service;
Refer to at least Figure 1 of Khadilkar with respect to the hybrid cloud architecture.
wherein data for which the cloud service has a corresponding decryption key is not considered to be encrypted (the public cloud does not have access to the encryption/decryption processing as per Figure 1 of Khadilkar); in response to a determination that the second set of data is not encrypted: performing the first function on the second set of data. 
Refer to at least pages 2-3 and 3.2.2 on pages 5-7 of Khadilkar with respect to dividing an operation for encrypted and unencrypted data in the public cloud, and performing the operation over the unencrypted data in the public cloud. 
	The teachings of Barron and Khadilkar concern encrypted data storage and retrieval and are considered to be within the same field of endeavor and combinable as such. 
	Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Barron to further include support for a cloud service because design incentives or market forces provided a reason to make an adaptation, and the invention resulted from application of the prior knowledge in a predictable manner (i.e., obtaining the advantages of cloud networking). It further would have been obvious to one of ordinary skill in the art to include a distinction between requests directed to encrypted and unencrypted data together, as well as different levels of security for retrieving such, for at least the purpose of increased efficiency (e.g., the introduction of Khadilkar concerning the cost of encryption).

Regarding claim 2, Barron-Khadilkar discloses: The method of claim 1, wherein the computer code is sent to the client in an encrypted form.
Refer to at least [0034], [0052], and [0057] of Barron with respect to the server and client communicating via SSL. 

Regarding claim 4, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations with respect to storing the encrypted data).

Regarding claim 5, Barron-Khadilkar discloses: The method of claim 1, wherein determining whether the first set of data is encrypted includes determining whether the first set of data is marked as being sensitive.
Refer to at least Figure 1 of Khadilkar with respect to sensitive and non-sensitive data for encryption. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to further modify the teachings to include support for determining sensitive data associated with a policy for at least the purpose of increasing data privacy (e.g., protecting personally identifiable information).

Regarding claim 6, Barron-Khadilkar discloses: The method of claim 1, wherein performing the first function on the second set of data comprises generating second processed data, further comprising sending the second processed data to the client.
Refer to at least [0055] of Barron with respect to providing the stored encrypted data. 

Regarding claim 7, it is rejected for substantially the same reasons as claim 1 above.

Regarding claim 8, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations with respect to the applet).

Regarding independent claim 15, it is substantially similar to independent claim 1 above, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationale).

Regarding claims 17 and 19-20, they are substantially similar to claims 2 and 4-5 above and are therefore likewise rejected.

Claims 3 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Barron-Khadilkar as applied to claims 1-2, 4-8, 16-17, and 19-20 above, and further in view of Deutsch (US 2014/0122873 A1).

Regarding claim 3, Barron-Khadilkar does not disclose: further comprising requesting remote attestation of the client , wherein the computer code is sent to the client device only after receiving satisfactory attestation of the client device. However, Barron-Banerjee-Downey in view of Deutsch discloses: further comprising requesting remote attestation of the client device, wherein the computer code is sent to the client only after receiving satisfactory attestation of the client device.
Refer to at least FIG. 6 of Deutsch with respect to a server requiring attestation from a client before providing services to said client. 
The teachings of Deutsch concern provision of web services to clients, and are considered to be within the same field of endeavor, and further combinable as such. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Barron-Khadilkar to include attestation for at least the purpose of increasing security as per at least [0006]-[0007] of Deutsch. 

Regarding claim 18, it is substantially similar to claim 3 above, and is therefore likewise rejected.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/Examiner, Art Unit 2432