Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
Office Action is in response to the instant Application 17/367,854 filed on 7/6/2021. Claims 1-20 are pending. This Office Action is Non-Final.

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 7/6/2021, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1 and 11 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 and 9 of U.S. Patent No. 8,959,597. Although the claims at issue are not identical, they are not patentably distinct from each other because:
Instant Application: 17/367,854
Patent No. 8,959,597
1. A method for use in a storage network, the method comprising: 

receiving a plurality of identifiers associated with a user including a user identifier and a group identifier; 








generating a plurality of key pairs associated with the plurality of user identifiers, the plurality of key pairs including a first key pair and a second key pair, the first key pair including a first public key and a first private key, and the second key pair including a second public key and a second private key; 





storing the plurality of key pairs; generating at least one request for a certificate; 







receiving at least one signed certificate in response to the at least one request; and accessing the storage network using the at least one signed certificate.




11. A computer comprises: a memory that stores operational instructions; and a processing module configured to respond to the operational instructions by performing operations that include:


receiving a plurality of identifiers associated with a user including a user identifier and a group identifier; 









generating a plurality of key pairs associated with the plurality of user identifiers, the plurality of key pairs including a first key pair and a second key pair, the first key pair including a first public key and a first private key, the second key pair including a second public key and a second private key; 

storing the plurality of key pairs; generating at least one request for a certificate; 







receiving at least one signed certificate in response to the at least one request; and accessing a storage network using the at least one signed certificate.
1. A method for execution by a device seeking registration with a storage network, the method comprises: outputting a registration request message that includes requesting access to a local dispersed storage network (DSN) and requesting access to a global DSN, wherein the global DSN includes a plurality of DSNs and the local DSN is one of the plurality of DSNs; receiving a registration response message that includes a global universal unique identifier (UUID) and a local UUID; 

generating a global public-private key pair and a local public-private key pair; generating a global certificate signing request (CSR) based on the global UUID and a private key of the global public-private key pair; 


generating a local CSR based on the local UUID and a private key of the local public-private key pair; 


sending the global and local CSRs to a certificate authority (CA); wherein the local CSR includes: a local authorization code, the local UUID and a local public key of the local public-private key pair; wherein the global CSR includes: a global authorization code, the global UUID and a global public key of the local public-private key pair; 

and receiving a signed global certificate and a signed local certificate, wherein the signed global certificate indicates that the device is authorized to access the plurality of DSNs and the signed local certificate indicates that the device is authorized to access the local DSN.

9. A computer comprises: an interface; a memory for storing computer executable instructions; and a processor configured to execute computer executable instruction to: 


output, via the interface, a registration request message that includes requesting access to a local dispersed storage network (DSN) and requesting access to a global DSN, wherein the global DSN includes a plurality of DSNs and the local DSN is one of the plurality of DSNs; receive, via the interface, a registration response message that includes a global universal unique identifier (UUID) and a local UUID; 

generate a global public-private key pair and a local public-private key pair; generate a global certificate signing request (CSR) based on the global UUID and a private key of the global public-private key pair; generate a local CSR based on the local UUID and a private key of the local public- private key pair; 

send, via the interface, the global and local CSRs to a certificate authority (CA); wherein the local CSR includes: a local authorization code, the local UUID and a local public key of the local public-private key pair; wherein the global CSR includes: a global authorization code, the global UUID and a global public key of the local public-private key pair; 

and receive, via the interface, a signed global certificate and a signed local certificate, wherein the signed global certificate indicates that the computer is authorized to access the plurality of DSNs and the signed local certificate indicates that the computer is authorized to access the local DSN.

	Claims 1 and 11 of the instant are read on by claims 1 and 9 of Patent No. 8,959,597.  Specifically, both the instant and Patent No. 8,959,597 teach limitations which regard a user with 2 identifiers, the generation of key pairs of these identifiers with a certificate and where the certificate is used to access a network.  

Regarding claims 2-10 and 12-20; claims 2-10 and 12-20 are also rejected under Double Patenting for similar reasons respectively and are dependent on claims 1 and 11 and therefore inherit the rejection from issues of the independent claims.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-4, 7-14 and 17-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Dehaan et al. U.S. PG-Publication No. (2011/0107103) in view of Bates et al. U.S. PG-Publication (2010/0199042) and Morris (US 2007/0209081).

	As per claim 1, Dehaan teaches a method for use in a storage network, the method comprising: generating a plurality of key pairs associated with the plurality of user identifiers, the plurality of key pairs including a first key pair and a second key pair, the first key pair including a first public key and a first private key, and the second key pair including a second public key and a second private key; storing the plurality of key pairs (Dehaan, Paragraphs 0026 and 0033, recites “In the foregoing and other embodiments, the user making an instantiation request or otherwise accessing or utilizing the cloud network can be a person, customer, subscriber, administrator, corporation, organization, or other entity.” And “In 512, cloud management system 104 and/or other logic can encrypt or otherwise secure set of data storage subunits 202, for instance using encryption engine 214 to generate public/private key pairs, and/or using an authentication or certificate authority, as understood by persons skilled in the art.” Examiner notes, for every ID in the system a key pair would be provided.  It would be obvious that should there be two or more instances of an ID, then each would have their own key pair).	
	But fails to teach receiving a plurality of identifiers associated with a user including a user identifier and a group identifier.
	However, in an analogous art Bates teaches receiving a plurality of identifiers associated with a user including a user identifier and a group identifier (Bates, Paragraph 0052, teaches the use of a GUID and LUID in a distributed/cloud network.  In combination with Dehaan since there are now two IDs, a global and local, then each would be given its own key pair and certificate).  
	At the time the invention was made, it would have been obvious to a person so ordinary skill in the art to use Bates' system for secure and reliable multi-cloud data replication with DeHaan’s systems and methods for secure distributed storage because the use of a global ID and local ID, give the flexibility for user to move between local and global systems and not having to rely on a single ID.
	And fails to teach generating at least one request for a certificate; receiving at least one signed certificate in response to the at least one request; and accessing the storage network using the at least one signed certificate.
	However, in an analogous art Morris teaches generating at least one request for a certificate; receiving at least one signed certificate in response to the at least one request; and accessing the storage network using the at least one signed certificate (Morris, Paragraph 0016 recites “A client certificate may be a digital certificate signed by one or more certificate authorities or other trusted authority or authorities, such as a security authority granting access to the network and network resources. Different certificate signers on a client certificate may be unrelated. That is, there may be one certification authority for security on a network and one or more services available via the network may provide their own security services. Each certificate may be associated with a group that has been granted a different set of services and associated authorizations. The authorizations may overlap with one another.” Examiner note: It is inherent that when the client presents a signed client certificate then a certificate request was used to create certificate).
	At the time the invention was made, it would have been obvious to a person so ordinary skill in the art to use Morris’ Methods, Systems, And Computer Program Products For Providing A Client Device With Temporary Access To A Service During Authentication Of The Client Device with Dehaan’s systems and methods for secure distributed storage because the use of a client retaining their signed certificate helps when moving between connections and reconnections.

	As per claim 2, Dehaan in combination with Bates and Morris teaches the method of claim 1, Dehaan further teaches wherein the plurality of identifiers received via a registration response (Dehaan, Paragraph 0026 recites “In the foregoing and other embodiments, the user making an instantiation request or otherwise accessing or utilizing the cloud network can be a person, customer, subscriber, administrator, corporation, organization, or other entity.” Where a subscriber would be a registration request).

	As per claim 3, Dehaan in combination with Bates and Morris teaches the method of claim 2, Dehaan further teaches wherein the registration response is received in response to a registration request (Dehaan, Paragraph 0026 recites “In the foregoing and other embodiments, the user making an instantiation request or otherwise accessing or utilizing the cloud network can be a person, customer, subscriber, administrator, corporation, organization, or other entity.” Where a subscriber would be a registration request).

	As per claim 4, Dehaan in combination with Bates and Morris teaches the method of claim 3, Dehaan further teaches wherein the registration request includes at least one of: a storage network identifier; a user device identifier; a storage capacity indicator; a status indicator; or a storage availability indicator (Dehaan, Paragraph 0026 recites “In the foregoing and other embodiments, the user making an instantiation request or otherwise accessing or utilizing the cloud network can be a person, customer, subscriber, administrator, corporation, organization, or other entity.” Where a subscriber would be a registration request).

	As per claim 7, Dehaan in combination with Bates and Morris teaches the method of claim 1, Dehaan further teaches wherein the at least one request for the certificate includes a first request based on the first key pair (Dehaan, Paragraphs 0026 and 0033, teaches the user making an instantiation request or otherwise accessing or utilizing the cloud network can be a person, customer, subscriber, administrator, corporation, organization, or other entity.  Cloud management system and/or other logic can encrypt or otherwise secure set of data storage subunits, for instance using encryption engine to generate public/private key pairs, and/or using an authentication or certificate authority.  Examiner notes, for every ID in the system a key pair would be provided.  It would be obvious that should there be two or more instances of an ID, then each would have their own key pair).

	As per claim 8, Dehaan in combination with Bates and Morris teaches the method of claim 7, Morris further teaches wherein the at least one signed certificate includes a first signed certificate based on the first key pair (Morris, Paragraph 0034-0035 recites “The certification authority information communicated by device 108 may identify one or more certificate authorities. For example, the certification authority information may include one or more digital signatures. In one embodiment, a digital signature may be a character sequence calculated using a mathematical formula. The formula may receive as inputs the sequence of characters representing the data to be signed and a secret number referred to as a signature private key. The signing party may be the only entity having access to the signature private key. The resulting computed value, representing the digital signature, may be attached to the message requesting service access. The digital signature may be uniquely associated with signed data, because the first input may be the precise sequence of characters representing that data. Further, the signature may be uniquely associated with the signing authority, because the second input is the private key that only that signing authority controls. A public key matching the private key may be provided to the service provider for allowing signature verification. The public key may be distributed to WAPs 104 for providing service access to client devices 108 that provide a corresponding private key. The public key may be provided to WAP 104 by attaching it to a message sent by device 108.”).
	At the time the invention was made, it would have been obvious to a person so ordinary skill in the art to use Morris’ Methods, Systems, And Computer Program Products For Providing A Client Device With Temporary Access To A Service During Authentication Of The Client Device with Dehaan’s systems and methods for secure distributed storage because the use of a client retaining their signed certificate helps when moving between connections and reconnections.

	As per claim 9, Dehaan in combination with Bates and Morris teaches the method of claim 8, Morris further teaches wherein the at least one request for the certificate further includes a second request based on the second key pair (Morris, Paragraph 0034-0035 recites “The certification authority information communicated by device 108 may identify one or more certificate authorities. For example, the certification authority information may include one or more digital signatures. In one embodiment, a digital signature may be a character sequence calculated using a mathematical formula. The formula may receive as inputs the sequence of characters representing the data to be signed and a secret number referred to as a signature private key. The signing party may be the only entity having access to the signature private key. The resulting computed value, representing the digital signature, may be attached to the message requesting service access. The digital signature may be uniquely associated with signed data, because the first input may be the precise sequence of characters representing that data. Further, the signature may be uniquely associated with the signing authority, because the second input is the private key that only that signing authority controls. A public key matching the private key may be provided to the service provider for allowing signature verification. The public key may be distributed to WAPs 104 for providing service access to client devices 108 that provide a corresponding private key. The public key may be provided to WAP 104 by attaching it to a message sent by device 108.”).
	At the time the invention was made, it would have been obvious to a person so ordinary skill in the art to use Morris’ Methods, Systems, And Computer Program Products For Providing A Client Device With Temporary Access To A Service During Authentication Of The Client Device with Dehaan’s systems and methods for secure distributed storage because the use of a client retaining their signed certificate helps when moving between connections and reconnections.


	As per claim 10, Dehaan in combination with Bates and Morris teaches the method of claim 9, Morris further teaches wherein the at least one signed certificate includes a second signed certificate based on the second key pair (Morris, Paragraph 0034-0035 recites “The certification authority information communicated by device 108 may identify one or more certificate authorities. For example, the certification authority information may include one or more digital signatures. In one embodiment, a digital signature may be a character sequence calculated using a mathematical formula. The formula may receive as inputs the sequence of characters representing the data to be signed and a secret number referred to as a signature private key. The signing party may be the only entity having access to the signature private key. The resulting computed value, representing the digital signature, may be attached to the message requesting service access. The digital signature may be uniquely associated with signed data, because the first input may be the precise sequence of characters representing that data. Further, the signature may be uniquely associated with the signing authority, because the second input is the private key that only that signing authority controls. A public key matching the private key may be provided to the service provider for allowing signature verification. The public key may be distributed to WAPs 104 for providing service access to client devices 108 that provide a corresponding private key. The public key may be provided to WAP 104 by attaching it to a message sent by device 108.”).
	At the time the invention was made, it would have been obvious to a person so ordinary skill in the art to use Morris’ Methods, Systems, And Computer Program Products For Providing A Client Device With Temporary Access To A Service During Authentication Of The Client Device with Dehaan’s systems and methods for secure distributed storage because the use of a client retaining their signed certificate helps when moving between connections and reconnections.

	Regarding claim 11, claim 11 is directed to a device/computer associated with the method of claim 1 respectively. Claim 11 is similar in scope to claim 1, respectively, and are therefore rejected under similar rationale. 
	Regarding claim 12, claim 12 is directed to a device/computer associated with the method of claim 2 respectively. Claim 12 is similar in scope to claim 2, respectively, and are therefore rejected under similar rationale. 
	Regarding claim 13, claim 13 is directed to a device/computer associated with the method of claim 3 respectively. Claim 13 is similar in scope to claim 3, respectively, and are therefore rejected under similar rationale. 
	Regarding claim 14, claim 14 is directed to a device/computer associated with the method of claim 4 respectively. Claim 14 is similar in scope to claim 4, respectively, and are therefore rejected under similar rationale. 
	Regarding claim 17, claim 17 is directed to a device/computer associated with the method of claim 7 respectively. Claim 17 is similar in scope to claim 7, respectively, and are therefore rejected under similar rationale. 
	Regarding claim 18, claim 18 is directed to a device/computer associated with the method of claim 8 respectively. Claim 18 is similar in scope to claim 8, respectively, and are therefore rejected under similar rationale. 
	Regarding claim 19, claim 19 is directed to a device/computer associated with the method of claim 9 respectively. Claim 19 is similar in scope to claim 9, respectively, and are therefore rejected under similar rationale. 
	Regarding claim 20, claim 20 is directed to a device/computer associated with the method of claim 10 respectively. Claim 20 is similar in scope to claim 10, respectively, and are therefore rejected under similar rationale. 



	

Claims 5, 6, 15 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over Dehaan et al. U.S. PG-Publication No. (2011/0107103), Bates et al. U.S. PG-Publication (2010/0199042) and Morris (US 2007/0209081) and in further view of Wolfe (US 2011/0055161).
	
	As per claim , Dehaan in combination with Bates and Morris teaches the method of claim 1, but fails to teach wherein the storage network includes storage units configured to store encoded data slices in accordance with a dispersed error encoding.
	However, in an analogous art Wolfe teaches wherein the storage network includes storage units configured to store encoded data slices in accordance with a dispersed error encoding (Wolfe, Paragraph 0023, recites “In an example embodiment, one or more files may be encoded into a redundant, error-tolerant format including K segments, where K is an integer greater than one.”).
It would have been obvious to a person of ordinary skill in the art, at the time the invention was filed to use Wolfe’s Cloud Data Backup Storage with Dehaan’s systems and methods for secure distributed storage because it offers the advantage of maintaining the integrity of file data. 


	As per claim 6, Dehaan in combination with Bates, Morris and Wolfe teaches the method of claim 5, Morris further teaches wherein the first key pair is a global public-private key pair and the second key pair is a local public-private key pair (Bates, Paragraph 0052, teaches the use of a GUID and LUID in a distributed/cloud network.  In combination with Dehaan since there are now two IDs, a global and local, then each would be given its own key pair and certificate).  
	At the time the invention was made, it would have been obvious to a person so ordinary skill in the art to use Bates' system for secure and reliable multi-cloud data replication with DeHaan’s systems and methods for secure distributed storage because the use of a global ID and local ID, give the flexibility for user to move between local and global systems and not having to rely on a single ID.

	Regarding claim 15, claim 15 is directed to a device/computer associated with the method of claim 5 respectively. Claim 15 is similar in scope to claim 5, respectively, and are therefore rejected under similar rationale. 

	Regarding claim 16, claim 16 is directed to a device/computer associated with the method of claim 6 respectively. Claim 16 is similar in scope to claim 6, respectively, and are therefore rejected under similar rationale. 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661. The examiner can normally be reached Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

RODERICK . TOLENTINO
Examiner
Art Unit 2439



/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439