Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/08/2022 has been entered.

Response to Applicant’s Amendments / Arguments Regarding 35 U.S.C. § 103
	 The applicant’s remarks, on pages 11-12 of the response / amendment, which is included below single spaced with the applicant’s emphasis is bold, and with the examiner’s comments double spaced, is included below. The applicant argues the features which allegedly distinguish over the previously cited references cited in the 35 U.S.C. § 103 rejections.

III. Rejections Under 35 U.S.C. § 103 

Applicant respectfully traverses the rejections of claims 1-24 under 35 U.S.C. § 103 as allegedly unpatentable over the asserted combinations of Hetzler, Choi, Ashley, Huang, Clifford, Narayanamurthy, Gauda, Grube, and Gottipati. Office Action at 2-36. No prima facie case of obviousness has been established and Applicant's amendments to the claims herein further distinguish the cited references. 
For example, the asserted combination of Hetzler, Choi, Ashley, and Huang fails to teach or suggest Applicant's amended claim 1, which recites a combination of subject matter including:-
[page 11]


indexing the encrypted first data structure to an associated 
segment identifier using the first key; and 
indexing the encrypted second data structure to a different 
associated segment identifier using the second key. 
(Emphasis added.) 
Applicant respectfully submits that the rejection of claim 1 is moot in light of the amended subject matter. None of the asserted references teach or suggest this subject matter. For example, while Hetzler discloses "the key ID may be a unique index number for a client secret encryption key 404," and "the storage system 420 may create an index table of keys for the ID of client secret encryption key 404," this does not teach or suggest indexing an encrypted data structure using a first key or the second key, as recited in proposed amended claim 1. Hetzler  [0135]. Hetzler does not teach or suggest indexing using a "first data structure to an associated segment identifier using the first key" and "indexing the encrypted second data structure to a different associated segment identifier using the second key." Hetzler merely discloses creating an "index table of keys" using a "client secret encryption key" that is not related to a first key or a second key. Hetzler  [0135]. 
Applicant respectfully submits that in light of the claim amendments the rejection of claim 1 is moot and should be withdrawn. Proposed amended independent claim 23, as well as intendent claim 17, though different in scope from claim 1, are also allowable for similar reasons. Claims 2-22 and 24 each depend from one of these independent claims and are allowable over the cited references by at least virtue of their dependence. These claims also recite additional elements distinguishing them over the art of record.
[page 12]


Applicant’s arguments have been considered but are moot in view of the new ground(s) of rejection. Newly cited reference Gladwin has been cited as teaching the above emphasized features of claim 1, and the newly added features of independent claim 23.
	
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-7 and 9-24 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
As per claims 1, 17, and 23, the claims recite a system comprising components which may be interpreted simply as software, which does not fall under one of the four statutory categories.  The recitation of "one or more processors" does not limit the claim to hardware, since processors are not necessarily considered as hardware and may refer to software.  It is suggested to amend the limitation to “one or more hardware processors”.  The recitation of "storage medium" does not limit the claim to statutory subject matter, since computer readable storage medium may refer to a signal or carrier wave.  The examiner suggest amending the limitation to recite “a non-transitory computer readable storage medium.”              
Dependent claims 2-7, 9-16, 18-22, and 24 depend on independent claims 1 and 17 respectively and they do not further limit the claims to statutory subject matter, therefore they are also rejected under 35 U.S.C. 101.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 9-10, and 13-16 are rejected under 35 U.S.C. 103 as being unpatentable over US 2021/0056223 to Hetzler et al. (hereinafter referred to as “Hetzler”), in view of US 2009/0208016 to Choi et al. (hereinafter referred to as “Choi”), in view of US 2005/0154889 Ashley et al. (hereinafter referred to as “Ashley”), and further in view of US 2011/0125771 to Gladwin et al. (hereinafter Gladwin).
Regarding claim 1 recites,
A system for maximizing storage of encrypted content in a storage system (Storage System 420 of figs. 4 & 5 of Hetzler) comprising: 
Hetzler’s Abstract teaches an invention with a similar purpose to the features described in the applicant’s specification and the features recited in the applicant’s claims. 
Hetzler’s Abstract states, “receiving deduplication information at a storage system. The deduplication information is accessible to the storage system for performing operations thereon. The deduplication information includes signatures associated with portions of client data. The method also includes receiving the client data encrypted with a client secret key. The client secret key is unavailable to the storage system. The method includes deduplicating data chunks stored in the storage system against chunks of the client data, wherein the client data chunks are selected from the client data for deduplication using the deduplication information.” 
one or more processors; and 
a storage medium storing instructions … 
The Examiner asserts that processors and memory are an inherent part of Storage System 420 in Hetzler figs. 4-5.
… that, when executed, cause the one or more processors to perform operations comprising: 
receiving, from a first client device, (Client Side 1 of Hetzler figs. 4 & 5) an encrypted version of a first data structure and a first metadata associated with the first data structure, …
Hetzler in the first sentence of [0094] teaches the Client 1 that includes “the meta-generator 406 computes deduplication information (e.g., metadata) 446 …”.  The deduplication information 446 (“first metadata associated with the first data structure”) is sent from the Client 1 to the Storage System 420, as shown in figs. 4 & 5. 
… wherein the first data structure is encrypted 
The Examiner asserts that the “first key” is taught by the “ephemeral key 504” used in the secure TLS layer in [0133] of Hetzler, because the TLS channel uses the ephemeral key to encrypt information that is transferred through the TLS tunnel from the client to the Storage System 420.  The ephemeral key 504 of fig. 5 also exists in fig. 4 as ephemeral key 440. 
Hetzler in [0080] teaches the ephemeral key 440 of fig. 4 (similar to ephemeral key 504 of fig. 5) being used by the ephemeral key encrypter 410 to encrypt data.  Thus, Hetzler teaches that the ephemeral keys 440 / 504 of figs. 4 & 5 may be used to encrypt all data, including the data that is to be de-duplicated (i.e., “first data structure” and “second data structure”). 
The Examiner asserts that the “common key” is taught by the “common key” as discussed in [0005] of Hetzler, where [0005] of Hetzler describes a very simple implementation of deduplication, where the clients performs the encryption (client-side encryption) of data (“first data structure”) where the storage system does not know the key, and deduplication is performed on data when a “common key” is used.
Hetzler at [0005] states, “Conventional full client-side encryption encrypts the data with a key unknown to the storage system. The storage system only deduplicates data encrypted with a common key. …”
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of figs. 4 & 5 of Hetzler with the teachings of [0005] of Hetzler.  One of ordinary skill in the art would have been motivated to perform such a modification to provide for the simplest form of deduplication of identical data (i.e., identical data encrypted with the same “common key”). In the case of the same data (e.g., copy righted data) that is encrypted with the same key (i.e., “common key”), performing a simple comparison of the two encrypted data (without decrypting the two data) would identify the duplicates. This feature is clearly taught by [0005] of Hetzler.
The combination of the teaching of [0005] with the teachings of figs. 4 & 5, is similar to features already included in figs. 4 & 5 of Hetzler.  For example, figs. 4 & 5 of Hetzler teach a client encryption key 404 possessed by the Client but not possessed by the Storage System 420. (See Hetzler [0074] “the client secret encryption key 404 never leaves client 1 side 402 …” and Hetzler in [0095] “Data 450 is opaque to the storage system 420 (e.g., the client secret encryption key 404 is not available to the storage system 420)”.
wherein the one or more processors do not have access to the common key; 
The “common key” of Hetzler [0005] teaches a very simple implementation of deduplication, where the clients performs the encryption (client-side encryption) where the storage system does not know the key, and deduplication can only be performed on data when a “common key” is used.
Hetzler at [0005] states, “Conventional full client-side encryption encrypts the data with a key unknown to the storage system. The storage system only deduplicates data encrypted with a common key. …”
In the case of the same data (e.g., copy righted data) that is encrypted with the same key (i.e., “common key”), performing a simple comparison of the two encrypted data (without decrypting the two data) would identify the duplicates. This feature is clearly taught by [0005] of Hetzler.
Hetzler teaches, 
using the first key, partially decrypting the encrypted first data structure; 
See ephemeral key 440 / 504 of Hetzler, which is used in the secure TLS channel. The secure TLS channel decrypts the encrypted data including the data (“first data structure”) that is being de-duplicated in figs. 4 & 5.
storing the partially decrypted first data structure;
The data that is decrypted is then later de-duplicated by the deduplication manager 424 (described further below) in the Storage System 420 of Hetzler in figs. 4 & 5. It is inherent that the data to be de-duplicated (i.e., at least the first stored instance of “first data structure” or “second data structure”) is stored during the time between the decryption by the secure TLS tunnel and the de-duplication process. 
receiving, from a second client device, (Client Side 2 of Hetzler fig. 5) an encrypted version of a second data structure and a second metadata associated with the second data structure, … 
The Examiner notes that Hetzler in [0104-105] teaches that Client 2, in a preferred approach, performs deduplication in a manner substantially similar to the deduplication performed for client 1 side 402. 
Thus, the Examiner asserts that the teaching of figs. 4 & 5 regarding Client 1 of Hetzler, are also applicable to Client 2 of Hetzler. 
Hetzler in the first sentence of [0094] teaches the Client 1 that includes “the meta-generator 406 computes deduplication information (e.g., metadata) 446 …”.  The deduplication information 446 (“first metadata associated with the first data structure”) is sent from the Client 1 to the Storage System 420, as shown in figs. 4 & 5. 
… wherein the second data structure is encrypted 
As stated above, the teachings of Hetzler in [0104-105] teach that the teaching of figs. 4 & 5 regarding Client 1, are also applicable to Client 2.
The Examiner asserts that the “second key” is taught by the second half of [0091] of Hetzler which teaches that Client 2 may send the data (“second data structure”) in the clear or with “any communication encryption known in the art …”.  The Examiner asserts that the TLS channel of [0133] in Hetzler teaches such an encryption. 
The Examiner asserts that the “common key” is taught by the “common key” as discussed in [0005] of Hetzler, where [0005] of Hetzler describes a very simple implementation of deduplication, where the clients performs the encryption (client-side encryption) of data (“second data structure”) where the storage system does not know the key, and deduplication is performed on data when a “common key” is used.
Hetzler at [0005] states, “Conventional full client-side encryption encrypts the data with a key unknown to the storage system. The storage system only deduplicates data encrypted with a common key. …”
using the second key, partially decrypting the encrypted second data structure; 
As stated above, the teachings of Hetzler in [0104-105] teach that the teaching of figs. 4 & 5 regarding Client 1, are also applicable to Client 2.
See ephemeral key 440 / 504 of Hetzler, which is used in the secure TLS channel. The secure TLS channel decrypts the encrypted data including the data (“second data structure”) that is being de-duplicated in figs. 4 & 5.
selectively storing a copy of the partially decrypted second data structure based on whether content of the partially decrypted first data structure corresponds to content of the partially decrypted second data structure;  
Hetzler in [0085] teaches the deduplication manager 424 identifying duplicated data based on duplication information (e.g., metadata generated in the client by meta-gen 448), then the deduplication manager 424 performs deduplication. Hetzler in [0097-98] teaches the deduplication manager 426 of Storage System 420 in fig. 4 receiving encrypted data, encrypted with the ephemeral key, that is decrypted. Hetzler in [0099] then teaches the deduplication manager 426 identifying duplicated data based on the deduplication information 446 from the Meta-gen 448 of the Client in fig. 4. 
The examiner interprets the identification and performing of the de-duplication in Hetzler as corresponding to “selectively storing … partially decrypted second data structure” because, after the (partial) decryption using the ephemeral key of the secure TLS channel, the data is still (partially) encrypted with the “common key” of [0005] of Hetzler.
Hetzler does not teach the following,
However, Choi teaches,  
… encrypted commutatively …, (emphasis added)
Choi’s Abstract teaches that a licensing server creates encryptions keys corresponding to a domain manager (i.e., domain of multiple user devices) (“common key” of the claim) and one user module (i.e., one of the devices of the user) (“first key” or “second key” of the claim). The contents encryption key (that encrypts data protected by DRM) is encrypted using commutative encryption of the encryption key of the domain manager and the encryption key of the one user module.  The Examiner interprets the contents encryption key of Choi as corresponding to the “data structure(s)” of the invention. Choi’s invention allows the different user devices in the domain (of the user, managed by the domain manager) to share the licenses / encryption keys. 
Choi in the Abstract and in more detail in [0014-15] teaches details of the commutative encryption. Choi in the first sentence of [0085] teaches that the server 100 uses a license creation module 40 to create encryption key for the domain, first encryption key Kdc1 (of first user device), and second encryption key Kdc2 (second user device). Choi in the middle of [0085] teaches “The license server 100 provides the domain manager 5 and the second module 15 with the results of encryption.”	
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler’s deduplication of encrypted data with Choi’s use of commutative encryption for licensing and access of copyrighted material that is protected by DRM encryption. One of ordinary skill in the art would have been motivated to perform such an addition to provide commutative encryption using different keys so that the order of the encryption (1st key then 2nd key, or 2nd key then 1st key) does not affect the order of the decryption / the output of the decryption.   
Hetzler and Choi fail to teach, 
However, Ashley teaches, 
receiving the first key;
In contrast, the ephemeral key 440 / 504, used in the secure TLS channel of Hetzler, is provided by the Storage System 420 to the Client 1.
Ashley in fig. 4 and the first two sentences of [0043] teaches that the client “generates a session key (step 412); the session key is preferably a symmetric secret key. The client then securely sends the session key to the server (step 414).” This key is used for the communications during the session in the secure tunnel (e.g. TLS, see [0006] of Ashley). Thus, Ashley teaches a storage or “storage system” that receives a key that is used in TLS sessions.
receiving the second key; 
As stated above, the teachings of Hetzler in [0104-105] teach that the teaching of figs. 4 & 5 regarding Client 1, are also applicable to Client 2. In contrast, the ephemeral key 440 / 504, used in the secure TLS channel of Hetzler, is provided by the Storage System 420 to the Client 1.
Ashley in fig. 4 and the first two sentences of [0043] teaches that the client “generates a session key (step 412); the session key is preferably a symmetric secret key. The client then securely sends the session key to the server (step 414).” This key is used for the communications during the session in the secure tunnel (e.g. TLS, see [0006] of Ashley). Thus, Ashley teaches a storage or “storage system” that receives a key from the client, where the key is used in TLS sessions.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler’s secure TLS channel / tunnel with the secure encrypted tunnel / session of Ashley, where the Client in Ashley provides the symmetric session key that is used to encrypt data transferred during the session.  One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability of having the Client create the session key, as opposed to the Server creating the key (as taught in Hetzler), in order to reduce the number of back and forth communications when establishing a session, because it may be more efficient for the Client to generate the symmetric session key due to the client receiving enough information to verify the authenticity of the server before the server can verify the authenticity of the client.  
Hetzler, Choi, and Ashley fail to teach, 
However, Gladwin teaches,
indexing the encrypted first data structure to an associated segment identifier using the first key; and 
indexing the encrypted second data structure to a different associated segment identifier using the second key.
The examiner understands the above features with regards to fig. 4 and [0099-100] of the applicant’s printed publication, in particular using step 412 where two separate (first and second) data structures are stored using the first and second keys. (Compare with claim 23, which is related to steps 413-414)  
Gladwin teaches data deduplication. (Gladwin, Title “Data De-Duplication In A Dispersed Storage Network Utilizing Data Characterization”) Gladwin teaches that data segments (“data structure”) and a key table that is indexed (“to … segment identifier”) by key references, where the key reference is generated based on an encryption key (“using the … key”). (Gladwin, [0140]) 
The examiner notes that different data (i.e., “first data structure” and “second data structure”), which have different keys, in Gladwin would be mapped to different segments (“an associated segment identifier” and “a different associated segment identifier”) because the data is not deduplicated because these data are different.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler’s deduplication of encrypted data with Gladwin, which teaches data deduplication, where the data is indexed using an encryption key of the data in order to build a reference table that allow the data to be retrieved. One of ordinary skill in the art would have been motivated to perform such an addition so that Hetzler’s deduplication so that one could utilize Gladwin’s ability to store encryption keys so that the encryption keys (“first key” and “second key”) could be used to index and find the data, which would allow the client or server to store only the key and not have to store additional indexing information in order to retrieve the data being stored. 

Regarding claim 2, the combination of Hetzler, Choi, Ashley, and Gladwin teach, 
The system of claim 1, wherein at least one of the first key, the second key, or the common key comprise a symmetrical encryption key.  
Hetzler in [0071] states, “At least some of the operations described herein may be used with symmetric key encryption and/or asymmetric encryption (e.g., public key infrastructure (PKI)). It should be understood by one having ordinary skill in the art that PKI encryption may be performed according any configurations known in the art. For example, a public key in PKI is not a secret key, and encrypting data with the public key requires a corresponding secret private key to decrypt.” Hetzler further describes symmetric keys in [0073-74] and [0084] [0107-108].

Regarding claim 3, the combination of Hetzler, Choi, Ashley, and Gladwin teach, 
The system of claim 1, 
wherein the operations further comprise: 
receiving a request for content of the partially decrypted first data structure from the first client device or the second client device,
Hetzler describes in [0125-126] the Client 1 sending a request 502 and a read request 508 to the storage 420 in order to receive “returned data chunks.” See also Hetzler fig. 5.
retrieving the partially decrypted first data structure; 
Hetzler in [0126] states, “In a preferred approach, the deduplication manager 424 identifies data chunks associated with the read request 508 using chunk metadata 428.”
re-encrypting the first data structure by encrypting the partially decrypted first data structure using the first key or the second key based on which of the first client device or the second client device sent the request; and 
Hetzler in [0127] states, “The output 516 of the storage secret key decrypter 432 may be sent to the storage ephemeral key encrypter 434.” Where the ephemeral key encrypter 434 is located inside the storage 420, as shown in fig. 5 of Hetzler.
returning the re-encrypted first data structure to the first client device or the second client device.  
	The corresponding features of Hetzler are shown in fig. 5 and described in [0128] which states, “the output 518 of the storage ephemeral key encrypter 434 may be sent to the dechunker 412. An indicator that the output 518 is encrypted with the ephemeral key 504 may sent to the dechunker 412. The dechunker 412 may dechunk data chunks received from the storage system where the data chunks are encrypted with multiple encryption keys.”

Regarding claim 4, the combination of Hetzler, Choi, Ashley, and Gladwin teach, 
The system of claim 3, wherein the one or more processors transmit the first key or the second key with the re-encrypted first data structure.  
	In fig. 6 and [0142-145] of Hetzler, the client public key 606 (i.e., “first key or second key” of claim 1) is used to encrypt data and is sent 616 to the storage system in [0145] of Hetzler.  Hetzler in Fig. 5 shows ephemeral key 504 being returned by the storage 420 to the client 402 and in [0125] states, “The ephemeral key may be for encrypting returned data chunks. An ephemeral key 504 may be returned in response 506 to the request 502.”

Regarding claim 9, the combination of Hetzler, Choi, Ashley, and Gladwin teach, 
The system of claim 1, wherein the operations further comprise; 
receiving a first segment identifier associated with the encrypted first data structure; 
receiving a second segment identifier associated with the encrypted second data structure; and 
Hetzler in [0136] discusses the Deduplication manager 424 comparing data that is received from two different clients, with a common signature (“identifier(s)” of claim 9).
determining whether content of the encrypted first data structure corresponds to content of the encrypted second data structure based on the first segment identifier associated with the encrypted first data structure and the second segment identifier associated with the encrypted second data structure.  
The “identifier” of claim 9 correspond to the signatures of Hetzler.  Hetzler in [0134] states, “In preferred approaches, in contrast to conventional deduplication operations, additional chunk metadata is associated with each data chunk to indicate the key in which a chunk is encrypted. Different clients may have data chunks that are the same (e.g., duplicates with identical signatures).” Hetzler in [0136] further states, “In response to encrypted data from at least two clients having a common signature and different key IDs, the deduplication manager 424 does not dedupe the encrypted data because both the signatures and the key IDs must match to perform the deduplication.”

Regarding claim 10, the combination of Hetzler, Choi, Ashley, and Gladwin teach, 
The system of claim 9, wherein the operations further comprise receiving the first segment identifier from the first client device or receiving the second segment identifier from the second client device.  
Hetzler in fig. 4 depicts a meta-generator 406 inside of Client 1 and signatures in Hetzler correspond to “identifier” of claim 10. Hetzler in [0110] states, “The meta-generator 406 identifies and/or calculates deduplication signatures (e.g., rolling min hashes, cryptographic hashes, etc.).”

Regarding claim 13, the combination of Hetzler, Choi, Ashley, and Gladwin teach, 
The system of claim 1, wherein the one or more processors receive the encrypted first data structure from a first portion of the first client device and the first key from a second portion of the first client device.  
Hetzler in figures 4-5 depicts a storage ephemeral key 440 and meta-generator 406 which includes write data 444.  These components are shown as being separate and Hetzler discloses these features being implemented by different hardware or software components.  Hetzler in [0202] states, “It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts or carry out combinations of special purpose hardware and computer instructions.”

Regarding claim 14, the combination of Hetzler, Choi, Ashley, and Gladwin teach, 
The system of claim 13, wherein the first portion and the second portion comprise distinct hardware components.  
Hetzler in figures 4-5 depicts a storage ephemeral key 440 and meta-generator 406 which includes write data 444.  These components are shown as being separate and Hetzler discloses these features being implemented by different hardware or software components. Hetzler in [0202] states, “It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts or carry out combinations of special purpose hardware and computer instructions.”

Regarding claim 15, the combination of Hetzler, Choi, Ashley, and Gladwin teach, 
The system of claim 13, wherein the first portion and the second portion comprise distinct software components executed as isolated application instances.  
	Hetzler in [0058] [0061] [0203] describe software components or layers that are distinct from one another performing different aspects of the structures shown in the figures. Hetzler in [0203] states, “By executable by the processor, what is meant is that the logic is hardware logic; software logic such as firmware, part of an operating system, part of an application program; etc., or some combination of hardware and software logic that is accessible by the processor and configured to cause the processor to perform some functionality upon execution by the processor. Software logic may be stored on local and/or remote memory of any memory type, as known in the art. Any processor known in the art may be used, such as a software processor module and/or a hardware processor such as an ASIC, a FPGA, a central processing unit (CPU), an integrated circuit (IC), a graphics processing unit (GPU), etc.”

Regarding claim 16, the combination of Hetzler, Choi, Ashley, and Gladwin teach, 
The system of claim 1, 
wherein the one or more processors receive the encrypted first data structure using a first computer network and the first key using a second computer network at least partially different from the first computer network.  
Hetzler in [0084] and [0108] discloses exchanging an ephemeral key 440, using a first network, that is provided by the storage 420 to the client 1 402.  Then, the ephemeral key 440 is used to establish a second encrypted connection / network that allows for the data to be securely exchanged between the storage 420 and the client 1. Hetzler in [0092] establishes a session between the client 1 and the storage 420.  Additionally, Hetzler in [0133] describes the ephemeral key being used to establish a standard transport encryption.

Claims 5-7 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Hetzler, in view of Choi, in view of Ashley, in view of Gladwin, and further in view of US 8,812,874 Clifford (hereinafter referred to as “Clifford”). 
Regarding claim 5, 
Hetzler, Choi, Ashley, and Gladwin teach,
The system of claim 3, 
Hetzler, Choi, Ashley, and Gladwin do not teach, 
However, Clifford teaches,
wherein the operations further comprise: 
receiving at least one of proof to access or a license to use the content of the requested partially decrypted first data structure with the request from the first client device or the second client device; 
Clifford in Col. 8, lines 32-41 (49) states, “In the method of FIG. 4 an ERM-aware application may request a user license for the ERM-protected data from an RMS, as in 400. In various embodiments, such a request may identify the user of the ERM-aware application (i.e., the principal). In various embodiments, the request may include the publishing license of the ERM-protected data.” Clifford in Col. 9, lines 42-55 (50) further describes the RMS (license server 12) determining if the user should be granted access to the data based on a license.  See also Col. 4, lines 40-50 (22), Col. 5, lines 51-59 (30), Col. 6, lines 51-61 (36), and Col. 7, lines 21-28 (40) of Clifford.    
Clifford also teaches the following recitation of,
3Application No. 16/660,761 Attorney Docket No.: 15036.0006-00000 
receiving at least one of proof to access or a license to use the content of the requested partially decrypted first data structure with the request from the first client device or the second client device; 
extracting the first key or the second key from the at least one of proof or a license; and 
Clifford Col. 7, lines 13-20 (39) states, “In some embodiments, the publishing license may include one or more decryption keys and/or identifiers corresponding to segments of the data, as in 260. As described above, in various embodiments a symmetric encryption algorithm may be used to encrypt the data in 230.”
encrypting the partially decrypted first data structure using the extracted first key or the second key.  
Clifford Col. 7, lines 13-20  (39) states, “As described above, in various embodiments a symmetric encryption algorithm may be used to encrypt the data in 230.” Additionally, claim 5 of Clifford includes an encrypted data segment that is included in the storage system (i.e., server), thus, the data is encrypted by the storage system 130. Also, Clifford Col. 8, lines 56-62 (51) encrypts the license.  
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler, Choi, and Ashley with the teachings of Clifford to incorporate the ability for a third party licensing server to supply / verify licenses which are used to determine if a user has access to copy-write protected data. One of ordinary skill in the art would have been motivated to perform such an addition to provide an aid in reducing piracy of protected information by using a licensing server that confirms the legitimacy of a license 

Regarding claim 6, 
Hetzler, Choi, Ashley, and Gladwin teach,
The system of claim 3, 
Hetzler, Choi, Ashley, and Gladwin do not teach, 
However, Clifford teaches,
wherein the operations further comprise: 
based on the request, sending a challenge to the first client device or the second client device; and
Clifford in Col. 8, lines 25-32 (48) describes a user attempting to access ERM-protected data which corresponds to a “challenge” of claim 6.
based on a response to the challenge, determining that the first client device or the second client device has had access to or has a license to use the content of the requested partially decrypted first data structure, 
Clifford describes a license server 120 of fig. 1 that provides the ability to determine whether access to data is allowed.  See Clifford Col. 8, lines 32-55 (49-50) which states, “If the publishing license does not permit the user to access the data, as indicated by the negative exit from 420, the RMS may deny a user license to the principal, as in 430. However, if the user license does permit the principal to access the data, as in the affirmative exit from 420, then the RMS may create a user license, as in 440, and sent it to the requesting ERM-aware application, as in 450.” See also the more detailed rejection of claim 7 below
wherein the one or more processors return the re-encrypted first data structure in response to the determination.  
Clifford in Col. 8, lines 56-62 (51) describes the RMS of the license server 120 returning an (encrypted) user license to the client computer 110 (ERM-aware app) that allows access to “the data.”  “The data” in Clifford is described in Col. 8, lines 16-25 (47) as residing in the storage system 130, which corresponds to a server or storage system of claim 1. Thus, Clifford teaches a license server that provides a license to a client that allows the client to access and/or decrypt data on a storage server.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler, Choi, and Ashley with the teachings of Clifford to incorporate the ability for a third party licensing server to supply / verify licenses which are used to determine if a user has access to copy-write protected data. One of ordinary skill in the art would have been motivated to perform such an addition to provide an aid in reducing piracy of protected information by using a licensing server that confirms the legitimacy of a license.  

Regarding claim 7, 
Hetzler, Choi, Ashley, Gladwin, and Clifford teach,
The system of claim 6, 
wherein determining that the first client device or the second client device has had access to or has a license to use the content of the requested partially decrypted first data structure comprises: 
contacting a third party configured to verify licenses to digital content; and 
The RMS of the license server 120 (“third party” of claim 7) in Clifford is contacted by the ERM-aware application of the client computer 110 to obtain a license.  Clifford in (49-50) states, “a request may identify the user of the ERM-aware application (i.e., the principal). In various embodiments, the request may include the publishing license of the ERM-protected data. In some embodiments, the request may comprise a public encryption key of the ERM-aware application for the licensing server to use for encrypting communications with the ERM-aware application. (50) According to the illustrated embodiment, the RMS may receive and analyze the request, as in 410. For example, in 410, if the public key of the RMS was used to encrypt the publishing license then the RMS may decrypt the publishing license using its private key. The RMS may then analyze the decrypted publishing license to determine if the given principal may access the data, as in 420.”
receiving, from the third party, the determination.  
Clifford in Col. 8 lines 42-55 (50) further states, “If the publishing license does not permit the user to access the data, as indicated by the negative exit from 420, the RMS may deny a user license to the principal, as in 430. However, if the user license does permit the principal to access the data, as in the affirmative exit from 420, then the RMS may create a user license, as in 440, and sent it to the requesting ERM-aware application, as in 450.” Thus, the license server 120 of fig. 1 of Clifford makes the determination. See also, Hetzler in [0066] where a third party key service has access to keys.

Regarding claim 23, Hetzler, Choi, Ashley, Gladwin, and Clifford teach,
Hetzler teaches,
A system for receiving encrypted data structures from a remote storage comprising: 
one or more processors; and 
a storage medium storing instructions that, (The Examiner asserts that processors and memory are an inherent part of storage system 420 in Hetzler figs. 4-5) when executed, cause the one or more processors to perform operations comprising: 
Hetzler teaches,
in response to the request and from the remote device, receiving the encrypted data structure and metadata associated with the data structure, 
Hetzler in the first sentence of [0094] teaches the Client 1 that includes “the meta-generator 406 computes deduplication information (e.g., metadata) 446 …”.  The deduplication information 446 (“first metadata associated with the first data structure”) is sent from the Client 1 to the Storage System 420, as shown in figs. 4 & 5.
wherein the data structure is encrypted … with a first key and a common key, (Hetzler in [0093] “client 1 side 402 may encrypt the write data 444” (emphasis added)) 
 (emphasis added, see discussion below)
Hetzler in [0095] states, “client secret encryption key 404. The client key encrypted data 450 and the key ID associated with the client secret encryption key 404 may be sent to the storage system 420 (e.g., the deduplication manager 424). In another approach, the write data 444 is sent to the client secret key encrypter 408 and encrypted with the client secret encryption key 404. The write data 444 and the key ID associated with the client secret encryption key 404 may be sent to the storage system 420 (e.g., the deduplication manager 424).” Additionally, Hetzler in [0107] states, “a read operation comprises receiving data chunks which are encrypted with at least two keys, e.g., a client secret encryption key and a storage ephemeral key.” These features are then decrypted with the storage 420.
the common key accessible by the system and not by the remote device; 
Hetzler in [0095] states, “Data 450 is opaque to the storage system 420 (e.g., the client secret encryption key 404 is not available to the storage system 420)”
decrypting the received data structure using the received first key and the received common key, …
See the deduplication manager 424 which also performs ephemeral key decryption, as discussed in [0098] of Hetzler.
Hetzler with regards to figure 6 depicts a storage 608 sending chunks to a client public key encrypter 640, where the chunks are already encrypted with a client private key.  This data is sent to Client 1 602, which uses client private key decrypter 642 to decrypt the encrypted data from the Storage 608. 
Similarly, Choi see above regarding the rejections of independent claims 1 and 17, which teaches the domain key and first device key being used to decrypt a content encryption key that is used to decrypt content. 
wherein the remote device does not have access to the common key.  
The “common key” of Hetzler [0005] teaches a very simple implementation of deduplication, where the clients performs the encryption (client-side encryption) where the storage system does not know the key, and deduplication can only be performed on data when a “common key” is used.
Hetzler at [0005] states, “Conventional full client-side encryption encrypts the data with a key unknown to the storage system. The storage system only deduplicates data encrypted with a common key. …”
In the case of the same data (e.g., copy righted data) that is encrypted with the same key (i.e., “common key”), performing a simple comparison of the two encrypted data (without decrypting the two data) would identify the duplicates. This feature is clearly taught by [0005] of Hetzler.
Similarly, Clifford’s convergent encryption allows the clients to encrypt the data with the hash of the data, and keep the hash / key, and then provide the encrypted (with the hash) data to the storage server without providing the hash / key to the storage server.
Hetzler fails to teach,
However, Clifford teaches,
sending, to a remote device, a request for an encrypted version of a data structure along with at least one of proof of access to the data structure or a license to access the data structure; 
Clifford in Col. 8, lines 32-41 (49) states, “In the method of FIG. 4 an ERM-aware application may request a user license for the ERM-protected data from an RMS, as in 400. In various embodiments, such a request may identify the user of the ERM-aware application (i.e., the principal). In various embodiments, the request may include the publishing license of the ERM-protected data.” Clifford in Col. 9, lines 42-55 (50) further describes the RMS (license server 12) determining if the user should be granted access to the data based on a license.  See also Col. 4, lines 40-50 (22), Col. 5, lines 51-59 (30), Col. 6, lines 51-61 (36), and Col. 7, lines 21-28 (40) of Clifford.    
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler’s de-duplication of encrypted data with Clifford to incorporate the ability for a third party licensing server to supply / verify licenses which are used to determine if a user has access to copy-write protected data.  One of ordinary skill in the art would have been motivated to perform such an addition to provide and aid in reducing piracy of protected information.  
Hetzler and Clifford fail to teach, 
However, Ashley teaches, 
receiving the first key; 
Ashley in fig. 4 and the first two sentences of [0043] teaches that the client “generates a session key (step 412); the session key is preferably a symmetric secret key. The client then securely sends the session key to the server (step 414).” This key is used for the communications during the session in the secure tunnel (e.g. TLS, see [0006] of Ashley). Thus, Ashley teaches a storage or “storage system” that receives a key that is used in TLS sessions.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler’s secure TLS channel / tunnel with the secure encrypted tunnel / session of Ashley, where the Client in Ashley provides the symmetric session key that is used to encrypt data transferred during the session.  One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability of having the Client create the session key, as opposed to the Server creating the key (as taught in Hetzler), in order to reduce the number of back and forth communications when establishing a session, because it may be more efficient for the Client to generate the symmetric session key due to the client receiving enough information to verify the authenticity of the server before the server can verify the authenticity of the client.  
Hetzler, Clifford, and Ashley fail to teach, 
However, Choi teaches,
receiving the common key; and 
Choi’s Abstract teaches that a licensing server creates encryptions keys corresponding to a domain manager (i.e., domain of multiple user devices) (“common key” of the claim) and one user module (i.e., one of the devices of the user) (“first key” or “second key” of the claim). The contents encryption key (that encrypts data protected by DRM) is encrypted using commutative encryption of the encryption key of the domain manager and the encryption key of the one user module.  The Examiner interprets the contents encryption key of Choi as corresponding to the “data structure(s)” of the invention. Choi’s invention allows the different user devices in the domain (of the user, managed by the domain manager) to share the licenses / encryption keys.
See Hetzler’s ephemeral key, discussed above in rejection of claim 1. Client encryption key 404 of Hetzler corresponds to the “common key” that is not shared with the server (i.e., “storage system” or storage system 420 of Hetzler) (Hetzler in [0095]) (“Data 450 is opaque to the storage system 420 (e.g., the client secret encryption key 404 is not available to the storage system 420”)
… by applying the first key and the common key to the received data structure in any order. 
Choi in the Abstract and [0014-15] teaches commutative encryption, as discussed above. As discussed above, commutative encryption allows encryption and decryption in any order.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler’s deduplication of encrypted data with Choi’s use of commutative encryption for licensing and access of copyrighted material that is protected by DRM encryption. One of ordinary skill in the art would have been motivated to perform such an addition to provide commutative encryption using different keys so that the order of the encryption (1st key then 2nd key, or 2nd key then 1st key) does not affect the order of the decryption / the output of the decryption.   
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler’s with Choi to further teach a licensing server that provided encryption / decryption keys and access to authorized user devices accessing copyrighted data. One of ordinary skill in the art would have been motivated to perform such an addition to provide the additional functionality of providing licensing and access keys to copyrighted data.  
Hetzler, Clifford, Ashley, and Choi fail to teach, 
However, Gladwin teaches,
indexing the encrypted data structure to an associated segment identifier using the first key.
The examiner understands the above features with regards to fig. 4 and [0099-100] of the applicant’s printed publication, in particular using steps 413 and 414 where a single copy of a data structure is stored using the first key. (Compare with claim 1, which is related to step 412) 
Gladwin teaches data deduplication. (Gladwin, Title “Data De-Duplication In A Dispersed Storage Network Utilizing Data Characterization”) Gladwin teaches that data segments (“data structure”) and a key table that is indexed (“to … segment identifier”) by key references, where the key reference is generated based on an encryption key (“using the … key”). (Gladwin, [0140]) 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler’s deduplication of encrypted data with Gladwin, which teaches data deduplication, where the data is indexed using an encryption key of the data in order to build a reference table that allow the data to be retrieved. One of ordinary skill in the art would have been motivated to perform such an addition so that Hetzler’s deduplication so that one could utilize Gladwin’s ability to store encryption keys so that the encryption keys (“first key” and “second key”) could be used to index and find the data, which would allow the client or server to store only the key and not have to store additional indexing information in order to retrieve the data being stored. 

Claims 17-18 and 20-22 are rejected under 35 U.S.C. 103 as being unpatentable over Hetzler, in view of Choi, in view of Ashley, in view of Clifford, and further in view of US 2014/0279958 to Huang (hereinafter Huang). 
Regarding claim 17, the combination of Hetzler, Choi, Ashley, Clifford, and Huang teach,  
Hetzler teaches,
A system for uploading encrypted data structures to a remote storage comprising: 
one or more processors; (The Examiner asserts that processors and memory are an inherent part of storage system 420 in Hetzler figs. 4-5) and a storage medium storing instructions that, when executed, cause the one or more processors to perform operations comprising:
Hetzler’s Abstract describes an invention with a similar purpose to the features described in the applicant’s specification and the features recited in the applicant’s claims.  Please see the rejection of claim 1 for a copy of Hetzler’s abstract with relevant features emphasized.

Hetzler teaches an “ephemeral key 504” (“first key”) used in the secure TLS layer in [0133] of Hetzler, because the TLS channel uses the ephemeral key to encrypt information that is transferred through the TLS tunnel from the client to the Storage System 420.  The ephemeral key 504 of fig. 5 also exists in fig. 4 as ephemeral key 440. The TLS encryption tunnel of Hetzler may by the components in Clifford (i.e., client computer 110, license server 120, and storage system 130 of fig. 1 of Clifford), and thus, the data provided in Clifford would be encrypted with a key (“first key”). 
Similarly, Choi (discussed further below) in the Abstract teaches that a licensing server creates two encryptions keys corresponding to a domain manager (i.e., domain of multiple user devices) (“common key” of the claim) and one user module (i.e., one of the devices of the user) (“first key” or “second key” of the claim). The contents encryption key (that encrypts data protected by DRM) is encrypted using commutative encryption of the encryption key of the domain manager (“common key” being common to multiple clients) and the encryption key of the one user module (“first key” being client specific).  The Examiner interprets the contents encryption key of Choi as corresponding to the “data structure(s)” of the invention. Choi’s invention allows the different user devices in the domain (of the user, managed by the domain manager) to share the licenses / encryption keys.
… and being associated with a first metadata; 
Hetzler in the first sentence of [0094] teaches the Client 1 that includes “the meta-generator 406 computes deduplication information (e.g., metadata) 446 …”.  The deduplication information 446 (“first metadata associated with the first data structure”) is sent from the Client 1 to the Storage System 420, as shown in figs. 4 & 5. 
Similarly, Clifford (discussed further below) in Col. 4, lines 40-50 (22) teaches an identifier (“metadata”) that is associated with each piece of data. Clifford in Col. 5, lines 21-32 (27) teaches using this identifier to determine if the information has already been stored.
receiving a common key; 
Hetzler in [0005] teaches the use of the “common key” which simplifies de-duplication because identical data structures from two different clients, when encrypted with the same “common key” produces identical encrypted data structures that are easily identified / matched as identical.
Similarly, Choi (discussed further below) in the Abstract teaches that a licensing server creates encryptions keys corresponding to a domain manager (i.e., domain of multiple user devices) (“common key” of the claim, because it is common to multiple clients) and one user module (i.e., one of the devices of the user) (“first key” or “second key” of the claim). The contents encryption key (that encrypts data protected by DRM) is encrypted using commutative encryption of the encryption key of the domain manager and the encryption key of the one user module.  The Examiner interprets the contents encryption key of Choi as corresponding to the “data structure(s)” of the invention. Choi’s invention allows the different user devices in the domain (of the user, managed by the domain manager) to share the licenses / encryption keys.
Choi in [0014-15] teaches details of the commutative encryption, and Choi in the first sentence of [0085] teaches that the license server 100 uses a license creation module 40 to create encryption key for the domain (“common key”), first encryption key Kdc1 (first user device) (“first key” of the claim), and second encryption key Kdc2 (second user device) (“second key” of the claim). Choi in [0085] teaches that the encryption key for the domain  and the clients (Kdc1 Kdc2) are generated in the license server 100 and provided to the clients.
Similarly, Clifford (discussed further below) in Col. 3, lines 34-43 (14) teaches the use of convergent encryption where the hashing of the data structure is used as the encryption key (“common key”). Thus, the original provider of the data structure also provides the key (“common key”) that is common to all clients that receive the data structure because the hash of the data is the key.  
further encrypting the first data structure  (emphasis added)
See discussion above regarding claim 1 where Hetzler teaches the “first key” and “common key” being used to create an encrypted “first data structure.”
transmitting, to a remote device, the further encrypted first data structure 
The Examiner interprets this limitation as being similar to the features of independent claim 1 where the client transmits to a storage server that stores and also performs deduplication, as discussed above, where the “remote device” corresponds to a storage server that performs de-duplication of a first data structure encrypted with a first key and a common key.
The Examiner asserts that the “first key” is taught by the “ephemeral key 504” used in the secure TLS layer in [0133] of Hetzler, because the TLS channel uses the ephemeral key to encrypt information that is transferred through the TLS tunnel from the client to the Storage System 420.  The ephemeral key 504 of fig. 5 also exists in fig. 4 as ephemeral key 440. 
Hetzler in [0080] teaches the ephemeral key 440 of fig. 4 (similar to ephemeral key 504 of fig. 5) being used by the ephemeral key encrypter 410 to encrypt data.  Thus, Hetzler teaches that the ephemeral keys 440 / 504 of figs. 4 & 5 may be used to encrypt all data, including the data that is to be de-duplicated (i.e., “first data structure” and “second data structure”). 
wherein the remote device does not have access to the common key.  
The “common key” of Hetzler [0005] teaches a very simple implementation of deduplication, where the clients performs the encryption (client-side encryption) where the storage system does not know the key, and deduplication can only be performed on data when a “common key” is used.
Hetzler at [0005] states, “Conventional full client-side encryption encrypts the data with a key unknown to the storage system. The storage system only deduplicates data encrypted with a common key. …”
In the case of the same data (e.g., copy righted data) that is encrypted with the same key (i.e., “common key”), performing a simple comparison of the two encrypted data (without decrypting the two data) would identify the duplicates. This feature is clearly taught by [0005] of Hetzler.
Similarly, Clifford’s (discussed further below) convergent encryption allows the clients to encrypt the data with the hash of the data, and keep the hash / key, and then provide the encrypted (with the hash) data to the storage server without providing the hash / key to the storage server.
Hetzler fails to teach,
However, Clifford teaches,
6Application No. 16/660,761 Attorney Docket No.: 15036.0006-00000 
a storage medium storing instructions that, when executed, cause the one or more processors to perform operations comprising: 
receiving a license to access a first data structure, … 
Clifford in Col. 8, lines 32-41 (49) states, “In the method of FIG. 4 an ERM-aware application may request a user license for the ERM-protected data from an RMS, as in 400. In various embodiments, such a request may identify the user of the ERM-aware application (i.e., the principal). In various embodiments, the request may include the publishing license of the ERM-protected data.” Clifford in Col. 9, lines 42-55 (50) further describes the RMS (license server 12) determining if the user should be granted access to the data based on a license.  See also Col. 4, lines 40-50 (22), Col. 5, lines 51-59 (30), Col. 6, lines 51-61 (36), and Col. 7, lines 21-28 (40) of Clifford. Similarly, Choi (discussed further below) teaches providing a license from license server 100 to multiple user devices, as further discussed below. 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler’s de-duplication of encrypted data with Clifford to incorporate the ability for a third party licensing server to supply / verify licenses which are used to determine if a user has access to copy-write protected data.  One of ordinary skill in the art would have been motivated to perform such an addition to provide and aid in reducing piracy of protected information.  
Hetzler and Clifford fail to teach,
However, Choi teaches, 
receiving the first key; 
In contrast, Hetzler teaches the ephemeral key 440 / 504, used in the secure TLS channel of Hetzler, is generated and provided by the other system (storage) to the Client 1.   
Choi’s Abstract teaches that a licensing server creates encryptions keys corresponding to a domain manager (i.e., domain of multiple user devices) (“common key” of the claim) and one user module (i.e., one of the devices of the user) (“first key” or “second key” of the claim). The contents encryption key (that encrypts data protected by DRM) is encrypted using commutative encryption of the encryption key of the domain manager and the encryption key of the one user module.  The Examiner interprets the contents encryption key of Choi as corresponding to the “data structure(s)” of the invention. Choi’s invention allows the different user devices in the domain (of the user, managed by the domain manager) to share the licenses / encryption keys.
Choi in [0014-15] teaches details of the commutative encryption, and Choi in the first sentence of [0085] teaches that the license server 100 uses a license creation module 40 to create encryption key for the domain (“common key”), first encryption key Kdc1 (first user device) (“first key” of the claim), and second encryption key Kdc2 (second user device) (“second key” of the claim). Choi at the end of [0085] teaches that the first encryption key is obtained by the first module 15. Thus, the first and second encryption keys are provided to the first 15 and second devices by the license server 100.
… encrypting … commutatively …
Choi in the Abstract and [0014-15] teaches commutative encryption, as discussed above.  
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler’s deduplication of encrypted data with Choi’s use of commutative encryption for licensing and access of copyrighted material that is protected by DRM encryption. One of ordinary skill in the art would have been motivated to perform such an addition to provide commutative encryption using different keys so that the order of the encryption (1st key then 2nd key, or 2nd key then 1st key) does not affect the order of the decryption / the output of the decryption. 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler’s with Choi to further teach a licensing server that provided encryption keys and access to authorized user devices accessing copyrighted data. One of ordinary skill in the art would have been motivated to perform such an addition to provide the additional functionality of providing licensing and access keys to copyrighted data.  
Hetzler, Clifford, and Choi fail to teach,
However, Ashley teaches, 
transmitting …  along with the first key,
In contrast, the ephemeral key 440 / 504, used in the secure TLS channel of Hetzler, is provided by the Storage System 420 to the Client 1.
Ashley in fig. 4 and the first two sentences of [0043] teaches that the client “generates a session key (step 412); the session key is preferably a symmetric secret key. The client then securely sends the session key to the server (step 414).” This key is used for the communications during the session in the secure tunnel (e.g. TLS, see [0006] of Ashley). Thus, Ashley teaches a storage or “storage system” that receives a key that is used in TLS sessions.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler’s secure TLS channel / tunnel with the secure encrypted tunnel / session of Ashley, where the Client in Ashley provides the symmetric session key that is used to encrypt data transferred during the session.  One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability of having the Client create the session key, as opposed to the Server creating the key, in order to reduce the number of back and forth communications when establishing a session, because it may be more efficient for the Client to generate the symmetric session key due to the client receiving enough information to verify the authenticity of the server before the server can verify the authenticity of the client.  
As indicated above, Hetzler, Clifford, Choi, and Ashley fail to teach, 
However, Huang teaches,
… and a segment identifier associated with the encrypted first data structure …, 
Huang teaches “An index, list, or other set of segment fingerprints associated with previously stored segments (“data structure”) is checked. If the segment is a duplicate of a previously stored segment a reference to the segment as stored previously is associated with the file or other object with which the currently received segment is associated. Otherwise, the segment is added to a segment and index store 204 by storing the segment data in one of a plurality of containers, represented in FIG. 2 by containers 206 and 208, and index data associating the container, for example by unique container ID, with the segment fingerprint of the segment data is stored in a metadata index 210. In some embodiments, the index data also includes for each segment a segment ID or other data indicating a location of the segment within the container in which it is stored.” (Huang, starting at the fourth sentence of [0017] describing fig. 17) (emphasis added)
The examiner notes that Huang describes the situation where the first and second data structures are different, and thus, stored in different locations, and have different data identifiers.
The examiner notes that Huang does not teach whether the segment data is encrypted or not, however, it is noted that the applicant’s invention merely compares data that has been encrypted with the same “common key”, and thus, the same data segments (e.g., data from a DVD movie) provided by two users is the same, when encrypted with the same “common key.”
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler’s deduplication of encrypted data with Huang’s, which teaches data segments that are indexed and identified by segment identifiers in the situations where two data segments are the same, and also when the two data segments are different. One of ordinary skill in the art would have been motivated to perform such an addition so that Hetzler’s deduplication could utilize the indexing of data segments that is taught by Huang. 
Additionally, Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler, Choi, and Ashley with the teachings of Clifford to incorporate Clifford’s convergent encryption which uses the hash of the data structure as the encryption key, which would be common (“common key”) to all clients who possesses the data. One of ordinary skill in the art would have been motivated to perform such an addition to provide a simple method of producing a common key that would be access-able by all clients without the need to distribute the common keys.

Regarding claim 18, Hetzler, Choi, Ashley, Clifford, and Huang teach,
The system of claim 17, wherein the license comprises a digital rights management (DRM) data structure.  
	Clifford’s Abstract describes an enterprise rights management (ERM) system that enables effective data deduplication of ERM protected data. Examiner interprets the ERM system of Clifford as corresponding to the “DRM data structure” of claim 18.

Regarding claim 20, Hetzler, Choi, Ashley, Clifford, and Huang teach,
The system of claim 17, wherein the operations further comprise: 
sending a request for the first data structure to the remote device; and 
Hetzler describes in [0125-126] the Client 1 sending a request 502 and a read request 508 to the storage 420 in order to receive “returned data chunks.” See also Hetzler fig. 5
receiving the first data structure encrypted with the common key.
Hetzler in describes a storage system encrypting using a client secret key (“common key”), in [0095] and [0107] of Hetzler, as discussed above. This encrypted data may then be sent by the storage to the client.  

Regarding claim 21, Hetzler, Choi, Ashley, Clifford, and Huang teach,
The system of claim 20, wherein: 
the received first data structure is further encrypted with the first key; and 
Hetzler in [0097] states, “In a preferred approach, the deduplication manager 424 receives the encrypted write data 444 (e.g., data encrypted with a key that is not available to the storage system 420) and the encrypted deduplication information 446 (e.g., metadata encrypted with a key that is available to the storage system 420). [0098] In one configuration, the deduplication manager 424 includes an ephemeral key decrypter. The ephemeral key decrypter may decrypt data encrypted with the storage ephemeral encryption key 440 as would be understood by one having ordinary skill in the art upon reading the present disclosure.
the operations further comprise, in response to the request, receiving the first key.  
Hetzler describes in [0125-126] the Client 1 sending a request 502 and a read request 508 to the storage 420 in order to receive “returned data chunks.” See also Hetzler fig. 5.  Hetzler in Fig. 5 shows ephemeral key 504 being returned by the storage 420 to the client 402 and in [0125] states, “The ephemeral key may be for encrypting returned data chunks. An ephemeral key 504 may be returned in response 506 to the request 502.”

Regarding claim 22, Hetzler, Choi, Ashley, Clifford, and Huang teach,
The system of claim 20, wherein the operations further comprise: 
responding to a challenge from the remote device; and 
Clifford in Col. 8, lines 26-31 (48) describes a user attempting to access ERM-protected data which corresponds to a “challenge” of claim 22.
receiving the first data structure or a denial message based on whether the response can be verified by the remote device.  
Clifford describes a license server 120 of fig. 1 that provides the ability to determine whether access to data is allowed.  See Clifford Col. 8, lines 32-55 (49-50) which states, “If the publishing license does not permit the user to access the data, as indicated by the negative exit from 420, the RMS may deny a user license to the principal, as in 430. However, if the user license does permit the principal to access the data, as in the affirmative exit from 420, then the RMS may create a user license, as in 440, and sent it to the requesting ERM-aware application, as in 450.” (emphasis added) See also the more detailed rejection of claim 7 above.

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Hetzler, in view of Choi, in view of Ashley, in view of Gladwin, and further in view of US 2020/0320046 Narayanamurthy et al. (hereinafter referred to as “Narayanamurthy”). 
Regarding claim 11, Hetzler, Choi, Ashley, and Gladwin teach, 
The system of claim 9, 
Hetzler, Choi, Ashley, and Gladwin teach fail to teach,
However, Narayanamurthy teaches,
wherein the operations further comprise instructing the second client device not to transmit the encrypted second data structure when the first segment identifier associated with the encrypted first data structure and the second segment identifier associated with the encrypted second data structure comprise a fuzzy match.  
However, Narayanamurthy teaches the above recitation, because Narayanamurthy in fig. 4G depicts hashed data 434 (“identifier” of claim 11) that is used to determine if the data already exists in the remote data store 404, and the remote data store 404 determines whether to request data 406 from the second computing device 430 based on matching of the hashed data 434. For example, Narayanamurthy in [0061] states, “The remote data store 404 may determine whether the hashed data 434 generated by the second computing device 430 of user (B) matches the hashed data 412 within the metadata 410 generated by the computing device 402 of user (A). If the hashed data 434 does not match the hashed data 412 within the metadata 410 (or any other hashed data within metadata maintained by the remote data store 404 for deduplication), then the remote data store 404 may instruct the second computing device 430 to transmit the data 406.” (emphasis added)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler, Choi, and Ashley to incorporate the teachings of Narayanamurthy to incorporate a determination that data already exists in a data store (i.e., server storage). One of ordinary skill in the art would have been motivated to perform such an addition to aid in reducing bandwidth used by a client because the client would not send the data to a server storage due to the data already being identified as being located on the data storage.  

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Hetzler, in view of Choi, in view of Ashley, in view of Gladwin, and further in view of US 2013/0305039 to Gauda (hereinafter referred to as “Gauda”). 
Regarding claim 12, Hetzler, Choi, Ashley, and Gladwin teach, 
The system of claim 9, 
Hetzler, Choi, Ashley, and Gladwin teach fail to teach,
However, Gauda teaches,
wherein the segment identifiers comprise a universally unique identifier (UUID) or a certificate. 
However, Gauda teaches the above recitation, because Gauda in [0099] and [0101] describes the use of universally unique identifiers to identify portions of data stored in a cloud storage system.  According to Gauda the CFS client module generates the UUIDs. Additionally, the use of a hash of data by the CFS client module is discussed.  
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler to incorporate the teachings of Gauda to incorporate the universally unique identifier (UUID) in order to use a standardized data segment identifier.  One of ordinary skill in the art would have been motivated to perform such an addition to provide for the ability to use a standardized UUID that would be compatible across multiple devices.  

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Hetzler, in view of Choi, in view of Ashley, in view Clifford, in view of Huang, and further in view of US 2011/0161680 Grube et al. (hereinafter referred to as “Grube”). 
Regarding claim 19, Hetzler, Choi, Ashley, Clifford, and Huang teach, 
The system of claim 17,
Hetzler, Choi, Ashley, Clifford, and Huang fail to teach,
However, Grube teaches,
wherein at least one of the first key or the common key comprise a self-inverse encryption key.  
Grube teaches an inverse function that produces encoded slices (portions) of data.  Grube in [0085] states, “A data de-duplication method begins by a processing module receiving a plurality of data storage requests from a plurality of requesting devices wherein a data storage request includes the data and a requester identifier (ID). The method continues with the processing module obtaining a data identifier (ID) for the data. For each of the plurality of data storage requests, the method continues with the processing module producing a requester storage record, dispersed storage error encoding the requester storage record to produce a set of encoded requester storage record slices, and sending the set of encoded requester storage record slices to a dispersed storage network (DSN) memory for storage therein. The method continues with the processing module dispersed storage error encoding at least a portion of the data to produce a set of encoded data slices and sending the set of encoded data slices to the DSN memory for storage therein.”
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler, Choi, and Clifford to incorporate the teachings of Grube to include the inverse function that produces encoded slices (portions) of data. One of ordinary skill in the art would have been motivated to perform such an addition to provide for the capability of utilizing self-inverse encryption keys.

Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over Hetzler, in view of Choi, in view of Ashley, in view of Gladwin, and further in view of US 2020/0259636 to Gottipati et al. (hereinafter referred to as “Gottipati”). 
Regarding claim 24, Hetzler, Choi, Ashley, and Gladwin teach,  
The system of claim 1, 
Hetzler, Choi, Ashley, and Gladwin fail to specifically teach,
However, Gottipati teaches,
wherein the operations further comprise: 
indexing the stored partially decrypted first data structure and the first key to a first client device identifier; and 
Hetzler does teach “partially decrypted first data structures”, however, the indexing of this data structure and the key and the client identifier are not taught by Hetzler.
However, Gottipati teaches the above features, 
Gottipati in the middle of [0026] teaches the server 120 includes index 125 (see fig. 1) that identifies the locations of data stored in the data store 130. (See fig. 1) The examiner asserts this corresponds to “indexing the stored … first data structure.”
Additionally, Gottipati in the last sentence of [0057] and the last sentence of [0062] teaches the server 120 stores an encryption key in the index 125. Further, the server 120 also associates / indexes the data (“first data structure”) to a “client identifier”, as taught in the middle of [0057]. 
indexing the stored partially decrypted first data structure and the second key to a second client device identifier when the content of the partially decrypted first data structure corresponds to content of the partially decrypted second data structure.
	 Gottipati in fig. 1 teaches multiple client devices 110A-100C, and the server 120 including a data index 125 that indexes the data (data structure, keys, client identifiers) from the multiple client devices 110A-100C, and then stores the data structure (“first data structure” “second data structure”) in data store 130 (see fig. 1). Thus, the system of Gottipati teaches indexing data from two different clients, and also de-duplicates this data.
	Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Hetzler, Choi, and Ashley, which in combination teach encrypted secure tunnel channels used to for secure communication between the clients and the storage system / server with Gottipati, which teaches an index used by a deduplication system, where the index stores client identifiers and encryption data.  One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability of an index which allows data structures to be quickly found, and to include in the index identifiers of the client devices and also encryption keys that are associated with the de-duplicated data in order to re-establish communication using a previously shared symmetric key. 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571) 272-3942.  The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/B.W.A./

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495