DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The following is a Final Office action in response to communications received on 10/06/2022. 

Response to Amendment
Claims 1 and 11-20 have been amended. 
Examiner’s rejection of claims 1-11 under 35 U.S.C 101 is withdrawn in light of the applicant’s amendments to the claims. 
Applicant’s arguments with respect to claims 1 and 11 regarding the new limitations: “based on the hop information, an efficiency of an encrypting processing resource, and the content sensitivity information, selecting an encryption to be applied to the backup metadata; and applying, by the encrypting processing resource, the encryption to the backup metadata”, and regarding “metadata path”, have been considered but are moot in view of the new ground of rejection presented in the current office action.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1-4, 6-14 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over prior art of record CN106936771A to Lin et al (hereinafter Lin), EP3876127A1 to Schnjakin et al (hereinafter Schnjakin) and prior art of record US 20090059915 to Baker (hereinafter Baker).
Examiner’s Note: The examiner used an English translation of EP3876127A1 which is attached to the end of the original document.
As per claims 1 and 11, Lin teaches: 
A method, comprising: 
obtaining content sensitivity information indicating a relative sensitivity of backup data to an attack (Lin: [0063]: The cloud storage platform will determine the data encryption method according to the security level corresponding to the data stored by the user. [0064]: The user storage data includes metadata and data blocks. [0068]: For example, a hierarchical encryption self-learning unit can set …, backups, etc. to a high security level. [0016]: For medium and high-level data, except the user who has the key, no one else can obtain the metadata of the data. The intruder may capture some data blocks of the data fragment at most, but because there is no synthesis mechanism that does not know the data block, Complete data is also not available); 
based the content sensitivity information, selecting an encryption to be applied to the backup metadata (Lin: [0064]: In step 304, the data hierarchical encryption unit determines an encryption method according to the security level corresponding to the user's stored data, and processes the user's stored data according to the determined encryption method); and 
applying, by the encrypting processing resource, the encryption to the backup metadata (Lin: [0064]: The data hierarchical encryption unit selects an encryption method according to the security level, and encrypts the user-stored data according to the selected encryption method. When the security level corresponding to the user's stored data is a high security level, the data hierarchical encryption unit encrypts the metadata of the user data with the user's SM2 algorithm public key).
Lin does not teach: obtaining hop information of a metadata path for backup metadata; and based on the hop information, an efficiency of an encrypting processing resource, selecting an encryption to be applied to the backup metadata. However, Schnjakin teaches:
metadata path for backup metadata; based on an efficiency of an encrypting processing resource, selecting an encryption to be applied to the backup metadata (Schnjakin: [0095]: The upload program generates the metadata for the file to be stored, the metadata containing at least the calculated hash value of the file—preferably in encrypted form—and the hash values of the file fragments. [0096]: The hash values of the file fragments can be associated with a mapping to the original filename, and the mapping can be included in the metadata along with the original filename. [0099]: According to embodiments, another external maintenance user can also read the status file. For this purpose, the file management server sends, …, a public key of the other external maintenance user that is stored in a user profile managed by the file management server to the device that has stored the status file distributed. The upload program of said device receives the public key of the requesting, authorized additional external maintenance user, uses it to encrypt the symmetric key and sends the metadata with the encrypted symmetric key to the file management server. The file management server in turn sends the metadata of said status file to the user computer system of the other external maintenance user (metadata path – from upload program to file management server to external maintenance user). [0100]: The described combination of a file-specific symmetric key for encrypting and decrypting the file fragments and a public key assigned to the user for integrating the symmetric key into the metadata of the file can also be advantageous, since encryption or decryption of large amounts of data using symmetric cryptographic keys is usually significantly more efficient than using an asymmetric cryptographic key pair. The speed aspect is less relevant when encrypting the (comparatively small) metadata, so that encryption with an asymmetric cryptographic key pair can be used here, which enables the exchange of a key required for decryption without revealing the private key, i.e., the encryption key of the data and metadata is based on the speed aspect (efficiency) in performing encryption by the upload program).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Schnjakin in the invention of Lin to include the above limitations. The motivation to do so would be to provide a remote maintenance method that is particularly secure in a number of respects (Schnjakin: [0007]).
Lin in view of Schnjakin teaches a metadata path but does not teach: obtaining hop information of a metadata path for backup metadata; based on the hop information, selecting an encryption to be applied to the backup metadata. However, Baker teaches:
obtaining hop information of a metadata path for backup metadata (Baker: [0022]: For example, the communication module 138 or other resource of the information handling system 100, can determine a network quality of a network between the information handling system 100 and a destination, such as the first destination 140. In another form, the number of network interconnects, data routings, hops, etc. can be determined between the information handling system 100 and a destination); and 
based on the hop information, selecting an encryption to be applied to the backup metadata (Baker: [0022]: Using the latency value and the "hop count" value, the communication module 138 can determine a communication mode, processing routine, encryption, error verification, or various other routines or method to employ in association with communicating information from the information handling system 100 to a destination).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Baker in the invention of Lin in view of Schnjakin to include the above limitations. The claim would have been obvious because a particular known technique was recognized as part of the ordinary capabilities of one skilled in the art (see KSR Int’l Co. v. Teleflex Inc. 550 U.S. ___, 82 USPQ2d 1385 (Supreme Court 2007) (KSR)).

As per claims 2 and 12, Lin in view of Schnjakin and Baker teaches:
The method as recited in claim 1, wherein the metadata path extends from a backup server to a target storage site (Lin: [0068]: backups. [0070]: As shown in FIG. 5 , the secure cloud storage system 500 includes: a user interface 501, an authentication unit 502, a security level determination unit 503, a data classification encryption unit 54 and a storage unit 505. [0079]: Preferably, the storage unit 505 is configured to store the stored data processed by the data hierarchical encryption unit. 653 Preferably, the storage unit 505 can be distributed on different network nodes. And the storage medium and access speed of the storage unit 505 may be different).

As per claims 3 and 13, Lin in view of Schnjakin and Baker teaches:
The method as recited in claim 1, wherein the hop information identifies a number of hops taken by the backup metadata as the backup metadata travels the metadata path (Baker: Fig. 1 and [0022]: the number of network interconnects, data routings, hops, etc. can be determined between the information handling system 100 and a destination. For example, the information handling system 100 can communicate information to the second destination 142 via the first interconnect 144 and the second interconnect 146. As such, a "hop count" of two (2) can be determined prior to communicating the information).
The examiner provides the same rationale to combine prior arts Lin in view of Schnjakin and Baker as in claims 1 and 11 above. 

As per claims 4 and 14, Lin in view of Schnjakin and Baker teaches:
The method as recited in claim 1, further comprising applying the same encryption to the backup data as was applied to the backup metadata (Lin: [0064]: When the security level corresponding to the user's stored data is the medium security level, the data hierarchical encryption unit encrypts the metadata of the user data with the user's SM4 algorithm key and encrypts the data block of the user data with the user's SM4 algorithm key).

As per claims 6 and 16, Lin in view of Schnjakin and Baker teaches:
The method as recited in claim 1, wherein the encryption is selected based in part on a performance penalty that will be imposed on a host by performance of the encryption by the host (Schnjakin: [0100]: The described combination of a file-specific symmetric key for encrypting and decrypting the file fragments and a public key assigned to the user for integrating the symmetric key into the metadata of the file can also be advantageous, since encryption or decryption of large amounts of data using symmetric cryptographic keys is usually significantly more efficient than using an asymmetric cryptographic key pair. The speed aspect is less relevant when encrypting the (comparatively small) metadata, so that encryption with an asymmetric cryptographic key pair can be used here, which enables the exchange of a key required for decryption without revealing the private key).
The examiner provides the same rationale to combine prior arts Lin and Schnjakin as in claims 1 and 11 above.

As per claims 7 and 17, Lin in view of Schnjakin and Baker teaches:
The method as recited in claim 1, wherein when the hop information meets or exceeds a threshold, the encryption is relatively stronger than encryption used when the hop information is below the threshold (Baker: [0022]: Using the latency value and the "hop count" value, the communication module 138 can determine a communication mode, processing routine, encryption, error verification, or various other routines or method to employ in association with communicating information from the information handling system 100 to a destination. [0025]. [0040]: For example, the source 402 can determine include a performance specification initiated by a policy that can enabled an iSCSI digest routine if a hop count of greater than two (2) may be determined or latency of greater than twenty (20) milliseconds may be determined. As such, if the first destination 408 returns a hop count value of one (1), and a latency value of ten (10) milliseconds, the iSCSI digest routine may not be enabled. Additionally, if the second destination 410 returns a hop count value of two (2), and a latency value of thirty (30) milliseconds, the iSCSI digest routine can be enabled when connected to the second destination 410).
The examiner provides the same rationale to combine prior arts Lin in view of Schnjakin and Baker as in claims 1 and 11 above. 

As per claims 8 and 18, Lin in view of Schnjakin and Baker teaches:
The method as recited in claim 1, wherein when the hop information is below a threshold, the encryption is selected in accordance with the content sensitivity information (Baker: [0022]: Using the latency value and the "hop count" value, the communication module 138 can determine a communication mode, processing routine, encryption, error verification, or various other routines or method to employ in association with communicating information from the information handling system 100 to a destination. [0040]: For example, the source 402 can determine include a performance specification initiated by a policy that can enabled an iSCSI digest routine if a hop count of greater than two (2) may be determined or latency of greater than twenty (20) milliseconds may be determined. Lin: [0064]: The data hierarchical encryption unit selects an encryption method according to the security level, and encrypts the user-stored data according to the selected encryption method).
The examiner provides the same rationale to combine prior arts Lin in view of Schnjakin and Baker as in claims 1 and 11 above. 

As per claims 9 and 19, Lin in view of Schnjakin and Baker teaches:
The method as recited in claim 1, wherein the hop information is derived
in part from data zone information concerning one or more data zones through which the backup metadata passes and/or host information regarding a host that performs the encryption (Baker: [0022]: In another form, the number of network interconnects, data routings, hops, etc. can be determined between the information handling system 100 and a destination. For example, the information handling system 100 can communicate information to the second destination 142 via the first interconnect 144 and the second interconnect 146. As such, a "hop count" of two (2) can be determined prior to communicating the information).
The examiner provides the same rationale to combine prior arts Lin in view of Schnjakin and Baker as in claims 1 and 11 above. 

As per claims 10 and 20, Lin in view of Schnjakin and Baker teaches:
The method as recited in claim 1, wherein the method is performed by a backup server (Lin: [0061]: Fig. 3 shows a flow chart of a secure cloud storage method according to a preferred embodiment of the present invention. Preferably, the user can input the data storage request through the user interface of the cloud storage platform. [0068]: backups).

Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Lin in view of Schnjakin and Baker as applied to claims 1 and 11 above, and further in view of US 20190332765 to Fu (hereinafter Fu).
As per claims 5 and 15, Lin in view of Schnjakin and Baker does not teach the limitations of claims 5 and 15. However, Fu teaches:
wherein the attack comprises a ransomware attack (Fu: [0037]: The above files may be sensitive files in the host that are not allowed to be modified or deleted by other users at will, or may be sensitive files that a user does not want other users to modify or delete at will. The users will suffer huge losses if the above files are held by ransomware. [0050]: after the user is determined to need to perform the write operation on the file, in order to prevent ransomware from operating on the file, whether the operation that the user needs to perform on the file is an encryption operation is further determined. [0054]. [0071]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Fu in the invention of Lin in view of Schnjakin and Baker to include the above limitations. The motivation to do so would be to solve the technical problems of low processing accuracy and high cost of the file processing method in the conventional techniques (Fu: [0007]).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438