RANSOMWARE PROTECTION FOR ARCHIVED DATA

DETAILED ACTION The following claims are pending in this office action: 1-20 Claims 1, 7, 13 and 18 are independent claims. The following claims are amended: 1, 7, 13 and 18 The following claims are new: - The following claims are cancelled: - Claims 1-20 are rejected. This rejection is FINAL. Information Disclosure Statement The information disclosure statement (IDS) submitted on 11/28/2025 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, an initialed and dated copy of Applicant’s IDS form 1449 filed 11/28/2025 is attached to the instant Office action. Previous Objections and/or Rejections Withdrawn The previous 35 USC § 112 rejections are withdrawn based on the amendments. RESPONSE TO ARGUMENTS Applicant’s arguments in the amendment filed 11/28/2025 have been fully considered but are not persuasive. The reasons are set forth below. Applicant’s position is that the searched prior art does not teach that a snapshot is created as “a new version of the object” against which an attempted change is detected. Applicant explains: ... there is no teaching in Deguchi that based on detecting an attempted change to an object in object storage 400, Deguchi protects the object in object storage from a potential cyberattack by automatically creating a new version of the of the object in the object storage 400... ... Neither Deguchi nor Vasudeva, however, teach that a snapshot is created as “a new version of the object” against which an attempted change that is detected... If an Applicant disagrees with any factual findings by the Office, an effective traverse of a rejection based wholly or partially on such findings must include a reasoned statement explaining why the Applicant believes the Office has erred substantively as to the factual findings. "A person of ordinary skill in the art is also a person of ordinary creativity, not an automaton." KSR Int'l Co. sv. Teleflex Inc., 550 U.S. 398, 421, 82 USPQ2d 1385, 1397 (2007). "[I]n many cases a person of ordinary skill will be able to fit the teachings of multiple patents together like pieces of a puzzle." Id. at 420, 82 USPQ2d 1397. Office personnel may also take into account "the inferences and creative steps that a person of ordinary skill in the art would employ." Id. at 418, 82 USPQ2d at 1396. Also see MPEP 2141.03. One cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Vasudeva teaches “monitoring for a file request in association with a storage node ... The file request may be, for example, a write request, a delete request, a truncation request, a renaming request.” Vasudeva, para. 0092. The malware attack is used as a signal that is “if, however, the file request is a write request, an analysis of data in the file is performed to determine whether the file is suspicious.” Vasudeva, para. 0095. “If ... a suspicion threshold has been met, the process 700 generates a snapshot of ... the volume to which the file was to be written.” Vasudeva, para. 0068. Therefore, Vasudeva clearly teaches the generation of a snapshot/new version of a volume/object against which an attempted change/write request is detected. Here, Applicant argues that neither Deguchi nor Vasudeva teaches a snapshot is created as “a new version of the object” against an attempted change is detected. However, the file within Vasudeva is clearly changed, and a new version/snapshot of the file is clearly created. As evidenced by George et al. (US Pub. 2023/0359585), a person of ordinary skill in the art understands a snapshot to be a new version of an object in a file system. As Applicant’s statements/arguments do not clearly explain supposed errors in the rejection, they are not persuasive. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Deguchi et al. (US Pub. 2025/0068749) (hereinafter “Deguchi”) in view of Vasudeva et al. (US Pub. 2021/0334374) (hereinafter “Vasudeva”) and as evidenced by George et al. (US Pub. 2023/0359585) (hereinafter “George”) As per claim 1, Deguchi teaches a computer-implemented method for protection of archival data, comprising: ([Deguchi, para. 0006] “a data protection method [computer-implemented method] for further strengthening data protection using a snapshot function in a storage [protection of archival data] and data protection of data to be transferred to the outside of the storage”) creating a first version of an object in an anti-attack store; ([Deguchi, para. 0059] “By using a snapshot, it is possible to protect data from a cyber attack”; [para. 0110] “a snapshot [an object] ... is periodically [a first version] ... created and transferred to the object storage 400 [in an anti-attack store]”) storing an archival file in the object in the anti-attack store, ([Deguchi, para. 0044] “The object storage 400 [the anti-attack store] is a storage device that stores backup data [the object] of the data stored in the main storage ... used as restoration data for restoring data [an archival file]”) wherein the anti-attack store has associated anti-attack functionality ([para. 0005] “a snapshot function is used to protect data stored in storage from ... attacks”) triggerable based on detecting an attempted change to the object in the anti-attack store enabled, the associated anti-attack functionality comprising: ([para. 0070] “The snapshot lock program 2221 executes a cyber attack [an attempted change to the object – see para. 0005 “an attack such as deleting a snapshot or destroying data by writing to a snapshot”] detection program to determine presence or absence of an attack”; [para. 0071] “When there is no attack, the processing ends”; [para. 0072] “When there is an attack, the snapshot lock program ...”) automatically applying a retention lock to the first version of the object in the anti-attack store ([Deguchi, para. 0073] “the snapshot lock program 2221 ... instructs lock for a target snapshot [the first version of the objection] when the snapshot is not locked”; [para. 0119] "In order to protect data from such an attack, it is necessary to lock the object itself [first version of the object] stored in the object storage 400 [object in the anti-attack store]”; [para. 0178] “when lock of an object is set ... the object ... may be left as an old version [first version]”) without applying the attempted change to the first version of the object, ([para. 0061] “Lock means prohibition of deletion or change of physical data”; [para. 0106] “According to the above processing, the backup data [first version of the object] ... can be prevented from a cyber attack [without applying the attempted change]”) the retention lock specifying a retention period for the first version of the object. ([Para. 0073] “lock for a target snapshot [the retention lock for the first version of the object] ... is implemented by storing information of ... a snapshot lock period [a retention period]”) Deguchi does not clearly teach the anti-attack functionality triggerable based on detecting an attempted change to the object in the anti-attack store enabled, the associated anti-attack functionality comprising: automatically creating a new version of the object in the anti-attack store. However, Vasudeva teaches the anti-attack functionality triggerable based on detecting an attempted change to the object in the anti-attack store enabled, the associated anti-attack functionality comprising: automatically creating a new version of the object in the anti-attack store. ([Vasudeva, para. 0091] “process ... 700 for protecting a storage node against a malware attack ... implemented by one or more processors of a data storage [anti-attack store]”; [para. 0092] “The process 700 may begin by monitoring for a file request in association with a storage node [the object] ... The file request may be, for example, a write request, a delete request [detecting an attempted change]”; [para. 0097] “A determination is then made as to whether a suspicion threshold has been met ... a malware attack is suspected ... to “provisionally detect” a malware attack [based on detecting an attempted change to the object] ... if ... a suspicion threshold has been met, [triggerable] the process 700 [the anti-attack functionality] generates a snapshot of at least a portion of the storage node [automatically creating a new version of the object in the storage node]”; it is known to one of ordinary skill in the art that generating a snapshot of an object is a new version of an object; as evidence, para. 0082 of George states: “Each time a new snapshot of the file system is created, a new version of the object is created to capture changes to the file system”) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Deguchi with the teachings of Vasudeva to include the anti-attack functionality triggerable based on detecting an attempted change to the object in the anti-attack store enabled, the associated anti-attack functionality comprising: automatically creating a new version of the object in the anti-attack store. One of ordinary skill in the art would have been motivated to make this modification because such a technique enable early detection of malware attacks, such as ransomware attacks, as well as data loss mitigation via special snapshot creation. (Vasudeva, para. 0017) As per claim 2, Deguchi in view of Vasudeva as evidenced by George teaches claim 1. Deguchi also teaches wherein the associated anti-attack functionality further comprises: sending a notification of an event associated with the attempted change to a target. ([Deguchi, para. 0171] “in a case where there is a possibility of a cyber attack [attempted change to a target], the object storage attack detection program transmits an alert [notification of an event associated with the attempted change to a target]”) As per claim 3 Deguchi in view of Vasudeva as evidenced by George teaches claim 2. Deguchi does not clearly teach wherein the notification of the event associated with the attempted change comprises a notification that the new version of the object has been created. However, Vasudeva teaches wherein the notification of the event associated with the attempted change comprises a notification that the new version of the object has been created. ([Vasudeva, para. 0098] “if the malware attack [event associated with the attempted change] is confirmed as being underway, a notification is generated ... the notification that is generated may be ... generated snapshots [the new version of the object has been created]”) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Deguchi with the teachings of Vasudeva to include wherein the notification of the event associated with the attempted change comprises a notification that the new version of the object has been created. One of ordinary skill in the art would have been motivated to make this modification because such a technique enable early detection of malware attacks, such as ransomware attacks, as well as data loss mitigation via notification of the detected malware attacks. (Vasudeva, para. 0017) As per claim 4, Deguchi in view of Vasudeva as evidenced by George teaches claim 2. Deguchi does not clearly teach wherein the notification of the event associated with the attempted change triggers a remedial action, and wherein the remedial action comprises at least one of: blocking a connection; scanning an environment for attacker code; investigating entry points for attacker code; removing the attacker code; restoring the first version of the object as a current version of the object; or deleting the new version of the object. However, Vasudeva teaches wherein the notification of the event associated with the attempted change triggers a remedial action, and wherein the remedial action comprises at least one of: ([Vasudeva, para. 0080] “Information in any of the fields [the notification] may be displayed to an administrator by, for example, the user interface 324 ... for protecting against the malware attack [associated with the attempted change] ... used in one or more mitigation techniques [triggers a remedial action]”; [para. 0098] “the notification that is generated may be visually presented via a user interface”; Examiner interprets “comprises at least one of ... or” to be optional limitations where only one of the below is required to be disclosed for the limitation to be met) blocking a connection; ([Vasudeva, para. 0080] “Information ... displayed to an administrator ... may be used to block any further file requests from the source”) scanning an environment for attacker code; ([Vasudeva, para. 0080] “Information ... displayed to an administrator ... may be presented to the administrator .... to identify [scanning] the ... computing system or client [an environment] ... of the malware attack [for attacker code]”) investigating entry points for attacker code; ([Vasudeva, para. 0080] “Information ... displayed to an administrator ... may be presented to the administrator .... to identify [investigating] the source [entry points] ... of the malware attack [for attacker code]”) removing the attacker code; (as explained above, as the other optional limitations are disclosed, the limitation of triggering the remedial action is disclosed; Examiner also takes office notice that a remedial action of removing the attacker code is well-known in the art) restoring the first version of the object as a current version of the object; or ([Vasudeva, para. 0098] “the notification that is generated may ... restore any impacted files [restore as a current version of the object] from ... the previously generated snapshots [the first version of the object]”) deleting the new version of the object. (as explained above, as the other optional limitations are disclosed, the limitation of triggering the remedial action is disclosed; Examiner also takes office notice that a remedial action of deleting an infected/new version of an object as a remedial action is well-known in the art) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Deguchi and Vasudeva for the same reasons as disclosed above. As per claim 5 Deguchi in view of Vasudeva as evidenced by George teaches claim 1. Deguchi also teaches wherein the anti-attack store comprises an anti-attack container on a cloud storage system. ([Deguchi, para. 0041; Fig. 1] “the storage system... includes ... a cloud 2 [on a cloud storage system] including an object storage 400 [anti-attack store as it is used to protect data from a cyber attack – see para. 0059 and as explained above]”; [para. 0044] “The object storage 400 may be a storage device [anti-attack container]”) As per claim 6, Deguchi in view of Vasudeva as evidenced by George teaches claim 1. Deguchi does not clearly teach wherein the attempted change is made to the new version of the object. However, Vasudeva teaches wherein the attempted change is made to the new version of the object. ([Vasudeva, para. 0075] “the process 700 generates a snapshot of at least a portion of the storage node ... the snapshot [the new version of the object] is of the volume to which the file was to be written [the attempted change is made to]”) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Deguchi with the teachings of Vasudeva to include wherein the attempted change is made to the new version of the object. One of ordinary skill in the art would have been motivated to make this modification because such a technique would provide the benefit of preventing any further data loss. (Vasudeva, para. 0097) As per claim 7, Deguchi teaches a computer-implemented method for protection of archival data, comprising: ([Deguchi, para. 0006] “a data protection method [computer-implemented method] for further strengthening data protection using a snapshot function in a storage [protection of archival data] and data protection of data to be transferred to the outside of the storage”) creating a first version of an object in an anti-attack store; [Deguchi, para. 0059] “By using a snapshot, it is possible to protect data from a cyber attack”; [para. 0110] “a snapshot [an object] ... is periodically [a first version] ... created and transferred to the object storage 400 [in an anti-attack store]”) storing an archival file in the object in the anti-attack store; ([Deguchi, para. 0044] “The object storage 400 [the anti-attack store] is a storage device that stores backup data [the object] of the data stored in the main storage ... used as restoration data for restoring data [an archival file]”) detecting an attempted change to the object in the anti-attack store; ([Deguchi, para. 0070] “The snapshot lock program 2221 executes a cyber attack [an attempted change to the object – see para. 0005 “an attack such as deleting a snapshot or destroying data by writing to a snapshot”] detection program to determine presence or absence of an attack”; [para. 0165] “a cyber attack detection method in a configuration in which backup data is stored in the object storage 400 [anti-attack store]”) based on detecting the attempted change to the object, protecting the object from a potential cyber-attack, wherein protecting the object from the potential cyber-attack comprises: ([Deguchi, para. 0071] “When there is no attack, the processing ends”; [para. 0072] “When there is an attack, the snapshot lock program ...”; [para. 0106] “According to the above processing, the backup data [object] ... can be prevented from a cyber attack”) automatically applying a retention lock to the first version of the object in the anti-attack store ([Deguchi, para. 0073] “the snapshot lock program 2221 ... instructs lock for a target snapshot [the first version of the objection] when the snapshot is not locked”; [para. 0119] "In order to protect data from such an attack, it is necessary to lock the object itself [first version of the object] stored in the object storage 400 [object in the anti-attack store]”; [para. 0178] “when lock of an object is set ... the object ... may be left as an old version [first version]”) without applying the attempted change to the first version of the object, ([para. 0061] “Lock means prohibition of deletion or change of physical data”; [para. 0106] “According to the above processing, the backup data [first version of the object] ... can be prevented from a cyber attack [without applying the attempted change]”) the retention lock specifying a retention period for the first version of the object. ([Para. 0073] “lock for a target snapshot [the retention lock for the first version of the object] ... is implemented by storing information of ... a snapshot lock period [a retention period]”) Deguchi does not clearly teach based on detecting the attempted change to the object, protecting the object from a potential cyber-attack, wherein protecting the object from the potential cyber-attack comprises: automatically creating a new version of the object in the anti-attack store. However, Vasudeva teaches based on detecting the attempted change to the object, protecting the object from a potential cyber-attack, wherein protecting the object from the potential cyber-attack comprises: automatically creating a new version of the object in the anti-attack store. ([Vasudeva, para. 0091] “process ... 700 for protecting a storage node against a malware attack ... implemented by one or more processors of a data storage [anti-attack store]”; [para. 0092] “The process 700 may begin by monitoring for a file request in association with a storage node [the object] ... The file request may be, for example, a write request, a delete request [detecting an attempted change]”; [para. 0097] “A determination is then made as to whether a suspicion threshold has been met ... a malware attack is suspected ... to “provisionally detect” a malware attack [based on detecting an attempted change to the object] ... if ... a suspicion threshold has been met, [triggerable] the process 700 [the anti-attack functionality] generates a snapshot of at least a portion of the storage node [automatically creating a new version of the object in the storage node]”; it is known to one of ordinary skill in the art that generating a snapshot of an object is a new version of an object; as evidence, para. 0082 of George states: “Each time a new snapshot of the file system is created, a new version of the object is created to capture changes to the file system”) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Deguchi with the teachings of Vasudeva to include based on detecting the attempted change to the object, protecting the object from a potential cyber-attack, wherein protecting the object from the potential cyber-attack comprises: automatically creating a new version of the object in the anti-attack store. One of ordinary skill in the art would have been motivated to make this modification because such a technique enable early detection of malware attacks, such as ransomware attacks, as well as data loss mitigation via special snapshot creation. (Vasudeva, para. 0017) As per claim 8, Deguchi in view of Vasudeva as evidenced by George teaches claim 7. Deguchi does not clearly teach further comprising applying the attempted change to the new version of the object. However, Vasudeva teaches further comprising applying the attempted change to the new version of the object. ([Vasudeva, para. 0075] “the process 700 generates a snapshot of at least a portion of the storage node ... the snapshot [the new version of the object] is of the volume to which the file was to be written [applying the attempted change to]”) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Deguchi and Vasudeva for the same reasons as disclosed above. As per claim 9, the claim language is identical or substantially similar to that of claim 2. Therefore, it is rejected under the same rationale applied to claim 2. As per claim 10, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3. As per claim 11, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4. As per claim 12, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 5. As per claim 13, Deguchi teaches a non-transitory, computer-readable medium storing computer-translatable instructions, the computer-translatable instructions comprising instructions for: ([Deguchi, para. 0048] “The memory 215 records a program that defines an operation of the processor 216 ... The processor 216 executes various processing by executing the program recorded in the memory 215”; [para. 0053] “FIG. 3 is a diagram illustrating an example of the information stored in the memory 215”; [para. 0055] “The programs illustrated in FIG. 3 relate to the present embodiment”) creating a first version of an object in an anti-attack store; ([Deguchi, para. 0059] “By using a snapshot, it is possible to protect data from a cyber attack”; [para. 0110] “a snapshot [an object] ... is periodically [a first version] ... created and transferred to the object storage 400 [in an anti-attack store]”) storing an archival file in the object in the anti-attack store, ([Deguchi, para. 0044] “The object storage 400 [the anti-attack store] is a storage device that stores backup data [the object] of the data stored in the main storage ... used as restoration data for restoring data [an archival file]”) where the anti-attack store has associated anti-attack functionality ([para. 0005] “a snapshot function is used to protect data stored in storage from ... attacks”) triggerable based on detecting an attempted change to the object in the anti-attack store enabled, the associated anti-attack functionality comprising: ([para. 0070] “The snapshot lock program 2221 executes a cyber attack [an attempted change to the object – see para. 0005 “an attack such as deleting a snapshot or destroying data by writing to a snapshot”] detection program to determine presence or absence of an attack”; [para. 0071] “When there is no attack, the processing ends”; [para. 0072] “When there is an attack, the snapshot lock program ...”) automatically applying a retention lock to the first version of the object in the anti-attack store ([Deguchi, para. 0073] “the snapshot lock program 2221 ... instructs lock for a target snapshot [the first version of the objection] when the snapshot is not locked”; [para. 0119] "In order to protect data from such an attack, it is necessary to lock the object itself [first version of the object] stored in the object storage 400 [object in the anti-attack store]”; [para. 0178] “when lock of an object is set ... the object ... may be left as an old version [first version]”) without applying the attempted change to the first version of the object, ([para. 0061] “Lock means prohibition of deletion or change of physical data”; [para. 0106] “According to the above processing, the backup data [first version of the object] ... can be prevented from a cyber attack [without applying the attempted change]”) the retention lock specifying a retention period for the first version of the object. ([para. 0073] “lock for a target snapshot [the retention lock for the first version of the object] ... is implemented by storing information of ... a snapshot lock period [a retention period]”) Deguchi does not clearly teach the anti-attack functionality triggerable based on detecting an attempted change to the object in the anti-attack store enabled, the associated anti-attack functionality comprising: automatically creating a new version of the object in the anti-attack store. However, Vasudeva teaches the anti-attack functionality triggerable based on detecting an attempted change to the object in the anti-attack store enabled, the associated anti-attack functionality comprising: automatically creating a new version of the object in the anti-attack store. ([Vasudeva, para. 0091] “process ... 700 for protecting a storage node against a malware attack ... implemented by one or more processors of a data storage [anti-attack store]”; [para. 0092] “The process 700 may begin by monitoring for a file request in association with a storage node [the object] ... The file request may be, for example, a write request, a delete request [detecting an attempted change]”; [para. 0097] “A determination is then made as to whether a suspicion threshold has been met ... a malware attack is suspected ... to “provisionally detect” a malware attack [based on detecting an attempted change to the object] ... if ... a suspicion threshold has been met, [triggerable] the process 700 [the anti-attack functionality] generates a snapshot of at least a portion of the storage node [automatically creating a new version of the object in the storage node]”; it is known to one of ordinary skill in the art that generating a snapshot of an object is a new version of an object; as evidence, para. 0082 of George states: “Each time a new snapshot of the file system is created, a new version of the object is created to capture changes to the file system”) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Deguchi with the teachings of Vasudeva to include the anti-attack functionality triggerable based on detecting an attempted change to the object in the anti-attack store enabled, the associated anti-attack functionality comprising: automatically creating a new version of the object in the anti-attack store. One of ordinary skill in the art would have been motivated to make this modification because such a technique enable early detection of malware attacks, such as ransomware attacks, as well as data loss mitigation via special snapshot creation. (Vasudeva, para. 0017) As per claim 14, the claim language is identical or substantially similar to that of claim 2. Therefore, it is rejected under the same rationale applied to claim 2. As per claim 15, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3. As per claim 16, the claim language is identical or substantially similar to that of claim 4. Therefore, it is rejected under the same rationale applied to claim 4. As per claim 17, the claim language is identical or substantially similar to that of claim 5. Therefore, it is rejected under the same rationale applied to claim 5. As per claim 18, Deguchi teaches a network system for data archiving comprising: ([Deguchi, para. 0041-0042] “FIG. 1 is a diagram illustrating a storage system ... communicably connected ... via a network ... that stores backup data”) a storage component; ([Deguchi, para. 0041] “FIG. 1 includes a data center (on-premises) 1 including ... a storage 200”) a data archiving computer system coupled to the storage component, ([Deguchi, para. 0041] “the data center 1 and the cloud 2 are communicably connected to each other via a network 300”; [para. 0042] The cloud 2 ... stores backup data of data related to ... the data center 1”) the data archiving computer system comprising a data archiving system executable to: ([para. 0042] “The external management software 410 is management software that manages the storage 200 and the object storage 400”) access an anti-attack container of a cloud storage system; and ([Deguchi, para. 0059] “By using a snapshot, it is possible to protect data from a cyber attack”; [para. 0110] “a snapshot... created and transferred [access] to the object storage 400 [an anti-attack container of a cloud storage system – see para. 0041: cloud 2 including an object storage 400]”) store an archival file as a first version of an object in the anti-attack container, ([Deguchi, para. 0044] “The object storage 400 [the anti-attack container] is a storage device that stores backup data [the object] of the data stored in the main storage ... used as restoration data for restoring data [an archival file]”) the anti-attack container having associated anti-attack functionality ([para. 0005] “a snapshot function is used to protect data stored in storage from ... attacks”) triggerable based on an attempted change to the object in the anti-attack container, the associated anti-attack functionality comprising: ([para. 0070] “The snapshot lock program 2221 executes a cyber attack [an attempted change to the object – see para. 0005 “an attack such as deleting a snapshot or destroying data by writing to a snapshot”] detection program to determine presence or absence of an attack”; [para. 0071] “When there is no attack, the processing ends”; [para. 0072] “When there is an attack [in the anti-attack container – see below and para. 0119], the snapshot lock program ...”) automatically applying a retention lock to the first version of the object in the anti-attack container ([Deguchi, para. 0073] “the snapshot lock program 2221 ... instructs lock for a target snapshot [the first version of the objection] when the snapshot is not locked”; [para. 0119] "In order to protect data from such an attack, it is necessary to lock the object itself [first version of the object] stored in the object storage 400 [object in the anti-attack store]”; [para. 0178] “when lock of an object is set ... the object ... may be left as an old version [first version]”) without applying the attempted change to the first version of the object, ([para. 0061] “Lock means prohibition of deletion or change of physical data”; [para. 0106] “According to the above processing, the backup data [first version of the object] ... can be prevented from a cyber attack [without applying the attempted change]”) the retention lock specifying a retention period for the first version of the object. [para. 0073] “lock for a target snapshot [the retention lock for the first version of the object] ... is implemented by storing information of ... a snapshot lock period [a retention period]”) Deguchi does not clearly teach anti-attack functionality triggerable based on an attempted change to the object, the associated anti-attack functionality comprising: automatically creating a new version of the object in the anti-attack container. However, Vasudeva teaches anti-attack functionality triggerable based on an attempted change to the object, the associated anti-attack functionality comprising: automatically creating a new version of the object in the anti-attack container. ([Deguchi, para. 0091] “process ... 700 for protecting a storage node against a malware attack ... implemented by one or more processors of a data storage [anti-attack container]”; [para. 0092] “The process 700 may begin by monitoring for a file request in association with a storage node [the object] ... The file request may be, for example, a write request, a delete request [attempted change]”; [para. 0097] “A determination is then made as to whether a suspicion threshold has been met ... a malware attack is suspected ... to “provisionally detect” a malware attack [based on detecting an attempted change to the object] ... if ... a suspicion threshold has been met, [triggerable] the process 700 [the anti-attack functionality] generates a snapshot of at least a portion of the storage node [automatically creating a new version of the object in the anti-attack container]”; it is known to one of ordinary skill in the art that generating a snapshot of an object is a new version of an object; as evidence, para. 0082 of George states: “Each time a new snapshot of the file system is created, a new version of the object is created to capture changes to the file system”) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Deguchi with the teachings of Vasudeva to include anti-attack functionality triggerable based on an attempted change to the object, the associated anti-attack functionality comprising: automatically creating a new version of the object in the anti-attack container. One of ordinary skill in the art would have been motivated to make this modification because such a technique enable early detection of malware attacks, such as ransomware attacks, as well as data loss mitigation via special snapshot creation. (Vasudeva, para. 0017) As per claim 19, Deguchi in view of Vasudeva as evidenced by George teaches claim 18. Deguchi also teaches further comprising an information technology operations system comprising instructions executable to: ([Deguchi, para. 0005] “data backed up to an object storage ... is connected from an IT device installed in a data center [an information technology operations system] of an on-premises via a network”; [para. 0048] “The memory 215 [the data center/information technology operations system – see Fig. 2 and para. 0044] records a program that defines an operation of the processor 216 ... The processor 216 executes various processing by executing the program recorded in the memory 215”; [para. 0053] “FIG. 3 is a diagram illustrating an example of the information stored in the memory 215”; [para. 0055] “The programs illustrated in FIG. 3 relate to the present embodiment”) receive a notification from the cloud storage system of an event associated with the object. [Para. 0067] “The snapshot lock program 2221 may operate on ... the external management software 410 [the cloud storage system]”; [para. 0070] “The snapshot lock program 2221 executes a cyber attack detection program to determine presence or absence of an attack”; [para. 0171] “attack detection program [the cloud storage system] transmits an alert [notification of an event associated with the object]”) Deguchi does not clearly teach execute a remedial action in response to the notification. However, Vasudeva teaches execute a remedial action in response to the notification. ([Vasudeva, para. 0098] “the notification that is generated may be visually presented via a user interface to, for example, a storage administrator”; [para. 0080] “Information ... displayed to an administrator by, for example, the user interface 324 [the notification] ... used in one or more mitigation techniques [execute a remedial action in response]”) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Deguchi and Vasudeva for the same reasons as disclosed above. As per claim 20, Deguchi in view of Vasudeva as evidenced by George teaches claim 19. Deguchi does not clearly teach wherein the remedial action comprises at least one of: blocking a connection; scanning an environment for attacker code; investigating entry points for attacker code; removing the attacker code; restoring the first version of the object as a current version of the object; or deleting the new version of the object. However, Vasudeva teaches wherein the remedial action comprises at least one of: blocking a connection; ([Vasudeva, para. 0080] “Information in any of the fields [the notification] may be displayed to an administrator by, for example, the user interface 324 ... for protecting against the malware attack [the remedial action] ... may be used to block any further file requests from the source”; Examiner interprets “comprises at least one of ... or” to be optional limitations where only one of the below is required to be disclosed for the limitation to be met) scanning an environment for attacker code; ([Vasudeva, para. 0080] “Information ... displayed to an administrator ... may be presented to the administrator .... to identify [scanning] the ... computing system or client [an environment] ... of the malware attack [for attacker code]”) investigating entry points for attacker code; ([Vasudeva, para. 0080] “Information ... displayed to an administrator ... may be presented to the administrator .... to identify [investigating] the source [entry points] ... of the malware attack [for attacker code]”) removing the attacker code; (as explained above, as the other optional limitations are disclosed, the limitation of triggering the remedial action is disclosed; Examiner also takes office notice that a remedial action of removing the attacker code is well-known in the art) restoring the first version of the object as a current version of the object; or ([Vasudeva, para. 0098] “the notification that is generated may ... restore any impacted files [restore as a current version of the object] from ... the previously generated snapshots [the first version of the object]”) deleting the new version of the object. (as explained above, as the other optional limitations are disclosed, the limitation of triggering the remedial action is disclosed; Examiner also takes office notice that a remedial action of deleting an infected/new version of an object as a remedial action is well-known in the art) It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Deguchi and Vasudeva for the same reasons as disclosed above. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: Sims et al. (US Pub. 2023/0137747) discloses creating a new version of a file system object each time the file system receives a command that modifies the content before a potentially destructive change is made. Balcha et al. (US Pub. 2021/0357294) discloses creating a new version of an object if the object is subject to changes due to ransomware attacks. Ekins (US Pub. 2022/0215111) discloses a lock on a locked dataset that restricts restoration of a locked dataset to a previous version. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634. The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000. /Z.L./Examiner, Art Unit 2493 /CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493