Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
DETAILED ACTION
This action is in response to applicant’s original submittal made on 11/12/2024. Claims 14 and 15 are amended. Claim 13 is canceled. Claims 16-21 are new. Claims 1-12 and 14-21 are pending.
Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d).
Specification (Title)
The title of the invention is not descriptive. A new title is required that is clearly indicative of the invention to which the claims are directed.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-3 and 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over VERMEULEN ALLAN H (CA-2637218-A1) in view of Park (US Patent Publication No. 2004/0146158).
As to claims 1, 14 and 15, VERMEULEN teaches a log-structured secure data storage method for protecting a block 1/0 operation performed by a user on an untrusted hard disk in a trusted execution environment, wherein the method comprises:
respectively generating all corresponding index entries for all the
wherein a single index entry is used to locate and protect one
respectively inserting all the index entries into secure indexes based on a log-structured merge tree (i.e., …illustrates in figure 11b …partition index 410, 410b, 410c a tree structure with the indexes),
wherein the secure indexes are persisted in the hard disk (i.e., …teaches in par. 0061 the clients use of persistent storage resources);
generating several log entries for the tum may store data specified by a user of the storage service.1” …teaches in par. 0046 the following: “storage service (e.g., the organization of the service into a hierarchy of buckets and objects)”.),
wherein the log entries are used to locate and protect the corresponding
and a single log entry corresponds to one or more
and appending the several log entries to a security log of the hard disk (i.e., …figure 10 figure element 144 illustrates the appending the entries …each entry has a key and corresponding record… The structure of the record according to par. 0132 maintains a “objectindex” associated with a object of a buckets.),
wherein the security log is persisted in the hard disk (i.e., …teaches in par. 0061 the clients use of persistent storage resources).
VERMEULEN does not expressly teach:
ciphertext and separately encrypting several data blocks submitted by the user, to obtain all corresponding ciphertext data blocks,
and persisting all the ciphertext data blocks in the hard disk in an append manner.
In this instance the examiner notes the teachings of prior art reference Park.
With regards to applicant’s claim limitation element of, “ciphertext and separately encrypting several data blocks submitted by the user, to obtain all corresponding ciphertext data blocks”, teaches in par. 0025 the following: “encrypting a block of data,”. Teaches in par. 0028 the following: “a block of ciphertext is read from a memory (e.g., persistent storage, hard disk, etc.)”.
With regards to applicant’s claim limitation element of, “and persisting all the ciphertext data blocks in the hard disk in an append manner”, teaches in par. 0008 the following: “The encrypted block is then stored (written) to the memory”. …teaches in par. 0028 the following: “a block of ciphertext is read from a memory (e.g., persistent storage, hard disk, etc.)”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of VERMEULEN with the teachings of Park by having their system comprise an enhanced data security process. One would have been motivated to do so to provide a simple and effective means to control data integrity, wherein the enhanced data security process helps facilitate network security and makes it easier to secure stored data.
As to claims 2 and 16, the system of VERMEULEN and Park applied to claim 1 above teaches data security, specifically VERMEULEN expressly teaches a method according to claim 1, the first ciphertext data block is located and protected by a first index entry (i.e., …illustrates in figure 11b a tree structure with the indexes),
and the first index entry comprises a logical address LBA1 of the first data block and a physical address HBA1 (i.e., …teaches in par. 0114 the following: “as logical block addresses (LBAs) or address specific…”), the first key (i.e., …teaches in par. 0132 a key associated with a object index), and the authentication code MAC1 that are stored in the hard disk (i.e., …teaches in par. 0132 a creation and storage date as authentication related code data).
The system of VERMEULEN does not expressly teach:
wherein the several data blocks comprise a first data block, authenticated encryption is performed on the first data block based on a first key,
to obtain a first ciphertext data block and an authentication code MAC1.
In this instance the examiner notes the teachings of prior art reference Park.
With regards to applicant’s claim limitation element of, “wherein the several data blocks comprise a first data block, authenticated encryption is performed on the first data block based on a first key”, teaches in par. 0005 the following: “wherein the CCM encryption and CCM decryption use the same cryptographic key and only the block cipher encryption function (i.e., the forward cipher function).”.
With regards to applicant’s claim limitation element of, “to obtain a first ciphertext data block and an authentication code MAC1”, teaches in par. 0008 the following: “The plaintext block will then be encrypted using CBC-MAC”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of VERMEULEN with the teachings of Park by having their system comprise an enhanced data security process. One would have been motivated to do so to provide a simple and effective means to control data integrity, wherein the enhanced data security process helps facilitate security thereby making it easier to secure stored data.
As to claims 3 and 17, the system of VERMEULEN and Park applied to claim 1 above teaches data security, specifically VERMEULEN expressly teaches a method according to claim 1, wherein the several data blocks are a plurality of data blocks of a current data segment that are recorded in a memory in the append manner in a sequence in which the user makes submissions (i.e. …teaches in par. 0042 the following: “the storage service may be organized as an arbitrary number of buckets 20a-n accessible
via interface 10. Each bucket 20 may be configured to store an arbitrary number of objects 30a-n, which in tum may store data specified by a user of the storage service.”.
VERMEULEN does not expressly teach:
and the several data blocks submitted by the user are separately encrypted, to obtain all the corresponding ciphertext data blocks.
In this instance the examiner notes the teachings of prior art reference Park.
Park teaches in par. 0025 the following: “encrypting a block of data,”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of VERMEULEN with the teachings of Park by having their system comprise an enhanced data security process. One would have been motivated to do so to provide a simple and effective means to control data integrity, wherein the enhanced data security process helps facilitate network security and makes it easier to secure stored data.
Claim(s) 4, 10, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over VERMEULEN in view of Park as applied to claims 1 and 15 above, and further in view of Peterson et al. (US Patent Publication No. 2014/0006685 and Peterson hereinafter).
As to claims 4 and 18, the system of VERMEULEN and Park applied to claim 3 above teaches data security, specifically neither reference expressly teaches a method according to claim 3, wherein all the ciphertext data blocks are persisted in the hard disk in the append manner when a first condition for writing a data segment to the hard disk is satisfied, and the first condition comprises at least one of the following: the current data segment is fully written, a flushing request is received, or record duration reaches predetermined duration.
In this instance the examiner notes the teachings of prior art reference Peterson.
The examiner notes that applicant’s usage of the alternative phrase “at least one” places the above limitation in alternative form. As such with regards to applicant’s alternative limitation of, “a flushing request is received”, Peterson teaches in par. 0033 the following: “The storage controller may be configured to write data out-of-place (e.g., store updated data on different media storage locations as opposed to overwriting the data in place), which may result in "obsolete" or "invalid" data remaining on the non-volatile storage medium. For example, overwriting data X with updated data Y may comprise storing Y on a new storage division (rather than overwriting X in place), and updating the "any-to-any" mappings of the forward index to identify Y as the valid, up-to-date version of the data. The obsolete version of the data X may be marked as "invalid," but may not be immediately removed (e.g., erased), since, as discussed above, erasing X may involve erasing an entire storage division, which is a time-consuming operation and may result in write amplification. Similarly, data that is no longer in use (e.g., deleted or trimmed data) may not be immediately removed.”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of VERMEULEN and Park with the teachings of Peterson by having their system comprise an enhanced persistent data management process. One would have been motivated to do so to provide a simple and effective means to secure stored data, wherein the enhanced persistent data management process helps facilitate data access control and makes it easier to ensure data integrity.
As to claim 10, the system of VERMEULEN and Park applied to claim 1 above teaches data security, specifically neither reference expressly teaches a method according to claim 1, wherein the hard disk further records a reverse index table of mapping from an HBA to an LBA, and when the several index entries are inserted into the secure index based on the log-structured merge tree, the method further comprises: updating the reverse index table based on the several index entries.
In this instance the examiner notes the teachings of prior art reference Peterson.
With regards to applicant’s claim limitation element of, “wherein the hard disk further records a reverse index table of mapping from an HBA to an LBA”, teaches in par. 0101 the following: “a reverse index as depicted in FIG. 7A and/or one or more validity bitmaps 741 as depicted in FIG. 7B. The reverse index 722 may be configured to maintain validity metadata, which may be used to distinguish media storage locations that comprise valid data from media storage locations comprising data that can be erased from the non-volatile storage medium 322”.
With regards to applicant’s claim limitation element of, “and when the several index entries are inserted into the secure index based on the log-structured merge tree”, teaches in par. 0134 the following: “The disclosure is not limited in this regard, however, and could implement the reverse index 722 using any suitable data structure. For example, in some embodiments, the reverse index 722 is implemented in the same data structure with the forward index 604 described above (e.g., portions and/or entries of the reverse index 722 may be included as leaf entries of the forward index 604).”.
With regards to applicant’s claim limitation element of, “updating the reverse index table based on the several index entries”, teaches in par. 00116 the following: “updating a reverse index”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of VERMEULEN and Park with the teachings of Peterson by having their system comprise an enhanced persistent data management process. One would have been motivated to do so to provide a simple and effective means to secure stored data, wherein the enhanced persistent data management process helps facilitate data access control and makes it easier to ensure data integrity.
As to claim 11, the system of VERMEULEN and Park applied to claim 1 above teaches data security, specifically neither reference expressly teaches a method according to claim 1, wherein the hard disk further records a first segment validity table (SVT) that describes, by using a bitmap, whether each data segment is valid and a data segment table (DST) that describes whether each data block in the data segment is valid, and the method further comprises: updating the first segment validity table and the data segment table (DST) when all the ciphertext data blocks are persisted in the hard disk in the append manner
In this instance the examiner notes the teachings of prior art reference Peterson.
With regards to applicant’s claim limitation element of, “wherein the hard disk further records a first segment validity table (SVT) that describes, by using a bitmap”, teaches in par. 0101 the following: “a reverse index as depicted in FIG. 7A and/or one or more validity bitmaps 741 as depicted in FIG. 7B. The reverse index 722 may be configured to maintain validity metadata, which may be used to distinguish media storage locations that comprise valid data from media storage locations comprising data that can be erased from the non-volatile storage medium 322”.
With regards to applicant’s claim limitation element of, “by using a bitmap, whether each data segment is valid and a data segment table (DST) that describes whether each data block in the data segment is valid, and the method further comprises”, teaches in par. 0101 the following: “Validity bitmaps 741 may comprise bits (or other indicators) to identify media storage locations comprising valid/invalid data within a particular storage division (e.g., logical erase block 253)”.
With regards to applicant’s claim limitation element of, “updating the first segment validity table and the data segment table (DST) when all the ciphertext data blocks are persisted in the hard disk in the append manner”, teaches in par. 0150 the following: “validity bitmap, not shown) may be updated to indicate that the media storage location 850 comprises valid data and/or to associate the media storage location 850 with logical identifiers 205-212 (not shown). (For clarity, other portions of the forward index and/or reverse index are omitted from FIG. 8.)”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of VERMEULEN and Park with the teachings of Peterson by having their system comprise an enhanced persistent data management process. One would have been motivated to do so to provide a simple and effective means to secure stored data, wherein the enhanced persistent data management process helps facilitate data access control and makes it easier to ensure data integrity.
Claim(s) 9 is rejected under 35 U.S.C. 103 as being unpatentable over VERMEULEN in view of Park as applied to claim 1 above, and further in view of TEMUDO (EP1426848).
As to claim 9, the system of VERMEULEN and Park applied to claim 1 above teaches data security, specifically neither reference expressly teaches a method according to claim 1, wherein each log entry in the security log is stored in a form of a log block, authenticated encryption protection is performed on each log block based on a corresponding authentication code MAC, and a MAC of a single log block is embedded into a next log block.
In this instance the examiner notes the teachings of prior art reference TEMUDO.
With regards to applicant’s claim limitation element of, “wherein each log entry in the security log is stored in a form of a log block”, teaches in par. 0011 the following: “creating a log in a client machine”.
With regards to applicant’s claim limitation element of, “authenticated encryption protection is performed on each log block based on a corresponding authentication code MAC”, TEMUDO teaches in par. 0147 the following: “generate MACs for log entries”.
With regards to applicant’s claim limitation element of, “and a MAC of a single log block is embedded into a next log block”, teaches in par. 0148 the following: “The directory group 926 receives the MACs and updates in the form of a log”.
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the of the claimed invention was made to implement the teachings of VERMEULEN and Park with the teachings of TEMUDO by having their system comprise an enhanced data storage security process. One would have been motivated to do so to provide a simple and effective means to authenticate stored data, wherein the enhanced data storage security process helps facilitate data security and makes it easier to secure file writes.
13. (Canceled)
Allowable Subject Matter
Claim 5 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter: Applicant’s recital of, “wherein the log-structured merge tree corresponds to a first memory table, a second memory table, and a plurality of levels in the hard disk, the second memory table is used to be persisted at the plurality of levels, a block index table at each level is capable of being successively merged into subsequent levels until the last level, and respectively inserting all the index entries into secure indexes based on a log-structured merge tree comprises: inserting the several index entries into the current first memory table; and when a second condition for index persistence is satisfied, converting the first memory table into the second memory table, to write an index entry in the second memory table to a first level in the plurality of levels.”.
The examiner notes that dependent claims 6-8 and 12 are allowed by way of their dependency on dependent claim 5.
Claim 19 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter: Applicant’s recital of, “wherein the log-structured merge tree corresponds to a first memory table, a second memory table, and a plurality of levels in the hard disk, the second memory table is used to be persisted at the plurality of levels, a block index table at each level is capable of being successively merged into subsequent levels until the last level, and the computing device being caused to respectively insert all the index entries into secure indexes based on a log-structured merge tree comprises being caused to: insert the several index entries into the current first memory table; and when a second condition for index persistence is satisfied, convert the first memory table into the second memory table, to write an index entry in the second memory table to a first level in the plurality of levels”.
The examiner notes that dependent claims 20 and 21 are allowed by way of their dependency on dependent claim 19.
Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: MOON, HYUNGON (WO-2023158239-A1).
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRYAN F WRIGHT/Examiner, Art Unit 2497