PROVIDING MULTITENANT ENCRYPTION IN A MANAGED FLASH STORAGE DEVICE STORAGE SYSTEM

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Nagle et al. (US PGPUB 2023/0004315) in view of David et al. (US Patent 11,579,783). With regard to Claim 1, Nagle teaches a storage system comprising: one or more storage devices comprising flash memory ([0032] “the storage drive 171A-F may be one or more solid-state drives (‘SSDs’), flash memory based storage, any type of solid-state non-volatile memory, or any other type of non-mechanical storage device.”); and a storage system controller (Fig. 1A: Controller 110A), operatively coupled to the one or more storage devices, configured to: store encrypted data in the flash memory for a plurality of tenants, wherein each of the plurality of tenants has one corresponding encryption key for both encrypting and decrypting data stored for the plurality of tenants ([0172] “volumes may be encrypted with a volume key that itself is encrypted with a tenant key that only the tenant can provide (e.g., either through Key Management Interoperability Protocol (KMIP) or some other schema).” [0169] “Each tenant may separately manage the encryption key or keys used to encrypt and decrypt the data stored on the blocks belonging to each respective tenant. In one embodiment, each volume may be assigned a volume key and each tenant may be assigned (or may select) a tenant key.” [0024] “an encryption key, as referred to herein, may be an encryption/decryption key as used in a symmetric encryption algorithm,” wherein the “encryption/decryption key”, i.e. a symmetric encryption key, is the “one... encryption key for both encrypting and decrypting”.); receive, from a particular tenant of the plurality of tenants, an input/output (I/O) request to access a portion of the encrypted data associated with the particular tenant, ([0183] “Referring to FIG. 5, at block 502, processing logic receives a request to write a data block to a volume resident on a multi-tenant storage array. In one embodiment, the request is associated with a first tenant of the multi-tenant storage array.”). With further regard to claim 1, Nagle does not teach the request comprising protection information as described in claim 1. David teaches the I/O request comprising protection information for the portion of the encrypted data (Col. 24 ln. 41-44: “the multi-tenant encryption scheme used by the tenants and users may utilize one or more encryption schemes such as... a symmetric cryptography,” wherein “symmetric cryptography” involves the use of only a single encryption/decryption key, as taught above by Nagle, as such any references to a “public key” or “private key” in David could instead by a single symmetric encryption/decryption key. Col. 25 Ln. 24-35: “Client 310 may generate a request message including one or more encrypted sensitive PHI data, which may be required for performing the requested action, with the public key of Tenant 330… Client 310 may send the request message to Multi-Tenant 320, requesting one or more tasks such as a required action, a required retrieval of data, or the like,” wherein the “a public key of Tenant 330,” or a single symmetric encryption/decryption key, is the “protection information”.); identify the corresponding encryption key associated with the particular tenant using the protection information; and perform the requested I/O operation using the corresponding encryption key (Col. 15 ln. 65 – Col. 16 Ln. 4: “the multi-tenant layer may identify a tenant that is configured to perform a requested action using the user input, e.g., using one or more shared databases, mappings, or the like, which may be stored in the multi-tenant layer. In some cases, the multi-tenant layer may indicate the destination tenant, a public key thereof, or the like.” Col. 25 Ln. 63- Col. 26 Ln. 3: “Tenant 330 may decrypt the encrypted sensitive data using the private key of Tenant 330, which matched the public key with which the sensitive data was encrypted, to thereby extract the sensitive data itself. Tenant 330 may subsequently perform the requested action using the sensitive data that was decrypted, such as implementing business logic therewith, manipulating the data, retrieving associated data, or the like.”). Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to have modified the storage system as disclosed by Nagle with the request comprising protection information as taught by David in order “to enable secure communications with the multiple tenants without divulging sensitive information to the multi-tenant layer” (David Col. 1 Ln. 46-48). With regard to Claim 2, Nagle in view of David teaches all the limitations of Claim 1 as described above. Nagle further teaches wherein the portion of the encrypted data is stored in a portion of the flash memory allocated to the particular tenant ([0069] “Flash memory is one type of solid-state memory that may be integrated with the embodiments, although the embodiments may be extended to other types of solid-state memory or other storage medium, including non-solid state memory.”). With regard to Claim 3, Nagle in view of David teaches all the limitations of Claim 2 as described above. Nagle further teaches wherein the portion of the flash memory is one or more pages of flash memory ([0053] “Flash memory devices 120a-n, may be presented to the controller 119A-D as an addressable collection of Flash pages, erase blocks, and/or control elements sufficient to allow the storage device controller 119A-D to program and retrieve various aspects of the Flash. In one embodiment, storage device controller 119A-D may perform operations on flash memory devices 120a-n including storing and retrieving data content of pages”). With regard to Claim 4, Nagle in view of David teaches all the limitations of Claim 2 as described above. Nagle further teaches wherein the portion of the flash memory includes metadata identifying at least one of the particular tenant or the corresponding encryption key associated with the portion of the encrypted data ([0172] “each block of a volume may include (e.g., in a metadata header) an index into the tenant key table, which may identify the tenant and/or volume key.”). With regard to Claim 5, Nagle in view of David teaches all the limitations of Claim 1 as described above. David further teaches wherein the protection information comprises the corresponding encryption key (Col. 24 ln. 41-44: “the multi-tenant encryption scheme used by the tenants and users may utilize one or more encryption schemes such as... a symmetric cryptography,” wherein “symmetric cryptography” involves the use of only a single encryption/decryption key, as taught above by Nagle, as such any references to a “public key” or “private key” in David could instead by a single symmetric encryption/decryption key. Col. 25 Ln. 24-35: “Client 310 may generate a request message including one or more encrypted sensitive PHI data, which may be required for performing the requested action, with the public key of Tenant 330… Client 310 may send the request message to Multi-Tenant 320, requesting one or more tasks such as a required action, a required retrieval of data, or the like,” wherein the “a public key of Tenant 330”, or a single symmetric encryption/decryption key, is the “protection information”.) With regard to Claim 6, Nagle in view of David teaches all the limitations of Claim 1 as described above. David further teaches wherein the protection information comprises an identifier of the particular tenant and wherein the storage system controller identifies the corresponding encryption key using the identifier of the particular tenant (Col. 25 Ln. 24-35: “Client 310 may generate a request message including one or more encrypted sensitive PHI data, which may be required for performing the requested action, with the public key of Tenant 330. In some exemplary embodiments, Client 310 may generate the request message to include one or more non-sensitive portions that may or may not be encrypted, such as a required action that is non-sensitive, non-sensitive parameters, a public key of Client 310, or the like. Client 310 may send the request message to Multi-Tenant 320, requesting one or more tasks such as a required action, a required retrieval of data, or the like.” Col. 25 Ln. 63- Col. 26 Ln. 1: “Tenant 330 may decrypt the encrypted sensitive data using the private key of Tenant 330, which matched the public key with which the sensitive data was encrypted, to thereby extract the sensitive data itself. Tenant 330 may subsequently perform the requested action using the sensitive data that was decrypted.”). With regard to Claim 7, Nagle in view of David teaches all the limitations of Claim 1 as described above. Nagle further teaches wherein the one or more storage devices are managed flash storage devices ([0069] “Flash memory is one type of solid-state memory that may be integrated with the embodiments, although the embodiments may be extended to other types of solid-state memory or other storage medium, including non-solid state memory.”). With regard to Claim 8, Nagle in view of David teaches all the limitations of Claim 1 as described above. Nagle further teaches wherein the one or more storage devices have corresponding storage device encryption keys and wherein the storage device encryption keys and corresponding encryption keys for the plurality of tenants are used to encrypt and decrypt the data stored for the plurality of tenants ([0169] “Each tenant may separately manage the encryption key or keys used to encrypt and decrypt the data stored on the blocks belonging to each respective tenant. In one embodiment, each volume may be assigned a volume key and each tenant may be assigned (or may select) a tenant key.” [0181] “In one embodiment, volumes may be encrypted with a volume key that itself is encrypted with a tenant key that only the tenant can provide.” [0189] “At block 608, processing logic encrypts the first data block with a non-shared volume key, encrypts the non-shared volume key with the first tenant key (block 610), and provides the encrypted non-shared volume key to the first tenant (block 612).”). With regard to Claims 9-16, these claims are equivalent in scope to Claims 1-8 rejected above, merely having a different independent claim type, and as such Claims 9-16 are respectively rejected under the same grounds and for the same reasons as discussed above with regard to Claims 1-8. With regard to Claims 17-20, these claims are equivalent in scope to Claims 1-4 rejected above, merely having a different independent claim type, and as such Claims 17-20 are respectively rejected under the same grounds and for the same reasons as discussed above with regard to Claims 1-4. With further regard to Claim 17, the claim recites additional elements not specifically addressed in the rejection of Claim 1. The Nagle reference also anticipates these additional elements of Claim 17, for example, Nagle teaches: A non-transitory computer readable storage medium storing instructions which, when executed, cause a storage system controller to [perform operations] ([0074] “The memory 154 has instructions which are executed by the CPU 156 and/or data operated on by the CPU 156.” [0182] “FIG. 5 illustrates a first flow diagram for deduplication-aware per-tenant encryption in accordance with some embodiments of the present disclosure. The method 500 may be performed by processing logic that comprises hardware…, software…, or a combination thereof.” See also Claim 37 of Nagle: “An apparatus that includes a computer memory, the computer memory including computer program instructions that, when executed, cause the apparatus to carry out the steps of: …”). Response to Arguments With respect to Applicant’s argument, Page 6 of the Remarks filed 12/23/2025, regarding Claims 1-20 that Nagle does not teach, “store encrypted data in the flash memory for a plurality of tenants, wherein each of the plurality of tenants has one corresponding encryption key for both encrypting and decrypting data stored for the plurality of tenants,” the Office respectfully disagrees. Since this claim language was newly added in the most recent claim amendment the Office has cited further disclosure from the Nagle reference which teaches said claim language. The Nagle reference recites in Paragraph [0024], “an encryption key, as referred to herein, may be an encryption/decryption key as used in a symmetric encryption algorithm.” As such, it has been shown that the Nagle reference does in fact teach the newly amended limitation which recites “store encrypted data in the flash memory for a plurality of tenants, wherein each of the plurality of tenants has one corresponding encryption key for both encrypting and decrypting data stored for the plurality of tenants.”. With respect to the Applicant’s further arguments that the features of the remaining are not taught by the cited prior art, the Office respectfully disagrees. These arguments rely upon the arguments as presented in relation to Claim 1, and as such the Office directs the Applicant to the response above regarding these arguments. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is as follows: Karr et al. (US PGPUB 2021/0173945) discloses a storage system having segregated encrypted datasets for different tenants, wherein the datasets are encrypted and decrypted using the associated tenant keys. Chen et al. (“EnclaveCache: A Secure and Scalable Key-value Cache in Multi-tenant Clouds using Intel SGX,” 2019) discusses a multi-tenant key value cache that multi-tenant key-value cache that provides data confidentiality and privacy, each tenant having a tenant-specific encryption key. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS J SIMONETTI whose telephone number is (571)270-7702. The examiner can normally be reached Monday-Thursday 10AM-6PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Arpan Savla can be reached at (571) 272-1077. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /NICHOLAS J SIMONETTI/Primary Examiner, Art Unit 2137 March 27, 2026