Notice of Pre-AIA  or AIA  Status
The present application, filed on or after July 21, 2017, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continue examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 10/30/2020 has been entered.
Claims 1-20 are pending and are being considered.
Claims 1, 3, 6, 9, 12 and 16 have been amended.

Response to 103 
Applicants argument filled on 10/30/2020 have been fully considered. in response to applicants argument on page 11 of remarks that Powel fails to teach the limitation “….data encrypted using a location dependent cryptographic input, wherein the location dependent cryptographic input is assigned to the first storage location and is based on a hardware embedded information comprising a physical address of a device storing the first storage location”. The applicants argues that Powel teaches locally generated address space key to re-encrypt data is not same as location dependent cryptographic input for encrypting data at first storage location. The examiner acknowledges applicants point of view but respectfully disagrees because Powel Fig 1 block 120 and text on [0048] teaches secure address space 125 (i.e. first storage location) in memory 120 comprises encrypted data, encrypt data using locally generated AS key (i.e. encryption, decryption and re-encryption is performed at address 

 In response to applicants argument on page 12-13 of remarks that Powel fails to teach the limitation “causing, by the kernel, the data to be decrypted using the location dependent cryptographic input to produce decrypted data” because Powel fails to teach or suggest when the information is first decrypted. Although Powel on [0048] teaches decrypting the information at the address space 125 before re-encrypting with a transport key. However it is noted that the features upon which applicant relies are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).

In response to applicant’s argument on page 15 of remarks that Cordella (i.e. secondary reference) fails to teach the limitation “….and wherein all of the plurality of storage blocks reference the first storage location….” The examiner acknowledges applicants view point but respectfully disagrees because Cordella Fig 9 block 90 and text on [0096] teaches a location within memory 92 to which the selected data is written. Physical locations (i.e. first storage location interpreted in view of [0049]) within memory 92 can be divided into blocks (i.e. plurality of storage blocks), and the base of each block may be associated with a unique pointer value (e.g., a memory address for one or more memory locations in the block). The unique pointer value may be associated a physical location within memory 12. Each memory location within memory 92 may be associated with a respective memory address (i.e. plurality of block in referring physical location in memory). See on [0025] teaches memory location 

 Rest of applicant’s arguments are moot in view of new grounds of rejection. The argument do not apply to the current art being used.

                                               Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-6, 9, 12, 15-16 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Powell et al (hereinafter Powell) (US 20170277898) in view of Cordella et al (hereinafter Cordella) (US 20130145177) and Pratt (US 9021476).
Regarding claim 1 Powell teaches a method comprising (Powell on [0060] teaches a method);
 receiving, by a processing device, a request to modify a storage block of a plurality of storage blocks Powel on [0017] teaches requests from the hypervisor, the security module can generate authentication keys to authenticate the security module and encryption keys to encrypt data to be stored at the encrypted address space for the VM. See on [0057] teaches in response to request or command modifying or overwriting secure address space 125 with encrypted data);
(Powell Fig 1 block 120 and text on [0048] teaches secure address space 125 (i.e. storage block first storage location interpreted in view of para [0049] of instant application storage location as logical or physical location in a memory) in memory 120 comprises encrypted data, encrypted using locally generated AS key (i.e. encryption, decryption and re-encryption is performed at address space 125). See on [0040] teaches the northbridge 110 includes an encryption module 115 configured to encrypt and decrypt information according to a specified cryptographic standard, and based on the address space (AS) encryption keys 126 (i.e. location dependent input). See  Fig 8 and text on [0064-0066] teaches the SM firmware 132 receives a request from a customer wishing to execute the guest VM, The SM firmware 132 provides the generated AS encryption key directly to the encryption module 115 at the northbridge 110, the SM firmware 132 controls the encryption module 115 to encrypt the address space for the guest VM using the AS encryption key (i.e. location dependent cryptographic input because the AS keys are locally generated based on physical address space of memory (i.e. hardware information) see para [0021 and 0040]));
causing, (Powel on [0040] teaches the northbridge 110 includes an encryption module 115 configured to encrypt and decrypt information according to a specified cryptographic standard, and based on the address space (AS) encryption keys 126 (i.e. decrypting using location dependent cryptographic input));
causing, (Powell on [0021] teaches in response to a request from the requestor to migrate the guest VM to the requestor, the security module can generate transport encryption keys and encrypt the guest VM, including its secure data, with the transport encryption keys (i.e. location independent cryptographic input). See on [0048] teaches the security module 130 first decrypts the information at the secure address space 125 for the software entity, then re-encrypts the information using the transport key).

Although Powell teaches encrypting data using different location dependent cryptographic input, but fails to explicitly teach wherein all of the plurality of storage blocks reference a first storage location in memory, cause, by the kernel, the encrypted data at the first storage location and the encrypted data at the second storage location to be decrypted using location independent cryptographic input and to each be encrypted using a different location dependent cryptographic input, copying, by the kernel, the encrypted data at the first storage location to a second storage location in memory and update at least one of the plurality of storage blocks to,  reference the second storage location in the memory, however Cordella from analogous art teaches wherein all of the plurality of storage blocks reference the first storage location (Cordella Fig 9 block 90 and text on [0096] teaches a location within memory 92 to which the selected data is written. Physical locations (i.e. first storage location) within memory 92 can be divided into blocks (i.e. plurality of storage blocks), and the base of each block may be associated with a unique pointer value (e.g., a memory address for one or more memory locations in the block). The unique pointer value may be associated a physical location within memory 12. Each memory location within memory 92 may be associated with a respective memory address (i.e. plurality of block in referring physical location in memory). See on [0025] teaches memory location may be associated with multiple memory addresses (e.g., a block of contiguous or non-contiguous memory locations). See on [0025] encryption key used to encrypt the contents of the memory stored at the memory location (i.e. first storage location) may be based on one or more of the memory addresses. For example, a unique pointer may be associated with the block of multiple memory addresses);
causing, by the kernel, the encrypted data at the first storage location and the encrypted data at the second storage location to be decrypted using location independent cryptographic input and to each be encrypted using a different location dependent cryptographic input (Cordella on [0024-0025, 0064, and 0069] teaches each data word stored by a memory at a respective location is encrypted with a different location specific encryption key. See on [0041] teaches The encryption algorithm with which control system 14 encrypts data stored by memory 12 results in a unique encryption key for each memory location of memory 12, the adversary must determine multiple encryption keys in order to decrypt data stored at more than one location of memory 12);
and updating a reference of at least one of the plurality of storage blocks from the first storage location to the second storage location in the memory (Cordella on [0112] teaches the address mapping between the internal bus 96 and the physical memory 92 address will be unique, so the same contents will be stored and accessed at different addresses. See on [0095] Processor 98 may be configured to select a location within memory 92 to which the data is to be written and determine the unique pointer value associated with the memory location; this unique pointer value (e.g., any memory address that maps to a location within memory 92) is then specified on address bus 96).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Cordella into the teaching of Powell by having plurality of storage block in memory and encrypting data using different location dependent cryptographic input and further updating reference of storage location. One would be motivated to do so in order to protect data from unauthorized access (Cordella on [0004]).
The combination of Powell and Cordella teaches copying encrypted data to another storage but fails to explicitly teach managing storage blocks by Kernel and copying, by the kernel, the encrypted data (Pratt on [Col 1 line 45-53] teaches Kernel manages memory);
copying, by the kernel, the encrypted data that is encrypted using the location independent cryptographic input from the first storage location to a second storage location in the memory (Pratt on [Col 5 line 42-60 and Col 7 line 1-20] teaches copying the encrypted version of memory pages into different location in the memory).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pratt into the combined teaching of Powell and Cordella by having a Kernel managing storage and copying data from one storage location to another. One would be motivated to do so in order to ensure the privacy and integrity of a hypervisor (Pratt on [Col 1 line 13-15]).

Regarding claim 12 Powell teaches a system comprising (Powell on [0002] teaches a processing system)
a memory; a processing device operatively coupled to the memory, the processing device to: (Powel Fig 1 block 102, 120 and text on [0026] teaches a processing system 102 having a processor is coupled to memory 120);
 receive, a request to modify a storage block of a plurality of storage blocks Powel on [0017] teaches requests from the hypervisor, the security module can generate authentication keys to authenticate the security module and encryption keys to encrypt data to be stored at the encrypted address space for the VM. See on [0057] teaches in response to request or command modifying or overwriting secure address space 125 with encrypted data (i.e. kernel interpreted as essential computer program of OS to manage operations. See [0016, 0024 and 0043] the processing system allows software executing to manage operations));
wherein the storage block is located on a first storage location in a memory(Powell Fig 1 block 120 and text on [0048] teaches secure address space 125 (i.e. storage block first storage location interpreted in view of para [0049] of instant application storage location as logical or physical location in a memory) in memory 120 comprises encrypted data, encrypted using locally generated AS key (i.e. encryption, decryption and re-encryption is performed at address space 125). See on [0040] teaches the northbridge 110 includes an encryption module 115 configured to encrypt and decrypt information according to a specified cryptographic standard, and based on the address space (AS) encryption keys 126 (i.e. location dependent input). See  Fig 8 and text on [0064-0066] teaches the SM firmware 132 receives a request from a customer wishing to execute the guest VM, The SM firmware 132 provides the generated AS encryption key directly to the encryption module 115 at the northbridge 110, the SM firmware 132 controls the encryption module 115 to encrypt the address space for the guest VM using the AS encryption key (i.e. location dependent cryptographic input because the AS keys are locally generated based on physical address space of memory (i.e. hardware information) see para [0021 and 0040]));
causing, (Powel on [0040] teaches the northbridge 110 includes an encryption module 115 configured to encrypt and decrypt information according to a specified cryptographic standard, and based on the address space (AS) encryption keys 126 (i.e. decrypting using location dependent cryptographic input));
(Powell on [0021] teaches in response to a request from the requestor to migrate the guest VM to the requestor, the security module can generate transport encryption keys and encrypt the guest VM, including its secure data, with the transport encryption keys (i.e. location independent cryptographic input). See on [0048] teaches the security module 130 first decrypts the information at the secure address space 125 for the software entity, then re-encrypts the information using the transport key).
Although Powell teaches encrypting data using different location dependent cryptographic input, but fails to explicitly teach wherein all of the plurality of storage blocks reference a first storage location in memory, cause, by the kernel, the encrypted data at the first storage location and the encrypted data at the second storage location to be decrypted using location independent cryptographic input and to each be encrypted using a different location dependent cryptographic input, copying, by the kernel, the encrypted data at the first storage location to a second storage location in memory and update at least one of the plurality of storage blocks to,  reference the second storage location in the memory, however Cordella from analogous art teaches wherein all of the plurality of storage blocks reference the first storage location (Cordella Fig 9 block 90 and text on [0096] teaches a location within memory 92 to which the selected data is written. Physical locations (i.e. first storage location) within memory 92 can be divided into blocks (i.e. plurality of storage blocks), and the base of each block may be associated with a unique pointer value (e.g., a memory address for one or more memory locations in the block). The unique pointer value may be associated a physical location within memory 12. Each memory location within memory 92 may be associated with a respective memory address (i.e. plurality of block in referring physical location in memory). See on [0025] teaches memory location may be associated with multiple memory addresses (e.g., a block of contiguous or non-contiguous memory locations). See on [0025] encryption key used to encrypt the contents of the memory stored at the memory location (i.e. first storage location) may be based on one or more of the memory addresses. For example, a unique pointer may be associated with the block of multiple memory addresses);
causing, by the kernel, the encrypted data at the first storage location and the encrypted data at the second storage location to be decrypted using location independent cryptographic input and to each be encrypted using a different location dependent cryptographic input (Cordella on [0024-0025, 0064, and 0069] teaches each data word stored by a memory at a respective location is encrypted with a different location specific encryption key. See on [0041] teaches The encryption algorithm with which control system 14 encrypts data stored by memory 12 results in a unique encryption key for each memory location of memory 12, the adversary must determine multiple encryption keys in order to decrypt data stored at more than one location of memory 12);
and updating a reference of at least one of the plurality of storage blocks from the first storage location to the second storage location in the memory (Cordella on [0112] teaches the address mapping between the internal bus 96 and the physical memory 92 address will be unique, so the same contents will be stored and accessed at different addresses. See on [0095] Processor 98 may be configured to select a location within memory 92 to which the data is to be written and determine the unique pointer value associated with the memory location; this unique pointer value (e.g., any memory address that maps to a location within memory 92) is then specified on address bus 96).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Cordella into the teaching of Powell by having plurality of storage block in memory and encrypting data using different location dependent cryptographic input and further updating reference of storage location. One would be motivated to do so in order to protect data from unauthorized access (Cordella on [0004]).
(Pratt on [Col 1 line 45-53] teaches Kernel manages memory)
copying, by the kernel, the encrypted data that is encrypted using the location independent cryptographic input from the first storage location to a second storage location in the memory (Pratt on [Col 5 line 42-60 and Col 7 line 1-20] teaches copying the encrypted version of memory pages into different location in the memory).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pratt into the combined teaching of Powell and Cordella by having a Kernel managing storage and copying data from one storage location to another. One would be motivated to do so in order to ensure the privacy and integrity of a hypervisor (Pratt on [Col 1 line 13-15]).

Regarding claim 16 Powell teaches a non-transitory machine-readable storage medium storing instructions that cause a processing device to: consolidate, by a hypervisor executed by the processing device (Powell on [0068] teaches a non-transitory storage media for storing instruction executed by processor);
(Powell Fig 1 block 120 and text on [0048] teaches secure address space 125 (i.e. storage block first storage location interpreted in view of para [0049] of instant application storage location as logical or physical location in a memory) in memory 120 comprises encrypted data, encrypted using locally generated AS key (i.e. encryption, decryption and re-encryption is performed at address space 125). See on [0040] teaches the northbridge 110 includes an encryption module 115 configured to encrypt and decrypt information according to a specified cryptographic standard, and based on the address space (AS) encryption keys 126 (i.e. location dependent input). See  Fig 8 and text on [0064-0066] teaches the SM firmware 132 receives a request from a customer wishing to execute the guest VM, The SM firmware 132 provides the generated AS encryption key directly to the encryption module 115 at the northbridge 110, the SM firmware 132 controls the encryption module 115 to encrypt the address space for the guest VM using the AS encryption key (i.e. location dependent cryptographic input because the AS keys are locally generated based on physical address space of memory (i.e. hardware information) see para [0021 and 0040]));
 receive a request to modify the consolidated storage block (Powell on [0066] teaches receiving a request for encrypting an image);
 cause, by the hypervisor, the data of the consolidated storage block to be decrypted using the location dependent cryptographic input to produce decrypted data (Powel on [0040] teaches the northbridge 110 includes an encryption module 115 configured to encrypt and decrypt information according to a specified cryptographic standard, and based on the address space (AS) encryption keys 126 (i.e. decrypting using location dependent cryptographic input));
 cause, by the hypervisor, the decrypted data of the consolidated storage block to be encrypted using a location independent cryptographic input to produce encrypted data (Powell on [0021] teaches in response to a request from the requestor to migrate the guest VM to the requestor, the security module can generate transport encryption keys and encrypt the guest VM, including its secure data, with the transport encryption keys (i.e. location independent cryptographic input). See on [0048] teaches the security module 130 first decrypts the information at the secure address space 125 for the software entity, then re-encrypts the information using the transport key).
Although Powell teaches encrypting data using different location dependent cryptographic input, but fails to explicitly teach a plurality of duplicate storage blocks into a consolidated storage block in memory, copy, by the hypervisor, the encrypted data that is encrypted using the location independent cryptographic input from the first storage location to a second storage location, cause, by the hypervisor, the encrypted data at the first storage location and the encrypted data at the second storage location to be decrypted using location independent cryptographic input and to each be encrypted using a different location dependent cryptographic input; and update a reference associated with one of the duplicate storage blocks from the first storage location to the second storage location, however Cordella from analogous art teaches a plurality of duplicate storage blocks into a consolidated storage block in memory  (Cordella Fig 9 block 90 and text on [0096] teaches a location within memory 92 to which the selected data is written. Physical locations (i.e. first storage location) within memory 92 can be divided into blocks (i.e. plurality of storage blocks), and the base of each block may be associated with a unique pointer value (e.g., a memory address for one or more memory locations in the block). The unique pointer value may be associated a physical location within memory 12. Each memory location within memory 92 may be associated with a respective memory address (i.e. plurality of block in referring physical location in memory). See on [0025] teaches memory location may be associated with multiple memory addresses (e.g., a block of contiguous or non-contiguous memory locations). See on [0025] encryption key used to encrypt the contents of the memory stored at the memory location (i.e. first storage location) may be based on one or more of the memory addresses. For example, a unique pointer may be associated with the block of multiple memory addresses);
Cordella on [0024-0025, 0064, and 0069] teaches each data word stored by a memory at a respective location is encrypted with a different location specific encryption key. See on [0041] teaches The encryption algorithm with which control system 14 encrypts data stored by memory 12 results in a unique encryption key for each memory location of memory 12, the adversary must determine multiple encryption keys in order to decrypt data stored at more than one location of memory 12);
and update a reference associated with one of the duplicate storage blocks from the first storage location to the second storage location (Cordella on [0112] teaches the address mapping between the internal bus 96 and the physical memory 92 address will be unique, so the same contents will be stored and accessed at different addresses. See on [0095] Processor 98 may be configured to select a location within memory 92 to which the data is to be written and determine the unique pointer value associated with the memory location; this unique pointer value (e.g., any memory address that maps to a location within memory 92) is then specified on address bus 96).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Cordella into the teaching of Powell by having plurality of storage block in memory and encrypting data using different location dependent cryptographic input and further updating reference of storage location. One would be motivated to do so in order to protect data from unauthorized access (Cordella on [0004]).
The combination of Powell and Cordella teaches copying encrypted data to another storage but fails to explicitly teach copy, by the hypervisor, the encrypted data that is encrypted using the location independent cryptographic input from the first storage location to a second storage location, however Pratt from analogous art teaches copy, by the hypervisor, the encrypted data that is encrypted using the (Pratt on [Col 5 line 42-60 and Col 7 line 1-20] teaches copying the encrypted version of memory pages into different location in the memory).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Pratt into the combined teaching of Powell and Cordella by having a Kernel managing storage and copying data from one storage location to another. One would be motivated to do so in order to ensure the privacy and integrity of a hypervisor (Pratt on [Col 1 line 13-15]).
Regarding claim 3, 14 and 18 the combination of Powell, Cordella and Pratt teaches all the limitations of claim 1, 12 and 16 respectively, Powell further teaches wherein the location independent cryptographic inputs and the location dependent cryptographic input are accessible to a hardware device performing a cryptographic function (Powell Fig 1 and text on [0030] teaches hardware processor uses transport key and address space key);
and are concealed from a kernel copying the encrypted data, wherein the kernel is a portion of at least one of a host operating system, a hypervisor, or a guest operating system (Powell on [0041] teaches these keys are inaccessible by a hypervisor or other entities executing at the processor).
Regarding claim 4, 15 and 19 the combination of Powell, Cordella and Pratt teaches all the limitations of claim 1, 12 and 16 respectively, Powell further teaches wherein the kernel comprises a hypervisor and wherein the encrypted data at the first storage location and the encrypted data at the second storage location are accessible to a virtual machine in an unencrypted form without being accessible to the hypervisor in an unencrypted form (Powell on [0017, 0020, 0022 and 0038] teaches To protect each guest VM from unauthorized access, the hypervisor can assign each VM to a corresponding encrypted address space. the security module provides the encryption keys directly to the memory controller, such that the hypervisor cannot access the encryption keys. Thus, the keys for authentication of the security module and for encryption of corresponding address spaces are generated and maintained by the firmware of the security module in response to requests from the hypervisor. The authentication and encryption keys are therefore not accessible by the hypervisor).
Regarding claim 5 the combination of Powell, Cordella and Pratt teaches all the limitations of claim 1 above, Powell further teaches wherein the first storage location comprises a first memory page and the second storage location comprises a second memory page and wherein the first memory page and second memory page are assigned to different virtual machines (Powell on [0004] teaches the hypervisor maintains isolation of VM information by maintaining separate memory page tables and other logical entities for each VM).
Regarding claim 6 the combination of Powell, Cordella and Pratt teaches all the limitations of claim 5 above, Powell further teaches wherein data at second storage location is encrypted using a  location dependent cryptographic input corresponds to the second storage location is based on a hardware feature of a device storing the second memory page, wherein the hardware feature comprises a physical address of for the second storage (Powell on [0035] teaches the control bits are set by the processing system 100 so that particular types of information, such as instruction information, or page table information that provides a mapping of virtual addresses to physical addresses of the memory. on [0040] teaches The encryption module 115 employs the selected key to encrypt the information to be written and provides the write request, with the encrypted information, to the memory 120 for storage. See on [0064-0066] teaches the SM firmware 132 receives a request from a customer wishing to execute the guest VM, The SM firmware 132 provides the generated AS encryption key directly to the encryption module 115 at the northbridge 110, the SM firmware 132 controls the encryption module 115 to encrypt the address space for the guest VM using the AS encryption key (i.e. location dependent cryptographic input because the AS keys are locally generated based on address space see para [0021 and 0040])).

Regarding claim 9 the combination of Powell, Cordella and Pratt teaches all the limitations of claim above, Powell further teaches wherein causing the data to be encrypted using the location independent cryptographic input comprises: (Powell on [0021] teaches in response to a request from the requestor to migrate the guest VM to the requestor, the security module can generate transport encryption keys and encrypt the guest VM, including its secure data, with the transport encryption keys (i.e. location independent cryptographic input. This encryption is performed before data is migrated to requestor and is encrypted using key not using address space));
and instructing, by the hypervisor, the hardware device to encrypt the data at the first storage location using the location independent cryptographic input (Powell on [0021] teaches in response to a request from the requestor to migrate the guest VM to the requestor, the security module can generate transport encryption keys and encrypt the guest VM, including its secure data, with the transport encryption keys (i.e. location independent cryptographic input)).
Regarding claim 20 the combination of Powell and Cordella teaches all the limitations of claim 16 above, Powell further teaches wherein the first storage location comprises a first memory page and the second storage location comprises a second memory page and wherein the first memory page and second memory page are assigned to different virtual machines (Powell on [0004] teaches the hypervisor maintains isolation of VM information by maintaining separate memory page tables and other logical entities for each VM).

Claims 2, 7, 13 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Powell et al (hereinafter Powell) (US 20170277898) in view of Cordella et al (hereinafter US 20130145177), and Pratt (US 9021476) and further in view of Muraki et al (hereinafter Muraki) (US 20080072072).

2, 13 and 17 the combination of Powell, Cordella and Pratt teaches all the limitations of claim 1, 12 and 16 respectively, the combination fails to explicitly teach the encrypted data at the first storage location comprises non- modifiable data, wherein the encrypted data at the second storage location comprises modifiable data, but Muraki teaches the encrypted data at the first storage location comprises non- modifiable data (Muraki on [0206] teaches data on first storage is non-alterable);
wherein the encrypted data at the second storage location comprises modifiable data (Muraki on [0128] teaches The MPEG-TS processing section 204 extracts not only the video and audio packets V1 and A1 of Program No. 1 but also PAT and PMT1 tables of program association information from the TS shown in FIG. 3(a) and modifies the contents of those tables for the partial TS. As a result, PAT' and PMT1' are included in the partial TS).

Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Muraki into the combined teaching of Powell, Cordella and Pratt by having non-modifiable encrypted data. One would be motivated to do so in order to protect copyright of content appropriately and avoiding the risk of copyright infringement (Muraki on [0024-0025 and 0039]).
Regarding claim 7 the combination of Powell, Cordella and Pratt teaches all the limitations of claim 1 above, Powell teaches the location independent cryptographic inputs comprise a cryptographic key, but fails to explicitly teach further teaches wherein the location independent cryptographic inputs comprise a cryptographic key generated in view of a cryptographic bit sequence provided by a hypervisor, but Muraki teaches wherein the location independent cryptographic inputs comprise a cryptographic key generated in view of a cryptographic bit sequence provided by a hypervisor (Muraki on [0165] teaches The title key generating section 501 generates a random number of 56 bits and outputs it as a title key Kt for encrypting each content).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Muraki into the combined teaching of Powell, Cordella and Pratt by generating key based on bit. One would be motivated to do so in order to protect copyright of content appropriately and avoiding the risk of copyright infringement (Muraki on [0024-0025 and 0039]).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Powell et al (hereinafter Powell) (US 20170277898) in view of Cordella et al (hereinafter US 20130145177), in view of Pratt (US 9021476) and further in view of Gidwani (US 20130114812).
Regarding claim 10 the combination of Powell, Cordella and Pratt teaches all the limitations of claim 1 above, Powel further teaches wherein causing the data of the storage block to be decrypted and encrypted using location independent cryptographic input (Powell on [0048] the security module 130 first decrypts the information at the secure address space 125 for the software entity, then re-encrypts the information using the transport key).
The combination of Powell, Cordella and Pratt fail to explicitly teach use of an in-place cryptographic function that avoids copying the data of the storage block to another location during a decryption and during an encryption of the data of the storage block, However Gidwani form analogous art teaches use of an in-place cryptographic function that avoids copying the data of the storage block to another location during a decryption and during an encryption of the data of the storage block (Gidwani on [0032-003] teaches preventing copying of encrypted or decrypted content from one device to another).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Gidwani into the combined teaching of Powell, Cordella and Pratt by (Gidwani on [0011-0012]).

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Powell et al (hereinafter Powell) (US 20170277898) in view of Cordella et al (hereinafter US 20130145177), in view of Pratt (US 9021476) and further in view of Kaplan et al (hereinafter Kaplan) (US 20150248357).

Regarding claim 11 the combination of Powell, Cordella and Pratt teaches all the limitations of claim 1 above, the combination of Powell, Cordella and Pratt fails to explicitly teach wherein updating the reference comprises: updating a page table entry, invalidating a corresponding entry within a translation lookaside buffer and flushing the translation lookaside buffer, However Kaplan from analogous art teaches wherein updating the reference comprises: updating a page table entry (Kaplan on Fig 5, Fig 6 and text [0045-0046, and 0056-0058] teaches updating entry 348 indexed by virtual address indicating pages associated with physical address. See also on [0052] teaches assigning entry 328 to virtual address);
invalidating a corresponding entry within a translation lookaside buffer (Kaplan on [0047] teaches If the TLB 346 does not include an entry corresponding to the virtual address. See also on [0064] teaches checking by TLB whether it has an entry if not then performs a table walk to identify a system physical address and the C-bit value for the virtual address);
 and flushing the translation lookaside buffer (Kaplan on [0059 and 0071] teaches flushing the entries of TLB).

Kaplan on [0004]).
Allowable Subject Matter
Claim 8 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Lal et al (US 20170364707) Technologies for trusted I/O include a computing device having a processor, a channel identifier filter, and an I/O controller. The I/O controller may generate an I/O transaction that includes a channel identifier and a memory address. The processor encrypts I/O data at the memory address in response to invocation of a processor feature and copies the encrypted data to a memory buffer outside of the processor reserved memory region. The processor may securely clean the processor reserved memory region before encrypting and copying the data
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522.  The examiner can normally be reached on 7AM-5PM EST M-TH Alternate Fridays.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MOHAMMAD W REZA/Primary Examiner, Art Unit 2436                                                                                                                                                                                                        




/MOEEN KHAN/Examiner, Art Unit 2436