DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8/13/20 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments
The rejection under 35 U.S.C. 101 for claims 15 and 19 has been withdrawn due to the amended claims. 
Applicant’s arguments, filed 10/7/2020, with respect to Raizen (US 8261068) in view of Li (US 20170329625) in view of Werner (US 20150341171) have been fully considered and are persuasive.  The rejection presented in the previous non-final office action has been withdrawn. Upon further consideration, a new ground(s) of rejection is made in view of Nord (US 20120297206).
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  


Claims 1 and 19 are rejected under 35 U.S.C. 102(a) (2) as being anticipated by Nord (US 20120297206).
As per claims 1 and 19, Nord discloses a method for supporting encrypted hard drives in a virtual disk storage system, the method comprising: 
receiving a request to create a virtual disk instance that supports encrypted hard drive protocols (Nord, Para. 0081, a server may receive a request to generate an encrypted virtual hard disk, the request including a user identifier of the user for whom the virtual hard disk will be created. The request may be received by a virtual hard disk creator or virtual hard disk creation engine executed by the server);
instantiating, with a virtual machine, a virtual disk in response to the request (Nord, Para 51, the computing machine 100 can execute PARALLELS or another virtualization platform that can execute or manage a virtual machine executing a first operating system; Para. 0081, a server may receive a request to generate an encrypted virtual hard disk, the request including a user identifier of the user for whom the virtual hard disk will be created. The request may be received by a virtual hard disk creator or virtual hard disk creation engine executed by the server; Para 0085, the server or virtual hard disk creation engine may create the virtual hard disk; Para 0094, the virtual hard disk may be mounted or otherwise provided to an operating system)
creating an internal disk storage area in the virtual disk, the internal disk storage area being exposed to a controller of the virtual disk (Nord, Para. 0063,  a non-encrypted header 218 of the virtual hard disk 200' includes a volume GUID 220. The volume GUID 220 may comprise any globally-unique identifier of the virtual hard disk 200' and may be generated during creation of the virtual hard disk. GUID 220 may be stored within a data string, field, or tag as part of the header 218 of the virtual hard disk 200. Virtual hard disk 200' may be stored within another disk, which may be encrypted by a whole-disk encryption system. Thus, header 218 may be further encrypted. Accordingly, in some examples, header 218 may be considered non-encrypted or clear if it is readable by a decryption system or engine decrypting virtual hard disk 200'.), 
wherein the internal disk storage area is used to implement the encrypted hard drive protocols, and the encrypted hard drive protocols use the internal disk storage area to maintain an internal disk state (Nord, Para. 0063-0065, virtual hard disk 200' may be stored within another disk, which may be encrypted by a whole-disk encryption system. The virtual hard disk 200' may be created for a specific user or responsive to a user request in some instances. The user may be identified by a user ID 220, which may comprise a user-specific identifier or string.). 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the 
Claims 2, 6 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Nord (US 20120297206) in view of Liu (US 20140244898).  
As per claims 2 and 20, Nord does not disclose; however, Liu discloses the method of claim 1, wherein the internal disk storage area is implemented as a dedicated block backend (Liu, Para. 0017, Virtual SCSI layer 108 can then translate the virtual SCSI commands into a command/data format that virtualization software 104 can use to access the physical storage device(s) on which virtual disks 112 are stored (e.g., backend storage array 114).)
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Liu with the system and method of Nord given the benefit of where the I/O command identifies a data block of a virtual disk.
As per claim 6, Nord does not disclose; however, Liu discloses the method of claim 4, further comprising: 
accepting, by a virtio-SCSI layer, secure protocol requests (Liu, Para. 0017, Virtual SCSI layer 108 can receive I/O requests from VMs 106 in the form of virtual SCSI commands (i.e., SCSI commands directed to virtual SCSI devices corresponding to one or more virtual disks 112).); 
translating, by the virtio-SCSI layer, the secure protocol requests into logical requests (Liu, Para. 0017, Virtual SCSI layer 108 can then translate the virtual SCSI commands into a command/data format that virtualization software 104 can use to access the physical storage device(s) on which virtual disks 112 are stored (e.g., backend storage array 114).); and 
providing the logical requests to the first backend (Liu, Para. 0017, Virtual SCSI layer 108 can then translate the virtual SCSI commands into a command/data format that virtualization software 104 can use to access the physical storage device(s) on which virtual disks 112 are stored (e.g., backend storage array 114).)
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Liu with the system and method of Nord given the benefit of where the I/O command identifies a data block of a virtual disk.
Claims 3-5, 21-23 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Nord (US 20120297206) in view of Liu (US 20140244898), and further in view of Raizen (US 8261068).
As per claims 3 and 21, Nord does not disclose; however, Raizen discloses the method of claim 2, wherein the dedicated block backend exposes capability to perform system input/output operations to a header of a block device (Raizen, Col 20, lines 50-55, location of the metadata 46 is platform specific and may depend further on the formatting the device on that platform; col. 29, lines 3-12, the I/O filter system 28 is installed to a host and a command is executed that turns encryption on … for a given device 4, 5, 9, and col. 30, lines 9-12, the xcrypt manager 64 writes the key_id into the metradata 46, such as via the vlumd manager 68 (block 1130), which allocates metadata space, writes a signature into meta-data space, and writes the key_id into metadata space; see also fig. 12 (method of writing data to an eVLU); and fig. 13 (method of reading data from an eVLU)).). 

As per claims 4 and 22, Nord does not disclose; however, Raizen discloses the method of claim 2, wherein the dedicated block backend includes a first backend for writing disk-internal data to the internal disk storage area, and a second backend implements the encrypted hard drive protocols (Raizen, Fig 4, Xcrypt Manager and VLumd; col. 23, lines 40-57 and col. 23, line 58-co.. 24, line 6. .).
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Raizen with the system and method of  Nord given the benefit of encrypting and decrypting data being written to and read from logical units and for replication of encrypted logical units.
As per claims 5 and 23, Nord does not disclose; however, Raizen discloses the method of claim 4, wherein the second backend is stacked above the first backend (Raizen, Fig 4, Xcrypt Manager and VLumd; col. 23, lines 40-57 and col. 23, line 58-co.. 24, line 6 ) 
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Raizen with the system and method of  Nord given the benefit of encrypting and decrypting data being written to and read from logical units and for replication of encrypted logical units.
As per claim 26, Nord does not disclose; however, Raizen discloses the system of claim 19, wherein the internal disk storage area includes band metadata corresponding to bands of data in the virtual disk (Raizen, Col. 18, lines 50-63, areas of the LU that need to remain unencrypted, such as the metadata and OS-specific areas, can be put into a partition not used for data … metadata 46 can … be used to implement functions (such as mirroring and/or partitioning) in addition to providing a location on the eVLU 40b for storage of the key_id… the metadata stores information about regions of the eBLU40b that are to be left as plaintext; Col 37, lines 57-67, metadata on an eVLU needs to be re-read when certain things occur, such as after data has been replicated to a device, after opening a device and/or to cover situations where metadata is changed on a device.).
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Raizen with the system and method of  Nord given the benefit of encrypting and decrypting data being written to and read from logical units and for replication of encrypted logical units.
Claims 7 and 24 are rejected under 35 U.S.C. 103 as being unpatentable over Nord (US 20120297206) in view of Oshins (US 20170017422).
As per claims 7 and 24, Nord does not disclose; however, Oshins discloses the method of claim 1, wherein the internal disk storage area is not directly accessible by a guest operating system (Oshins, Para. 0028, each child partition (246 and 248) can be mapped to a set of hardware resources, e.g., memory, devices, logical processor cycles, etc., that is under control of the hypervisor 202 and/or the parent partition and hypervisor 202 can isolate processes in one partition from accessing another partition's resources, e.g., a guest operating system in one partition may be isolated from the memory of another partition..).
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Oshins with the system and method of Nord given the benefit of offloading to a 
Claims 8-9 are rejected under 35 U.S.C. 103 as being unpatentable Nord (US 20120297206) in view of Oshins (US 20170017422) in view of Raizen (US 8261068) in view of Liu (US 20140244898).
As per claim 8, Nord and Oshins do not disclose; however, Raizen discloses the method of claim 7, further comprising: 
adjusting an input/output offset for the input/output request by incrementing the input/output offset by a size of the internal disk storage area (Raizen, Col 18, lines 36-41, size spoofing of the LU, where the size spoofing involves showing the code running above the I/O filter driver that the size of the device is the size minus the size of the metadata area, which has the effect that no entity other than the I/O filter system (and I/O filter driver) is able to access the metadata region. ); 
processing the input/output request (Raizen, Col 18, lines 40-41, than the I/O filter system (and I/O filter driver) is able to access the metadata region.);
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Raizen with the system and method of  Nord and Oshins given the benefit of encrypting and decrypting data being written to and read from logical units and for replication of encrypted logical units.
Nord, Oshins and Raizen do not disclose; however, Liu discloses receiving, at a block backend, an input/output request from the guest operating system (Liu, Para. 0017, Virtual SCSI layer 108 can receive I/O requests from VMs 106 in the form of virtual SCSI commands (i.e., SCSI commands directed to virtual SCSI devices corresponding to one or more virtual disks 112);
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Liu with the system and method of Nord, Oshins and Raizen given the benefit of where the I/O command identifies a data block of a virtual disk.
As per claim 9, Nord and Oshins do not disclose; however, Raizen discloses method of claim 8, wherein the size of the internal disk storage area is obtained from the virtual machine (Raizen, Col 18, lines 36-41, size spoofing of the LU, where the size spoofing involves showing the code running above the I/O filter driver that the size of the device is the size minus the size of the metadata area, which has the effect that no entity other than the I/O filter system (and I/O filter driver) is able to access the metadata region.)
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Raizen with the system and method of  Nord and Oshins given the benefit of encrypting and decrypting data being written to and read from logical units and for replication of encrypted logical units.
  Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Nord (US 20120297206) in view of Mcleod (US 20130132950).
As per claim 10,  Nord does not disclose; however, McLeod discloses the method of claim 1, further comprising storing, at a front of a virtual disk storage device of the virtual disk storage system, band metadata (McLeod, Para. 0027, The OS metadata generator 205 can store the metadata 275 in a data store 270 based on configuration data ). 
.
Claims 11-13 are rejected under 35 U.S.C. 103 as being unpatentable over Nord (US 20120297206) in view of Mcleod (US 20130132950) in view of Raizen (US 8261068).
As per claim 11, Nord and Mcleod do not disclose; however, Raizen discloses the method of claim 10, further comprising modifying a state of a band of the virtual disk storage device concurrently with input/output from the virtual disk (Raizen, Col 37, lines 57-67, re-reading the metadata for a device, including a device whose state may have changed since host restart. Generally, metadata on an eVLU needs to be re-read when certain things occur, such as after data has been replicated to a device, after opening a device and/or to cover situations where metadata is changed on a device. ). 
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Raizen with the system and method of  Nord and Mcleod given the benefit of encrypting and decrypting data being written to and read from logical units and for replication of encrypted logical units.
As per claim 12, Nord and Mcleod do not disclose; however, Raizen discloses the method of claim 10, wherein the virtual disk storage device treats the band metadata as part of disk contents (Raizen, Col 37, lines 57-67, metadata on an eVLU needs to be re-read when certain things occur, such as after data has been replicated to a device, after opening a device and/or to cover situations where metadata is changed on a device.). 
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Raizen with the system and method of  Nord and Mcleod given the benefit of 
As per claim 13, Nord and Mcleod do not disclose; however, Raizen discloses the method of claim 11, further comprising appending a record onto a log file and maintaining a mapping reference of the input/output (Raizen, Col 9, lines 27-30, The I/O filter driver keeps a record of I/O requests that are sent to data storage subsystems until the I/O request is processed by data storage subsystems.). 
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Raizen with the system and method of  Nord and Mcleod given the benefit of encrypting and decrypting data being written to and read from logical units and for replication of encrypted logical units.
Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Nord (US 20120297206) in view of Mcleod (US 20130132950) in view of Abe (US 20150120741).  
As per claim 14, Nord and Mcleod do not disclose; however, Abe discloses the method of claim 10, further comprising folding the band metadata into a data storage domain for storing disk data (Abe, Abstract, (Metadata of) the files is classified. The files are each divided into metadata (index) and a file main body and are recorded on different storage areas, that is, an index partition (IP) and a data partition (DP), associated with each other. ). 
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Abe with the system and method of Nord and Mcleod given the benefit of mounting the storage in a file system and files created after the mounting as different groups.
Claims 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Nord (US 20120297206) in view of Raizen (US 8261068) in view of Liu (US 20140244898).  
As per claim 15, Nord discloses a virtual disk instantiated by a virtual machine, comprising: 
a storage device associated with a virtual disk (Nord, Para. 0081, a server may receive a request to generate an encrypted virtual hard disk, the request including a user identifier of the user for whom the virtual hard disk will be created. The request may be received by a virtual hard disk creator or virtual hard disk creation engine executed by the server).
Nord does not disclose; however, Raizen discloses a system area backend providing an interface to the internal disk storage area and an interface to the virtual disk (Raizen, Fig 4, Xcrypt Manager and VLumd; col. 23, lines 40-57 and col. 23, line 58-col. 24, line 6. .); 
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Raizen with the system and method of  Nord given the benefit of encrypting and decrypting data being written to and read from logical units and for replication of encrypted logical units.
Nord and Raizen do not disclose; however, Liu discloses wherein the virtual disk comprises:
 a virtual disk backend including the virtual disk and an internal disk storage area (Liu, Para. 0017, Virtual SCSI layer 108 can then translate the virtual SCSI commands into a command/data format that virtualization software 104 can use to access the physical storage device(s) on which virtual disks 112 are stored (e.g., backend storage array 114); Also, Claim 1, receiving, by a computer system, an I/O command originating from a virtual machine (VM), the I/O command identifying a data block of a virtual disk); and
a secure block backend stacked above the system area backend, the secure block backend providing encrypted hard drive protocol support, the secure block backend using the internal disk storage area to maintain an internal disk state (Liu, Para. 0017, Virtual SCSI layer 108 can then translate the virtual SCSI commands into a command/data format that virtualization software 104 can use to access the physical storage device(s) on which virtual disks 112 are stored (e.g., backend storage array 114).)
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Liu with the system and method of Nord and Raizen given the benefit of where the I/O command identifies a data block of a virtual disk.
As per claim 16, Nord and Raizen do not disclose; however, Liu discloses the virtual disk of claim 15, further comprising a virtio-SCSI layer implemented above the secure block backend (Liu, Para. 0017, Virtual SCSI layer 108 can receive I/O requests from VMs 106 in the form of virtual SCSI commands (i.e., SCSI commands directed to virtual SCSI devices corresponding to one or more virtual disks 112).)
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Liu with the system and method of Nord and Raizen given the benefit of where the I/O command identifies a data block of a virtual disk.
As per claim 17, Nord, Raizen and Liu disclose the virtual disk of claim 15.  Raizen further discloses the virtual disk of claim 15, wherein the secure block backend controls changes to a state of a band within the virtual disk (Raizen, Col 18, lines 36-41, size spoofing of the LU, where the size spoofing involves showing the code running above the I/O filter driver that the size of the device is the size minus the size of the metadata area, which has the effect that no entity other than the I/O filter system (and I/O filter driver) is able to access the metadata region.).
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Raizen with the system and method of  Nord and Liu given the benefit of encrypting and decrypting data being written to and read from logical units and for replication of encrypted logical units.
As per claim 18, Nord and Liu do not disclose; however, Raizen discloses the virtual disk of claim 17, wherein the internal disk storage area includes band metadata corresponding to the band within the virtual disk (Raizen, Col. 18, lines 50-63, areas of the LU that need to remain unencrypted, such as the metadata and OS-specific areas, can be put into a partition not used for data … metadata 46 can … be used to implement functions (such as mirroring and/or partitioning) in addition to providing a location on the eVLU 40b for storage of the key_id… the metadata stores information about regions of the eBLU40b that are to be left as plaintext;Col 37, lines 57-67, metadata on an eVLU needs to be re-read when certain things occur, such as after data has been replicated to a device, after opening a device and/or to cover situations where metadata is changed on a device.). 
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Raizen with the system and method of  Nord and Liu given the benefit of encrypting and decrypting data being written to and read from logical units and for replication of encrypted logical units.

Claim 25 is rejected under 35 U.S.C. 103 as being unpatentable over Nord (US 20120297206) in view of Oshins (US 20170017422) in view of Raizen (US 8261068).
As per claim 25, Nord and Oshins do not disclose; however, Raizen discloses the system of claim 24, wherein input/output requests received from the guest operating system are modified by incrementing an input/output offset by a size of the internal disk storage area (Raizen, Col 18, lines 36-41, size spoofing of the LU, where the size spoofing involves showing the code running above the I/O filter driver that the size of the device is the size minus the size of the metadata area, which has the effect that no entity other than the I/O filter system (and I/O filter driver) is able to access the metadata region.)
Therefore, it is obvious to one ordinary skilled in the art to incorporate the teaching of Raizen with the system and method of  Nord and Oshins given the benefit of encrypting and decrypting data being written to and read from logical units and for replication of encrypted logical units.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Newell (US 20130185480): 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANGELA R HOLMES whose telephone number is (571)270-3357.  The examiner can normally be reached on Monday-Friday 8:00AM-4:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/ANGELA R HOLMES/Examiner, Art Unit 2498                                                                                                                                                                                                        
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494