Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Response to Argument
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.
Applicant's arguments filed on 10/20/2021 have been fully considered but they are not persuasive.
In the remarks, Applicant argued in substance that:
(a) in Applicant’s claims, the first hypervisor receives a notification from a central controller that “a second hypervisor has restarted,” and the first hypervisor (not the controller), in response to receiving this notification, “remov[es] ... the security association with the second hypervisor” and “establish[es] ... a new security association with the second hypervisor.”. Erez describes a virtualization manager re-registering a key with a particular hypervisor upon detecting that the particular hypervisor has restarted. Erez, [0016]. There is no discussion in Erez of notifying one hypervisor that another hypervisor has restarted, as in Applicant’s claims. While Erez does teach that hypervisors can restart, and that actions can be taken when such a restart is detected, this does not mean that it was obvious to notify a “first hypervisor” that “a second hypervisor has restarted,” as recited in Applicant’s claims. Erez (like Jahid) does not teach a new security association being established by a first hypervisor with a second 
Examiner respectfully traversed Applicant’s remarks:
As to point (a), the examiner respectfully disagrees with the applicant’s argument. 
Claim 1 merely disclose “receiving, by a first hypervisor, a notification from a central controller that includes an indication that a second hypervisor has restarted, wherein a security association has been established between the first hypervisor and the second hypervisor; and in response to receiving the notification; removing, by the first hypervisor, the security association with the second hypervisor and establishing, by the first hypervisor, a new security association with the second hypervisor” without further limitation” without further limitation how to receive a notification from a central control including an indication that a second hypervisor has restarted in detail.
Regarding the limitation “receiving, by a first hypervisor, a notification from a central controller that includes an indication that a second hypervisor has restarted”, Jahid discloses “sending, by a controller, new key to all of the hypervisors to which a particular KP applies defines the span of the KP based on an event (or changes) from a hypervisor” (paragraph [0032], [0038], [0047])” (e.g., receiving, by a first hypervisor, a notification from a central controller that includes an indication ... ). Erez discloses “detecting, by a virtualization manager, that hypervisor is re-started and re-registering the secret key with the relevant hypervisor” (paragraph [0016], detecting, by a virtualization manager, that hypervisor is re-started and re-registering the secret key with the relevant hypervisor of Erez, thereby sending, by a controller, new key to all of the hypervisors to which a particular KP applies defines the span of the KP based on an event (or changes) such as re-starting from a hypervisor (e.g., receiving, by a first hypervisor, a notification from a central controller that includes an indication that a second hypervisor has restarted). The motivation would have been to manage a secret key (e.g., a data structure used for authentication of storage users by a data storage domain) so that it can be securely transferred to access a data storage domain associated with a VM. (Erez paragraph [0016]).
For at least the foregoing reasons, Jahid in view of Erez teaches the every feature of independent claims 1, 8, and 15 and thus can anticipate the claims.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made

Claims 1-3, 6-10, 13-17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Jahid et al. (US 2018/0063103, hereinafter Jahid) in view of Erez et al. (US 2018/0034791, hereinafter Erez).

Regarding claim 1, Jahid discloses
A method for handling a hypervisor restart event in a distributed network system, the method comprising:
receiving, by a first hypervisor, a notification from a central controller that includes an indication ... (paragraph [0030]: As part of the key revocation and as part of a key rotation, a logical master generates a new set of SPI/KID pairs for the revoked encryption key's key policy; paragraph [0032]: newly retrieved keys are used after a particular amount of time (e.g., a user-configured time for manual key rotation, or a predetermined time for automatic key rotation) to allow most or all of the hypervisors to retrieve all the keys necessary for network encryption; paragraph [0038]: The set of hypervisors to which a particular KP applies defines the span of the KP; paragraph [0047]: The controller in some embodiments generates new tickets based on an event (e.g., receipt of a new key policy or encryption rule from a manager, or a VM being migrated to or from a hypervisor so that a key policy's applicability to the hypervisor changes, etc.) that requires a new ticket to be generated for a hypervisor), wherein a security association has been established between the first hypervisor and the second hypervisor (paragraph [0006]: the controller responsible for a particular KP is referred to as the logical master of the KP and generates a security parameter index (SPI) or set of SPIs and a key identifier (KID) or set of KIDs; paragraph [0030]: As part of the key revocation and as part of a key rotation, a logical master generates a new set of SPI/KID pairs for the revoked encryption key's key policy; paragraph [0032]: newly retrieved keys are used after a particular amount of time (e.g., a user-configured time for manual key rotation, or a predetermined time for automatic key rotation) to allow most or all of the hypervisors to retrieve all the keys necessary for network encryption; paragraph [0038]: The set of hypervisors to which a particular KP applies defines the span of the KP); and
in response to receiving the notification: removing, by the first hypervisor, the security association with the second hypervisor and establishing, by the first hypervisor, a new security association with the second hypervisor (paragraph [0030]: As part of the key revocation and as part of a key rotation, a logical master generates a new set of SPI/KID pairs for the revoked encryption key's key policy; paragraph [0032]: newly retrieved keys are used after a particular amount of time (e.g., a user-configured time for manual key rotation, or a predetermined time for automatic key rotation) to allow most or all of the hypervisors to retrieve all the keys necessary for network encryption. If hypervisor 131 receives a key revocation for a stored key from its physical master, it immediately stops using the stored encryption key; paragraph [0038]: The set of hypervisors to which a particular KP applies defines the span of the KP).
a second hypervisor has restarted. Erez teaches ... a second hypervisor has restarted (paragraph [0016]: Because data structure comprising the UUID for the key is only kept in volatile memory, when either the service or the hypervisor are re-started the UUID for the key is cleared from the volatile memory and, therefore the key needs to be re-registered to the hypervisor before the data storage domain can be accessed, for example, by a VM associated with the hypervisor; paragraph [0039]: In response to the virtualization manger 110 detecting that the hypervisor is re-started or that the storage domain is re-booted and back on-line, the secret keys agent 117 may re-register the secret key with the relevant hypervisor). It would have been obvious to one of ordinary skill in the art at the time the claimed invention was effectively filed to modify the teaching, i.e., sending, by a controller, new key to all of the hypervisors to which a particular KP applies defines the span of the KP based on an event (or changes) from a hypervisor, of Jahid by detecting, by a virtualization manager, that hypervisor is re-started and re-registering the secret key with the relevant hypervisor of Erez, thereby sending, by a controller, new key to all of the hypervisors to which a particular KP applies defines the span of the KP based on an event (or changes) such as re-starting from a hypervisor. The motivation would have been to manage a secret key (e.g., a data structure used for authentication of storage users by a data storage domain) so that it can be securely transferred to access a data storage domain associated with a VM. (Erez paragraph [0016]).
Regarding claim 8 referring to claim 1, Jahid discloses A system comprising: one or more processors; and at least one memory storing instructions that, when executed by the one or more processors, cause the system (Fig. 8) to perform operations for handling a hypervisor restart event in a distributed network system, the operations comprising: ... (See the rejection for claim 1).
Regarding claim 15 referring to claim 1, Jahid discloses A non-transitory computer readable medium comprising instructions that, when executed by one or more processors of a computer system, cause the computer system (Fig. 8) to perform a method for handling a hypervisor restart event in a distributed network system, the method comprising: ... (See the rejection for claim 1).

Regarding claims 2, 9, and 16, Jahid discloses
wherein the security association comprises a security policy that is shared between the first hypervisor and the second hypervisor (paragraph [0038]: The set of hypervisors to which a particular KP applies defines the span of the KP).

Regarding claims 3, 10, and 17, Jahid discloses
wherein the security policy comprises a distributed networking encryption (DNE) policy (Title: SECURE KEY MANAGEMENT PROTOCOL FOR DISTRIBUTED NETWORK ENCRYPTION; paragraph [0038]: The set of hypervisors to which a particular KP applies defines the span of the KP).

Regarding claims 6, 13, and 20, Jahid does not teach further comprising: determining, by the second hypervisor, that the second hypervisor has restarted; generating, by the second hypervisor, a session identifier; and sending, by the second hypervisor, the session identifier to the central controller. Erez teaches further comprising: determining, by the second hypervisor, that the second hypervisor has restarted; generating, by the second hypervisor, a session identifier; sending, by the second hypervisor, the session identifier to the central controller (paragraph [0016]: Because data structure comprising the UUID for the key is only kept in volatile memory, when either the service or the hypervisor are re-started the UUID for the key is cleared from the volatile memory and, therefore the key needs to be re-registered to the hypervisor before the data storage domain can be accessed, for example, by a VM associated with the hypervisor; paragraph [0039]: In response to the virtualization manger 110 detecting that the hypervisor is re-started or that the storage domain is re-booted and back on-line, the secret keys agent 117 may re-register the secret key with the relevant hypervisor). In this case, the virtualization manager implicitly detects certain information (i.e., session identifier) from the hypervisor to determine whether the hypervisor has been re-started. It would have been obvious to one of ordinary skill in the art at the time the claimed invention was effectively filed to modify the teaching, i.e., sending, by a controller, new key to all of the hypervisors to which a particular KP applies defines the span of the KP based on an event (or changes) from a hypervisor, of Jahid by detecting, by a virtualization manager, that hypervisor is re-started and re-registering the secret key with the relevant hypervisor of Erez, thereby sending, by a controller, new key to all of the hypervisors to which a particular KP applies defines the span of the KP based on an event (or changes) such as re-starting from a hypervisor. The motivation would have been to manage a secret key (e.g., a data structure used for authentication of storage users by a data storage 

Regarding claims 7 and 14, Jahid discloses
wherein the central controller stores an association between the first hypervisor and the second hypervisor (paragraph [0006]: the controller responsible for a particular KP is referred to as the logical master of the KP and generates a security parameter index (SPI) or set of SPIs and a key identifier (KID) or set of KIDs; paragraph [0030]: As part of the key revocation and as part of a key rotation, a logical master generates a new set of SPI/KID pairs for the revoked encryption key's key policy; paragraph [0032]: newly retrieved keys are used after a particular amount of time (e.g., a user-configured time for manual key rotation, or a predetermined time for automatic key rotation) to allow most or all of the hypervisors to retrieve all the keys necessary for network encryption; paragraph [0038]: The set of hypervisors to which a particular KP applies defines the span of the KP).

Allowable Subject Matter
Claims 4, 5, 11, 12, 18, and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SISLEY KIM whose telephone number is (571)270-7832.  The examiner can normally be reached on 9:30 A.M - 6:30 P.M. 
	If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Emerson Puente can be reached on (571)272-3652. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
/SISLEY N KIM/Primary Examiner, Art Unit 2196                                                                                                                                                                                                        12/27/2021