Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Response to Arguments
Applicant’s arguments with respect to claim(s) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC §103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 2, 7-9, 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over El-moussa (Pub. No. US 2020/0257814) in view of Blake (Pub. No. US 2015/0066859) in further view of Lakshman (Patent No. US 10,848,468)
Claim 1, El-moussa teaches “a method for encrypting an unencrypted source virtual disk of a virtual computing instance (VCI), the method comprising: copying and encrypting contents of the unencrypted source virtual disk to a destination virtual disk ([0028] The disk image 206 is at least partially unencrypted such that the disk image is susceptible to theft or attack. [0040] Thus, as illustrated in FIG. 2b, the user VM 210 in the security hypervisor 208 is migrated to the hypervisor 200 as user VM 210' including encryption agent 212' such that the data storage devices for the user VM 210' are wholly encrypted which, when stored, recorded or captured as a disk image file, provides a wholly encrypted disk image for the user VM 210'. [0042] Following provision of the user VM 210' migrated to the hypervisor 200 with encrypted data storage devices, the shutdown, closure, saving or recording of an image of the user VM 210' will result in a new disk image for the user VM 210' that includes the encrypted data storage devices, referred to herein as an encrypted disk image 406.); and during the copying and encrypting ([0049] FIG. 7 is concerned with the interception, detection or replacement of file-system write and read operations to encrypt data written to data storage devices of the user VM 602 and decrypt data read from data storage devices of user VM 602 so that the user VM 602 can operate at runtime with wholly encrypted data storage devices. [0038] The live migration can alternatively or additionally be achieved by a process of copying a disk image for the user VM 210 to a new user VM 210' instantiated in the hypervisor 200 and maintaining a synchronization of a state of the new virtual machine with a state of the user VM 210.)”.
However, El-moussa may not explicitly teach the remaining limitations of performing those operations during runtime.
Blake teaches “mirroring write commands issued to the unencrypted source virtual disk to both the unencrypted source virtual disk and the destination virtual disk; executing the mirrored write commands on the unencrypted source virtual disk by writing data corresponding to the write commands to the unencrypted source virtual disk as unencrypted data; and executing the mirrored write commands on the destination virtual disk by writing data corresponding to the write commands to the destination virtual disk as encrypted data ([0040] In another implementation, both the original disk file and the new disk file are copied to the mirror disk file during the same time period. [0042] When the hypervisor receives a write request at block 410, the hypervisor writes the data to the original disk file (i.e. unencrypted image of El-moussa) and to the mirror disk file (i.e. encrypted image of El-moussa) at block 412 to ensure both disk files have the current data.[Fig. 4, 406, 408, 410, 412] During synchronization (as taught by El-moussa), write commands are written to both images)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Blake with the teachings of El-moussa in order to provide a system that teaches as evidence that write operations of El-moussa are distributed and performed during encrypting. The motivation for applying Blake teaching with El-moussa teaching is to provide a system that allows for capturing of write changes. El-moussa, Blake are analogous art directed towards image management. Together El-moussa, Blake teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Blake with the teachings of El-moussa by known methods and gained expected results. 
However, the combination may not explicitly teach encrypting the data prior to writing the encrypted data to the destination virtual disk.
Lakshman teaches write commands are encrypted prior to storage within a virtual disk such that teaches “executing the mirrored write commands (i.e. commands of Blake) on the destination virtual disk by encrypting data corresponding to the write commands and writing the encrypted data to the destination virtual disk as encrypted data ([Col. 8 Line 48 – Col. 9 Line 46] In step 304 an application of the virtual machine that desires to write data into the storage platform sends a write request along with the data to be written and the name of a particular virtual disk (supplied to the application by the administrator earlier)… Next, in step 307, the current buffer of data held by the CVM is encrypted using the key and calling a third-party encryption library using its encrypt API…. In step 316 the CVM then sends the write request (in this case, the encrypted data itself to be written) to one of the data nodes returned in the previous step (e.g., data node E). The write request also includes an indication of the other two data nodes (B, D) to which the data should be written. The data node that receives the request then writes the data to its disk drives and then forwards the data to the other two nodes.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Lakshman with the teachings of El-moussa, Blake in order to provide a system that teaches explicitly that write operations may be encrypted prior to writing the operation to a virtual disk. The motivation for applying Lakshman teaching with El-moussa, Blake teaching is to provide a system that allows for the mirrored operations of the combination of El-moussa, Blake to be protected. El-moussa, Blake, Lakshman are analogous art directed towards image management. Together El-moussa, Blake, Lakshman teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Lakshman with the teachings of El-moussa, Blake by known methods and gained expected results. 
Claim 2, the combination teaches the claim, wherein El-moussa teaches “the method of claim 1, wherein the copying and encrypting is performed while the VCI is online ([0009] the software component accessing the first VM using privileged credentials to install a software agent in the first VM and to replicate the virtual disk of the first VM in the hypervisor data store as a duplicate disk, wherein the software agent is adapted to encrypt data written to, and decrypt data read from, the disk of the first VM at a runtime of the first VM).
Claim 7, the combination teaches the claim, wherein El-moussa teaches “the method of claim 1, further comprising configuring the VCI to use the destination virtual disk instead of the unencrypted source virtual disk after the copying and encrypting is complete ([0050] Subsequently, at 710, the security function 612 copies the virtual disk 604 to the shared data store 608 as a duplicate disk. At 712 the security function wholly encrypts the duplicate disk to provide WDE for the disk including encryption of any MBR and/or boot partitions. Thus an encrypted duplicate disk 604' is provided. At 714 the security function 612 prompts, triggers or affects an unmounting 716 of the virtual disk 604 from the user VM 602. The unmount process is essentially a software process in the context of virtualized machines and disk devices as is well known to those skilled in the art. Following the unmount the user VM 602 has no further access to the unencrypted virtual disk 604 which may, depending on a security policy, be discarded. At 718 the security function 612 copies the encrypted duplicate of the virtual disk 604' to the user VM 602 and prompts, triggers or affects a mounting 718 of the encrypted disk 604' so that the user VM 602 can access it via the cryptographic functionality of the encryption agent 614. Subsequently the security function may terminate at 724 or, alternatively, the security function may be retained for performance of similar functionality in respect of other user virtual machines.)”.
Claim 8, “a non-transitory computer-readable storage medium containing a program which, when executed by one or more processors, performs operations for encrypting an unencrypted source virtual disk of a virtual computing instance (VCI), the operations comprising: copying and encrypting contents of the unencrypted source virtual disk to a destination virtual disk; and during the copying and encrypting: mirroring write commands issued to the unencrypted source virtual disk to both the unencrypted source virtual disk and the destination virtual disk; executing the mirrored write commands on the unencrypted source virtual disk by writing data corresponding to the write commands to the unencrypted source virtual disk as unencrypted data; and executing the mirrored write commands on the destination virtual disk by encrypting data corresponding to the write commands and writing the encrypted data to the destination virtual disk” is similar to claim 1 and therefore rejected with the same references and citations.
Claim 9, “the non-transitory computer readable storage medium of claim 8, wherein the copying and encrypting is performed while the VCI is online” is similar to claim 2 and therefore rejected with the same references and citations.
Claim 14, “the non-transitory computer readable storage medium of claim 8, wherein the operations further comprise configuring the VCI to use the destination virtual disk instead of the unencrypted source virtual disk after the copying and encrypting is complete” is similar to claim 7 and therefore rejected with the same references and citations.
Claim 15, “a system, comprising: a processor; and a memory, wherein the memory includes a program executable in the processor to perform operations for encrypting an unencrypted source virtual disk of a virtual computing instance (VCI), the operations comprising: copying and encrypting contents of the unencrypted source virtual disk to a destination virtual disk; and during the copying and encrypting: mirroring write commands issued to the unencrypted source virtual disk to both the unencrypted source virtual disk and the destination virtual disk; executing the mirrored write commands on the unencrypted source virtual disk by writing data corresponding to the write commands to the unencrypted source virtual disk as unencrypted data; and executing the mirrored write commands on the destination virtual disk by encrypting corresponding to the write commands and writing the encrypted data to the destination virtual disk data” is similar to claim 1 and therefore rejected with the same references and citations.
Claim 16, “the system of claim 15, wherein the copying and encrypting is performed while the VCI is online” is similar to claim 2 and therefore rejected with the same references and citations.
Claims 3-6, 10-13, 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over El-moussa in view of Blake in view of Lakshman in further view of Ahmed (Pub. No. US 2018/0095775).
Claim 3, the combination may not explicitly teach the limitation.
Ahmed teaches “the method of claim 1, further comprising installing a mirror driver on the unencrypted source virtual disk and the destination virtual disk, wherein the mirror driver is configured to perform the mirroring ([0019] One method for promoting a linked clone VM to a full clone VM is to use a mirror driver. FIG. 3 illustrates a system 300 that includes a mirror driver (MD) 302 for online promote disk operations. Mirror driver 302 is installed on delta disk D3 214 and base disk B2 220. With mirror driver 302, VM2 204 can be promoted from a linked clone to a full clone (VM2 206) without powering off VM2 204. Therefore, the downtime associated with the VM for the promote disk operation is eliminated.)”.
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to apply the teachings of Ahmed with the teachings of El-moussa, Blake, Lakshman in order to provide a system that teaches utilizing drivers. The motivation for applying Ahmed teaching with El-moussa, Blake, Lakshman teaching is to provide a system that allows for performing mirroring operations without having to power down a VM. El-moussa, Blake, Lakshman, Ahmed are analogous art directed towards image management. Together El-moussa, Blake, Lakshman, Ahmed teach every limitation of the claimed invention. Since the teachings were analogous art known at the filing time of invention, one of ordinary skill could have applied the teachings of Ahmed with the teachings of El-moussa, Blake, Lakshman by known methods and gained expected results. 
Claim 4, the combination teaches the claim, wherein Ahmed teaches “the method of claim 3, further comprising removing the mirror driver after the copying and encrypting is complete ([0020] When a promote disk call (or instruction) is received to promote VM2 204, a new base disk (e.g., Base Disk B2 220) is created in the VM directory for VM2 204. Then the mirror driver 302 (also known as a mirror node) is installed. The mirror driver 302 is a type of filter placed on the I/O stack. To install the mirror driver 302, VM2 204 is stunned. A stun operation pauses the execution of the VM at an instruction boundary and allows in-flight I/Os to complete. While the VM is stunned, subsequent I/Os are quiesced (i.e., the I/Os are temporarily paused). Stunning a VM allows a number of different operations to be performed, such as creating or consolidating snapshots. In this embodiment, stunning allows the mirror driver 302 to be installed. Another stun operation is performed to remove mirror driver 302 when the promote disk operation is complete.)”.
Rational to claim 3 is applied here.
Claim 5, the combination teaches the claim, wherein Ahmed teaches “the method of claim 4, wherein the VCI is stunned during installing the mirror driver and removing the mirror driver ([0020] When a promote disk call (or instruction) is received to promote VM2 204, a new base disk (e.g., Base Disk B2 220) is created in the VM directory for VM2 204. Then the mirror driver 302 (also known as a mirror node) is installed. The mirror driver 302 is a type of filter placed on the I/O stack. To install the mirror driver 302, VM2 204 is stunned. A stun operation pauses the execution of the VM at an instruction boundary and allows in-flight I/Os to complete. While the VM is stunned, subsequent I/Os are quiesced (i.e., the I/Os are temporarily paused). Stunning a VM allows a number of different operations to be performed, such as creating or consolidating snapshots. In this embodiment, stunning allows the mirror driver 302 to be installed. Another stun operation is performed to remove mirror driver 302 when the promote disk operation is complete.)”.
Rational to claim 3 is applied here.
Claim 6, the combination may not explicitly teach the limitation.
Ahmed teaches “the method of claim 1, wherein the unencrypted source virtual disk is implemented as one or more snapshots and an active delta virtual disk file, wherein copying and encrypting contents of the unencrypted source virtual disk to the destination virtual disk comprises: copying and encrypting contents of the one or more snapshots to the destination virtual disk; and copying and encrypting contents of the active delta virtual disk file to an active destination virtual disk file of the destination virtual disk, wherein the during the copying and encrypting refers to during the copying and encrypting contents of the active delta virtual disk file ([0020] When a promote disk call (or instruction) is received to promote VM2 204, a new base disk (e.g., Base Disk B2 220) is created in the VM directory for VM2 204. Then the mirror driver 302 (also known as a mirror node) is installed. The mirror driver 302 is a type of filter placed on the I/O stack. To install the mirror driver 302, VM2 204 is stunned. A stun operation pauses the execution of the VM at an instruction boundary and allows in-flight I/Os to complete. While the VM is stunned, subsequent I/Os are quiesced (i.e., the I/Os are temporarily paused). Stunning a VM allows a number of different operations to be performed, such as creating or consolidating snapshots. In this embodiment, stunning allows the mirror driver 302 to be installed. Another stun operation is performed to remove mirror driver 302 when the promote disk operation is complete.)”.
Rational to claim 3 is applied here.
Claim 10, “the non-transitory computer readable storage medium of claim 8, wherein the operations further comprise installing a mirror driver on the unencrypted source virtual disk and the destination virtual disk, wherein the mirror driver is configured to perform the mirroring” is similar to claim 3 and therefore rejected with the same references and citations.
Claim 11, “the non-transitory computer readable storage medium of claim 10, wherein the operations further comprise removing the mirror driver after the copying and encrypting is complete” is similar to claim 4 and therefore rejected with the same references and citations.
Claim 12, “the non-transitory computer readable storage medium of claim 11, wherein the VCI is stunned during installing the mirror driver and removing the mirror driver” is similar to claim 5 and therefore rejected with the same references and citations.
Claim 13, “the non-transitory computer readable storage medium of claim 8, wherein the unencrypted source virtual disk is implemented as one or more snapshots and an active delta virtual disk file, wherein copying and encrypting contents of the unencrypted source virtual disk to the destination virtual disk comprises: copying and encrypting contents of the one or more snapshots to the destination virtual disk; and copying and encrypting contents of the active delta virtual disk file to an active destination virtual disk file of the destination virtual disk, wherein the during the copying and encrypting refers to during the copying and encrypting contents of the active delta virtual disk file” is similar to claim 6 and therefore rejected with the same references and citations.
Claim 17, “the system of claim 15, wherein the operations further comprise installing a mirror driver on the unencrypted source virtual disk and the destination virtual disk, wherein the mirror driver is configured to perform the mirroring” is similar to claim 3 and therefore rejected with the same references and citations.
Claim 18, “the system of claim 17, wherein the operations further comprise removing the mirror driver after the copying and encrypting is complete” is similar to claim 4 and therefore rejected with the same references and citations.
Claim 19, “the system of claim 18, wherein the VCI is stunned during installing the mirror driver and removing the mirror driver” is similar to claim 5 and therefore rejected with the same references and citations.
Claim 20, “the system of claim 15, wherein the unencrypted source virtual disk is implemented as one or more snapshots and an active delta virtual disk file, wherein copying and encrypting contents of the unencrypted source virtual disk to the destination virtual disk comprises: copying and encrypting contents of the one or more snapshots to the destination virtual disk; and copying and encrypting contents of the active delta virtual disk file to an active destination virtual disk file of the destination virtual disk, wherein the during the copying and encrypting refers to during the copying and encrypting contents of the active delta virtual disk file” is similar to claim 6 and therefore rejected with the same references and citations.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WYNUEL S AQUINO whose telephone number is (571)272-7478. The examiner can normally be reached 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on 571-272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/WYNUEL S AQUINO/Primary Examiner, Art Unit 2199