DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This office action is in response to the amendment filed on 01/14/2022. Claim 2 has been amended. Claims 1– 20 are pending for consideration. 

Information Disclosure Statement
The information disclosure statements (IDS) dated 10/14/2021 have been received and considered.

Response to Arguments
Applicant’s arguments posted in the Arguments/Remarks on 01/14/2022 (hereafter Remarks) with respect to the rejection of claims 1 – 20 presented in the Office Action dated 10/14/2021 (hereafter OA) have been fully considered but they are not persuasive.
On p. 2 of the Remarks Applicant stated that ‘Chen does not describe generating a partially conserved, updated version of a virtual disk,’. In addition, Applicant on p.3 stated ‘Chen does not retrieve and re-use IVs for one version of a virtual disk to encrypt an updated version’.

Rejection of claim 1 limitations, ‘generating a hash value for each page of the first version of the virtual disk’ and ‘generating a hash value for each page of the second, updated version of the virtual disk’ are relied upon Chen. Note, that first and/or second versions of the virtual disk as cited in claim 1 are met by the “one or more virtual disks” of Chen included in the Virtual Machine Monitor, VMM.  (Chen in Para. [0026] discloses “Virtualization software 200A may comprise a virtual machine monitor (VMM,) for example, such as a VMM as implemented in a virtualization product of VMware” Chen in Para. [0066] discloses “The VMM 200X will typically include at least one device emulator 254X, which may also form the implementation of the virtual device(s) 323X” Chen in Para. [0111] discloses “the VMM first encrypts the page, using a fresh, randomly-generated initialization vector (IV), then takes a secure hash (H) of this ciphertext”)
On p.3. of the Remarks Applicant stated ‘Moen does not describe the use of IVs at all, merely teaching that data compressed through hashing algorithms may be uploaded in some scenarios while plaintext data is uploaded in others by performing subsequent hashing and data management.’ 
Examiner respectfully disagrees. The function of the Initialization Vector (IV) by initializing/correlating of hash values and plaintext is equivalent to the role/function of a particular row of the Moen Table, as disclosed in Moen, col.10, ll.29-31 and stated in the OA. In addition, rejection of the limitations addressing application of IV concept is relied upon Cheng as demonstrated in the OA with relevant citations (see e.g. Cheng, [0111]).
Chang does not teach "encrypting such first page (e.g., a first page of the second, updated version of the virtual disk) using a unique initialization vector from the plaintext hash database that corresponds to the first generated hash value" Rather, Chang explicitly teaches away from using initialization vectors in building an updated version of a virtual disk
Examiner respectfully notes that rejection of the relevant limitation of claim 1 is relied upon Moen. According to the claim 1 the limitation reads as following: encrypting such first page using a unique initialization vector from the plaintext hash database that corresponds to the first generated hash value. The first page encryption of the updated virtual disk version is met by hashing of the particular plain text representation (col.17, ll.1 – 3) initialized, i.e. processed, following the correlation analysis of the Moen Table (col.10, ll.43 – 46), which is equivalent to IV usage, as disclosed in the OA on p.7.
On p. 4 of the Remarks by discussion of the rejection of claims 4 to 6 Applicant stated that ‘At no point does Chen suggest using a first initialization vector as the basis for generating a new unique initialization vector, and certainly not based on page incrementation or offset values’.
Examiner respectfully disagrees. As noted in the OA usage of a new initialization vector based on the vector for the antecedent page is met by the established execution order of applications 40A, 40B of Chen which are executed in the order preceding execution of the other codes. (Chen, in Para. [0019] discloses “The OS 20A, again in conjunction with the system hardware l00A, also establishes an OS isolation barrier 80A between the OS 20A and all applications in the system, including the applications 40A and 40B, so that the applications are prevented (or hindered) from directly accessing the code and data of the OS 20A”)
On p. 4 Applicant further stated that Chen, Moen, and Chang, whether taken alone or in combination, teach or even suggest each and every limitation of amended claim 1.
Examiner respectfully disagrees. The above disclosure clarifies the misinterpretations of the claim 1 rejections thus demonstrating that all limitations of claim 1 as well as independent claims 8 and 16 are taught by Chen or by combinations of Chen – Moen – Chang.
Accordingly, rejection of claims 1 – 20 under 103 is maintained.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1 – 7 are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (US 2015/0100791) (hereafter Chen), in view of Moen et al. (US 9225729) (hereafter Moen), and in view of Chang (US 2014/0143553) (hereafter Chang).

Regarding claim 1 Chen teaches: A method for encrypting a virtual disk, comprising: for a first version of the virtual disk: generating a hash value for each page of the first version of the virtual disk (Examiner note: VM stands for a virtual machine, VMM stands for a virtual machine monitor) (Chen, in Para. [0062] discloses “the VM 300X will typically include virtualized ("guest") system hardware 310X, which in turn includes one or more virtual CPUs 312X (VCPU), virtual system memory 318X (VMEM), one or more virtual disks 320X (VDISK)” Chen, in Para. [0015] discloses “The OS creates a different set of page tables (and a page directory) for each virtual address space, which maps the respective virtual addresses to physical addresses.” Chen in Para. [0026] discloses “Virtualization software 200A may comprise a virtual machine monitor (VMM,) for example, such as a VMM as implemented in a virtualization product of VMware” Chen in Para. [0066] discloses “The VMM 200X will typically include at least one device emulator 254X, which may also form the implementation of the virtual device(s) 323X”);
encrypting each page of the first version of the virtual disk using a unique initialization vector (Chen, in Para. [0111] discloses “When a cloaked page is accessed from outside the shadow context to which it belongs, the VMM first encrypts the page, using a fresh, randomly-generated initialization vector (IV), then takes a secure hash (H) of this ciphertext”);
and storing each unique initialization vector and each generated hash in a plaintext hash database that maps each unique initialization vector for a page to a corresponding generated hash value;] 
[and for a second, updated version of the virtual disk that includes at least some of the pages of the first version of the virtual disk: generating a hash value for each page of the second, updated version of the virtual disk;] 
[determining whether each generated hash value is stored in the plaintext hash database; and responsive to determining that a first generated hash value for a first page of the second, updated version of the virtual disk is stored in the plaintext hash database, Page 2 of 12Application No. 16/380,895 Application Filing Date: April 10, 2019 Docket No. 406199-US-NPencrypting such first page using a unique initialization vector from the plaintext hash database that corresponds to the first generated hash value.]
Chen fails to explicitly teach: and storing each unique initialization vector and each generated hash in a plaintext hash database that maps each unique initialization vector for a page to a corresponding generated hash value;
determining whether each generated hash value is stored in the plaintext hash database; and responsive to determining that a first generated hash value for a first page of the second, updated version of the virtual disk is stored in the plaintext hash database, Page 2 of 12Application No. 16/380,895 Application Filing Date: April 10, 2019 Docket No. 406199-US-NPencrypting such first page using a unique initialization vector from the plaintext hash database that corresponds to the first generated hash value.
Moen from the analogous technical field teaches: and storing each unique initialization vector and each generated hash in a plaintext hash database that maps each unique initialization vector for a page to a corresponding generated hash value (Examiner note: initialization vector is met by a particular row of the Moen table) (Moen, in col.10, ll.29 – 31 discloses “It may then update the table to correlate the particular hash value with the particular original plaintext. Such a correlation is shown in the row of the table labeled with a 3 in a circle”); determining whether each generated hash value is stored in the plaintext hash database; and responsive to determining that a first generated hash value for a first page of the second, updated version of the virtual disk is stored in the plaintext hash database, Page 2 of 12Application No. 16/380,895 Application Filing Date: April 10, 2019 Docket No. 406199-US-NPencrypting such first page using a unique initialization vector from the plaintext hash database that corresponds to the first generated hash value (Examiner note: a plaintext hash database is met by a Moen table) (Moen, in col.10, ll.61 – 66 discloses “Other tables may store additional relationships that are of value in operating the system 100. For example, one table may store identifiers for particular ones of the computing devices 102A-C, where a particular device may be identified by a cookie that it stores and passes to the security server system 106.” Moen, in col.16, ll.60 – 63 discloses “When the security system receives plaintext representations from telemetry code, it may be programmed to first compress those plaintext representations such as by hashing them.” Moen, in col.10, ll.43 – 46 discloses “Such a value may be stored in yet a third column of the table (not shown) and may be correlated to the hash value and the original plaintext of the string.” Moen, in col.17, ll.1 – 3 discloses “With the plaintext representations having been hashed, the security system will now have a correlation between a particular plaintext representation and a particular hash value.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chen, in view of the teaching of Moen which discloses storage of the data in the plaintext and hash forms in specified databases, i.e. tables in order to improve data management in the system (Moen, [col.10, ll.29 – 31, col.10, ll.61 – 66, col.16, ll.60 – 63, col.17, ll.1 – 3]).
Chen, as modified by Moen, fails to explicitly teach: and for a second, updated version of the virtual disk that includes at least some of the pages of the first version of the virtual disk: generating a hash value for each page of the second, updated version of the virtual disk;
Chang from the analogous technical field teaches: and for a second, updated version of the virtual disk that includes at least some of the pages of the first version of the virtual disk: generating a hash value for each page of the second, updated version of the virtual disk (Chang, in Para. [0033] discloses “the user may append a content to the single file which is obtained from the encrypted virtual disk by decrypting sectors of the encrypted virtual disk, so that the virtual disk should be expended and re-encrypted for the updated part of the virtual disk as a new version” Chang, in Para. [0049] discloses “when the contents of the file in the affected sectors of the encrypted virtual disk are updated and the amount of the existing sectors is not changed, the user should only need to update and re-encrypt the affected sectors of the virtual disk but not append or shrink the virtual disk”.)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chen, as modified by Moen, in view of the teaching of Chang which discloses update and encryption/hashing of selected parts/pages of virtual disk in order to higher security and improve virtual disk data management (Chang, [0033, 0049]).

Regarding claim 2 Chen, as modified by Moen and Chang, teaches: The method of claim 1, further comprising: for the second, updated version of the virtual disk: responsive to determining that a second generated hash value for a second page of the second, updated version of the virtual disk is not stored in the plaintext hash database (Examiner note: detection if the updated version which is not stored in the plaintext database is met by the detection if the page that is not mapped in the application shadow, followed by the isolation of the relevant code; separation into the first and the second pages is met by the isolation procedure) (Chen, in Para. [0120] discloses “When the page is mapped into the application shadow, its contents are ordinary plaintext, and application reads and writes proceed normally” Chen, in Para. [0018] discloses “The OS 20A, in conjunction with the system hardware 100A, attempts to isolate the code and data of the applications 40A and 40B from one another. For example, the OS 20A and the system hardware 100A may implement a virtual addressing mechanism”), generating a new unique initialization vector; and encrypting such second page using the new unique initialization vector (Examiner note: as noted above, the plaintext is mapped in the shadow region in contrast to the other part of the code to be encrypted using the initialization vector (IV)) (Chen, in Para. [0113] discloses “If, on the other hand, the requester is not a member of the shadow context for the requested CP, control passes to step 405 where the page is unmapped from the application shadow. An initialization vector (IV) is randomly generated, step 408, and the CP is encrypted using the IV, step 410, to create a ciphertext”).

Regarding claim 3 Chen, as modified by Moen and Chang, teaches: The method of claim 2, wherein the new unique initialization vector is generated randomly (Chen, in Para. [0113] discloses “An initialization vector (IV) is randomly generated, step 408, and the CP is encrypted using the IV, step 410, to create a ciphertext”).

Regarding claim 4 Chen, as modified by Moen and Chang, teaches: The method of claim 2, wherein the new unique initialization vector is based on an initialization vector for a page antecedent to the second page (Examiner note: separation into the first and the second pages is met by the isolation procedure of applications 40A and 40B; execution of the 40A, 40B codes precedes the others requiring the a supervisor privilege) (Chen, in Para. [0019] discloses “The OS 20A, again in conjunction with the system hardware l00A, also establishes an OS isolation barrier 80A between the OS 20A and all applications in the system, including the applications 40A and 40B, so that the applications are prevented (or hindered) from directly accessing the code and data of the OS 20A. In the case of a Windows or Linux OS running on an x86 platform, as above, the OS isolation barrier 80A is established by executing the applications in the system at a CPL of 3 and requiring a supervisor privilege level to access memory pages containing the code and data of the OS 20A.”

Regarding claim 5 Chen, as modified by Moen and Chang, teaches: The method of claim 4, wherein the new unique initialization vector is based on an incrementation from the initialization vector for the page antecedent to the second page.
(Examiner note: as noted above, the applications 40A, 40B are outside the shadow regions and are executed in the order preceding execution of the other codes that meets the requirements of applying the initialization vector for encryption from the page antecedent to the second page) (Chen, in Para. [0019] discloses “The OS 20A, again in conjunction with the system hardware l00A, also establishes an OS isolation barrier 80A between the OS 20A and all applications in the system, including the applications 40A and 40B, so that the applications are prevented (or hindered) from directly accessing the code and data of the OS 20A” Chen, in Para. [0113] discloses “If, on the other hand, the requester is not a member of the shadow context for the requested CP, control passes to step 405 where the page is unmapped from the application shadow. An initialization vector (IV) is randomly generated, step 408, and the CP is encrypted using the IV, step 410, to create a ciphertext”).

Regarding claim 6 Chen, as modified by Moen and Chang, teaches: The method of claim 2, wherein the new unique initialization vector is based on an offset of the second page within the second, updated version of the virtual disk (Examiner note: usage offsets for the initialization vector is met by the data indexing by the offsets) (Chen, in Para. [0144] discloses “A three-level data structure similar to a page table is indexed by offset (in units of 4K pages).”Chen, in Para. [0179] discloses “The shim attempts to maintain a one-to-one correspondence between the metadata address space of the resource, by RID/ offset, and the in-memory data in an application address space to be able to offer the appropriate virtual to resource address translations for use by the VMM.”).

Regarding claim 7 Chen, as modified by Moen and Chang, teaches: The method of claim 2, further comprising: Page 34generating an updated plaintext hash database for the second updated version of the virtual disk (Chen, in Para. [0120] discloses “When the page is mapped into the application shadow, its contents are ordinary plaintext, and application reads and writes proceed normally”);
the updated plaintext hash database including: each unique initialization vector reused from the first version of the virtual disk; each new unique initialization vector (Chen, in Para. [0113] discloses “An initialization vector (IV) is randomly generated, step 408, and the CP is encrypted using the IV, step 410, to create a ciphertext.”); and each generated hash value for each page of the second, updated version of the virtual disk (Chen, in Para. [0117] discloses “the concern is not about the privacy of the data, so the application data is in plaintext, i.e., not encrypted. As a result, the IV, which is used for encryption/decryption, as above, is not needed.” Chen, in Para. [0124] discloses “The read-only plaintext state, where the (IV, H) pair is retained, is generally required to correctly handle the case where the kernel legitimately caches a copy of the encrypted page contents.”).

Claims 8 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (US 2015/0100791) (hereafter Chen), in view of Gross IV et al. (US 2010/080996) (hereafter Gross), and in view of Chang (US 2014/0143553) (hereafter Chang).

Regarding claim 8 Chen teaches: A method for disseminating an updated version of an encrypted virtual disk, comprising: generating an updated version of the encrypted virtual disk (Chen, in Para. [0062] discloses “the VM 300X will typically include virtualized ("guest") system hardware 310X, which in turn includes one or more virtual CPUs 312X (VCPU), virtual system memory 318X (VMEM), one or more virtual disks 320X (VDISK)”); retrieving a hash repository for an earlier version of the encrypted virtual disk (Examiner note: hash repository is met by the storage of H (i.e. hash) values) (Chen, in Para. [0112] discloses “The pair (IV, H) is stored securely for future use.”) the hash repository including a generated hash value and an offset for each single page of the earlier version of the encrypted virtual disk (Examiner note: as noted above, usage offsets for the initialization vector is met by the data indexing by the offsets) (Chen, in Para. [0144] discloses “A three-level data structure similar to a page table is indexed by offset (in units of 4K pages).”Chen, in Para. [0179] discloses “The shim attempts to maintain a one-to-one correspondence between the metadata address space of the resource, by RID/ offset, and the in-memory data in an application address space to be able to offer the appropriate virtual to resource address translations for use by the VMM.”) for each page of the updated version of the encrypted virtual disk, retrieving a hash value; (Chen, in Para. [0115] discloses “A new hash (NH) value is calculated for the CP, step 424, and compared to the hash H in the retrieved (IV,H) pair, step 426.”) determining whether each retrieved hash value of the updated version of the encrypted virtual disk is stored in the hash repository (Chen, in Para. [0121] discloses “The secure hash H is computed and stored immediately after page encryption and verified immediately prior to page decryption.”);
Chen fails to explicitly teach: responsive to determining that a first retrieved hash value for a first page of the updated version of the encrypted virtual disk is not stored in the hash repository, generating an update plan indicating to download the first page responsive to a request to update the encrypted virtual disk from the earlier version to the updated version; and  
Page 35responsive to determining that a second retrieved hash value for a second page of the updated version of the encrypted virtual disk is stored in the hash repository, indicating, via the downloadable update plan, to not download the second page responsive to a request to update the encrypted virtual disk from the earlier version to the updated version.
Gross from the analogous technical field teaches: responsive to determining that a first retrieved hash value for a first page of the updated version of the encrypted virtual disk is not stored in the hash repository, generating an update plan indicating to download the first page responsive to a request to update the encrypted virtual disk from the earlier version to the updated version (Gross, in Para. [0034] discloses “In one or more embodiments, virtual computing environments on computers 130-140 are loaded, executed, and updated from virtual disks in computers 130-140. The virtual disks may correspond to files on computers 130-140 that appear as physical disk drives to computers 130-140.” Gross, in Para. [0034] discloses “Easy transfer of virtual disks between devices may additionally enhance the deployment of the virtual computing environments to computers 130-140 from network 150, as well as the backup of the virtual computing environments on storage 110 and/or other storage mechanisms.”  Page 35Gross, in Para. [0041] discloses “virtual disk 242 may store changes to virtual computing environment 244 using a set of snapshots.” Gross, in Para. [0042] discloses “Updates to virtual computing environment 244 may also be efficiently obtained from the network as differential snapshots that only contain differences between virtual computing environment 244 in virtual disk 242 and a master image of virtual computing environment 244 on the network” Gross, in Para. [0047] discloses “the contents of virtual disk file 312 may be encrypted using a key for the virtual disk and a different initialization vector for each block.” Gross, in Para. [0043] discloses “Virtual disk 242 may provide additional features that further enhance the reliability, security, integrity, and portability of virtual computing environment 244. Such features may include block-level encryption, compression, compaction, and hashes”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chen, in view of the teaching of Gross which discloses variety of operations with virtual disks including storage and updates in order to improve data management in the system (Gross, [0034, 0041, 0043, 0047])
Chen as modified fails to explicitly teach: and responsive to determining that a second retrieved hash value for a second page of the updated version of the encrypted 
Chang from the analogous technical field teaches: and responsive to determining that a second retrieved hash value for a second page of the updated version of the encrypted virtual disk is stored in the hash repository, indicating, via the downloadable update plan, to not download the second page responsive to a request to update the encrypted virtual disk from the earlier version to the updated version (Examiner note: downloadable update plan, i.e. the instructions to store selected files only, is met by the direct mapping of each file storing in a predefined sector of the virtual disk) (Chang, in Para. [0011] discloses “wherein the program code instructs the processing means to execute the following steps: storing a file and corresponding information into a virtual disk so that there is a direct mapping between each file byte and a byte in a sector of the virtual disk; encrypting the virtual disk according to a disk encryption algorithm; and uploading the encrypted virtual disk to a shared storage” Chang, in Para. [0049] discloses “when the contents of the file in the affected sectors of the encrypted virtual disk are updated and the amount of the existing sectors is not changed, the user should only need to update and re-encrypt the affected sectors of the virtual disk but not append or shrink the virtual disk”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chen, as modified by Gross, in view of the teaching of Chang, which discloses direct mapping, the updates and encryption/hashing of selected parts/pages of virtual disk in order to higher security and improve virtual disk data management (Chang, [0011, 0049]).

Regarding claim 9 Chen, as modified by Gross and Chang, teaches: The method of claim 8, wherein the hash repository is a plaintext hash database database (Examiner note: as noted above, detection if the updated version is not stored in the plaintext database is met by the detection if the page is not mapped in the application shadow, followed by the isolation of the relevant code; separation into the first and the second pages is met by the isolation procedure) (Chen, in Para. [0121] discloses “The secure hash H is computed and stored immediately after page encryption and verified immediately prior to page decryption” Chen, in Para. [0120] discloses “When the page is mapped into the application shadow, its contents are ordinary plaintext, and application reads and writes proceed normally” Chen, in Para. [0018] discloses “The OS 20A, in conjunction with the system hardware 100A, attempts to isolate the code and data of the applications 40A and 40B from one another. For example, the OS 20A and the system hardware 100A may implement a virtual addressing mechanism”), that includes plaintext hash values for each page of the earlier version of the encrypted virtual disk (Examiner note: as noted above, the plaintext is mapped in the shadow region in contrast to the other part of the code to be encrypted using the initialization vector (IV)) (Chen, in Para. [0115] discloses “A new hash (NH) value is calculated for the CP, step 424, and compared to the hash H in the retrieved (IV,H) pair, step 426.” Chen, in Para. [0113] discloses “If, on the other hand, the requester is not a member of the shadow context for the requested CP, control passes to step 405 where the page is unmapped from the application shadow. An initialization vector (IV) is randomly generated, step 408, and the CP is encrypted using the IV, step 410, to create a ciphertext”).

Regarding claim 10 Chen, as modified by Gross and Chang, teaches: The method of claim 8, wherein the hash repository is a hash tree (Chen, in Para. [0178] discloses “Another option would be to store MACs in a Merkle hash tree, allowing for more efficient verification and updates.”)
Chen fails to explicitly teach: that includes ciphertext hash values for each page of the earlier version of the encrypted virtual disk.
Gross from the analogous technical field teaches: that includes ciphertext hash values for each page of the earlier version of the encrypted virtual disk (Gross, in Para. [0047] discloses “To improve security, reliability, space savings, and throughput in the virtual disk, individual blocks in virtual disk file 312 may be cached, encrypted, compressed, compacted, and/or hashed. For example, the contents of virtual disk file 312 may be encrypted using a key for the virtual disk and a different initialization vector for each block.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chen, in view of the teaching of Gross and Chang, which discloses encryption and hashing the virtual disks in order to improve security, reliability and space saving in the virtual disks (Gross, [0047]).

Regarding claim 11 Chen, as modified by Gross and Chang, teaches: The method of claim 8, further comprising: responsive to determining that retrieved hash values for a range of sequential pages within the updated version of the encrypted virtual disk are stored in the hash repository (Examiner note: as noted above, hash repository is met by the storage of H (i.e. hash) values) (Chen, in Para. [0112] discloses “The pair (IV, H) is stored securely for future use.”), indicating, via the downloadable update plan, not to download the range of pages (Examiner note: detection if the updated version which is stored in the plaintext database is met by the detection if the page that is mapped in the application shadow, followed by the not isolation, i.e. making the relevant files not downloadable) (Chen, in Para. [0018] discloses “The OS 20A, in conjunction with the system hardware 100A, attempts to isolate the code and data of the applications 40A and 40B from one another. For example, the OS 20A and the system hardware 100A may implement a virtual addressing mechanism”).

Regarding claim 12 Chen, as modified by Gross and Chang, teaches: The method of claim 11, further comprising: responsive to determining that retrieved hash values for a range of sequential pages within the updated version of the encrypted virtual disk Page 36are not stored in the hash repository, (Examiner note: as noted above, hash repository is met by the storage of H (i.e. hash) values) (Chen, in Para. [0112] discloses “The pair (IV, H) is stored securely for future use.”) indicating, via the downloadable update plan, to download the range of pages (Examiner note: detection if the updated version which is not stored in the database is met by the detection if the page that is not mapped in the application shadow, followed by the isolation, i.e. making the relevant files downloadable) (Chen, in Para. [0018] discloses “The OS 20A, in conjunction with the system hardware 100A, attempts to isolate the code and data of the applications 40A and 40B from one another. For example, the OS 20A and the system hardware 100A may implement a virtual addressing mechanism”).

Regarding claim 13 Chen, as modified by Gross and Chang, teaches: The method of claim 12, further comprising: indicating to download a page span having generated hash values stored in the hash repository responsive to determining that the page span is less than a threshold (Examiner note: page span threshold is met by the memory buffer) (Chen, in Para. [0018] discloses “It is possible that a memory buffer may span several pages, or several memory buffers are needed for the hypercall, as passed in arguments either explicitly or pointed to, by elements of data structures in another memory buffer.”).

Regarding claim 14 Chen, as modified by Gross and Chang, teaches: The method of claim 8, further comprising: looking up generated hash values for a page in hash repositories for both the updated version of the encrypted virtual disk and the earlier version of the encrypted virtual disk; database (Examiner note: detection if the updated version which is not stored in the database is met by the detection if the page that is not mapped in the application shadow, followed by the isolation of the relevant code; separation into the first and the second pages is met by the isolation procedure) (Chen, in Para. [0018] discloses “The OS 20A, in conjunction with the system hardware 100A, attempts to isolate the code and data of the applications 40A and 40B from one another. For example, the OS 20A and the system hardware 100A may implement a virtual addressing mechanism”) and assigning a single unique initialization vector to all repeated copies of the page (Chen, in Para. [0113] discloses “An initialization vector (IV) is randomly generated, step 408, and the CP is encrypted using the IV, step 410, to create a ciphertext. A hash value (H) is generated for this ciphertext, step 412. The (IV, H) pair is securely stored to correspond with the CP, step 414. In step 416, the ciphertext is mapped into the requester's shadow mapping”).

Regarding claim 15 Chen, as modified by Gross and Chang, teaches: The method of claim 14, further comprising: indicating, via the downloadable update plan, to download at most one copy of a repeated page (Examiner note: as noted above, detection if the updated version which is not stored in the database is met by the detection if the page that is not mapped in the application shadow, followed by the isolation, i.e. making the relevant files downloadable) (Chen, in Para. [0018] discloses “The OS 20A, in conjunction with the system hardware 100A, attempts to isolate the code and data of the applications 40A and 40B from one another. For example, the OS 20A and the system hardware 100A may implement a virtual addressing mechanism”).

Regarding claim 16 Chen, as modified by Gross and Chang, teaches: A method for updating an encrypted virtual disk, comprising: receiving an indication from a server that an updated version of a locally stored encrypted virtual disk is available for download (Chen, in Para. [0062] discloses “the VM 300X will typically include virtualized ("guest") system hardware 310X, which in turn includes one or more virtual CPUs 312X (VCPU), virtual system memory 318X (VMEM), one or more virtual disks 320X (VDISK)”);
downloading an update plan from the server, the update plan based on a comparison of hash values (Chen, in Para. [0115] discloses “A new hash (NH) value is calculated for the CP, step 424, and compared to the hash H in the retrieved (IV,H) pair, step 426.” Chen, in Para. [0064] discloses “the VM’s system software 19X may be the same as would be loaded into a hardware computer.”)
Chen fails to explicitly teach: retrieved for each page of the updated Page 37version of the locally stored encrypted virtual disk with hash values retrieved for each page of the locally stored encrypted virtual disk; 
Gross from the analogous technical field teaches: retrieved for each page of the updated Page 37version of the locally stored encrypted virtual disk with hash values retrieved for each page of the locally stored encrypted virtual disk (Gross, in Para. [0034] discloses “In one or more embodiments, virtual computing environments on computers 130-140 are loaded, executed, and updated from virtual disks in computers 130-140. The virtual disks may correspond to files on computers 130-140 that appear as physical disk drives to computers 130-140.” Gross, in Para. [0034] discloses “Easy transfer of virtual disks between devices may additionally enhance the deployment of the virtual computing environments to computers 130-140 from network 150, as well as the backup of the virtual computing environments on storage 110 and/or other storage mechanisms.” Gross, in Para. [0041] discloses “virtual disk 242 may store changes to virtual computing environment 244 using a set of snapshots.” Gross, in Para. [0042] discloses “Updates to virtual computing environment 244 may also be efficiently obtained from the network as differential snapshots that only contain differences between virtual computing environment 244 in virtual disk 242 and a master image of virtual computing environment 244 on the network”) 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chen, in view of the teaching of Gross which discloses variety of operations with virtual disks including storage and updates in order to improve security and data management in the system (Gross, [0034, 0041, 0047]).
Chen as modified fails to explicitly teach: based on the update plan, downloading only those pages of the updated version of the locally stored encrypted virtual disk that are not included in the locally stored encrypted virtual disk; and merge the downloaded pages with pages derived from the locally stored encrypted virtual disk as indicated by the update plan to generate a local copy of the updated version of the locally stored encrypted virtual disk
Chang from the analogous technical field teaches: based on the update plan, downloading only those pages of the updated version of the locally stored encrypted virtual disk that are not included in the locally stored encrypted virtual disk; and merge the (Examiner note: as noted above, the downloadable update plan, i.e. the instructions to store selected files only, is met by the direct mapping of each file storing in a predefined sector of the virtual disk) (Chang, in Para. [0011] discloses “wherein the program code instructs the processing means to execute the following steps: storing a file and corresponding information into a virtual disk so that there is a direct mapping between each file byte and a byte in a sector of the virtual disk; encrypting the virtual disk according to a disk encryption algorithm; and uploading the encrypted virtual disk to a shared storage” Chang, in Para. [0049] discloses “when the contents of the file in the affected sectors of the encrypted virtual disk are updated and the amount of the existing sectors is not changed, the user should only need to update and re-encrypt the affected sectors of the virtual disk but not append or shrink the virtual disk”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chen, as modified by Gross, in view of the teaching of Chang, which discloses direct mapping, the updates and encryption/hashing of selected parts/pages of virtual disk in order to higher security and improve virtual disk data management (Chang, [0011, 0049]).

Regarding claim 17 Chen, as modified by Gross and Chang, fails to explicitly teach: The method of claim 16, wherein the update plan indicates ranges of pages to download.
Gross from the analogous technical field teaches: The method of claim 16, wherein the update plan indicates ranges of pages to download (Examiner note: as noted above, downloadable update plane is met by the load instruction) (Gross, in Para. [0034] discloses “In one or more embodiments, virtual computing environments on computers 130-140 are loaded, executed, and updated from virtual disks in computers 130-140. The virtual disks may correspond to files on computers 130-140 that appear as physical disk drives to computers 130-140.” Gross, in Para. [0034] discloses “Easy transfer of virtual disks between devices may additionally enhance the deployment of the virtual computing environments to computers 130-140 from network 150, as well as the backup of the virtual computing environments on storage 110 and/or other storage mechanisms.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chen, in view of the teaching of Gross and Chang, which discloses variety of operations with virtual disks including storage, updates, ad instructions loading in order to improve data management in the system (Gross, [0034]).

Regarding claim 18 Chen, as modified by Gross and Chang, teaches: The method of claim 16, wherein the update plan indicates to download page spans included in the locally stored encrypted virtual disk responsive to the page spans being less than a threshold (Examiner note: as noted above, page span threshold is met by the memory buffer) (Chen, in Para. [0018] discloses “It is possible that a memory buffer may span several pages, or several memory buffers are needed for the hypercall, as passed in arguments either explicitly or pointed to, by elements of data structures in another memory buffer.”).

Regarding claim 19 Chen, as modified by Gross and Chang, teaches: The method of claim 16, wherein pages repeated in the updated version of a locally stored encrypted virtual disk (Chen, in Para. [0062] discloses “the VM 300X will typically include virtualized ("guest") system hardware 310X, which in turn includes one or more virtual CPUs 312X (VCPU), virtual system memory 318X (VMEM), one or more virtual disks 320X (VDISK)”); are placed within the updated version once and then copied based on offsets indicated by the update plan (Examiner note: as noted above, usage offsets for the initialization vector is met by the data indexing by the offsets) (Chen, in Para. [0144] discloses “A three-level data structure similar to a page table is indexed by offset (in units of 4K pages).”Chen, in Para. [0179] discloses “The shim attempts to maintain a one-to-one correspondence between the metadata address space of the resource, by RID/ offset, and the in-memory data in an application address space to be able to offer the appropriate virtual to resource address translations for use by the VMM.”).

Regarding claim 20 Chen, as modified by Chang, fails to explicitly teach: The method of claim 16, wherein unused data from the locally stored encrypted virtual disk is deleted following assembly of the updated version of the locally stored encrypted virtual disk.
Gross from the analogous technical field teaches: The method of claim 16, wherein unused data from the locally stored encrypted virtual disk is deleted following assembly of the updated version of the locally stored encrypted virtual disk (Gross, in Para. [0054] discloses “disk emulator 304 may create a free list and a block list from the metadata; the free list may contain unused blocks in virtual disk file 312” Gross, in Para. [0072] discloses “Used data blocks may be referenced by one or more metadata blocks 406-412, while unused blocks may not be referenced by other blocks in the virtual disk file”). 
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Chen, as modified by Chang, in view of the teaching of Gross which discloses operations with unused data/blocks in virtual disks in order to improve data management in the system (Gross, [0054, 0072]).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE
MONTHS from the mailing date of this action. In the event a first reply is filed within
TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313) 446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer 

/Vladimir I. Gavrilenko/Examiner, Art Unit 2431         

/TRANG T DOAN/Primary Examiner, Art Unit 2431