DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter

The following is an examiner’s statement of reasons for allowance: Applicant’s claims require:
A computer-implemented method of writing encrypted data to a distributed storage platform, the method comprising:
at a computer server that hosts virtual machines and is communicatively coupled to the distributed storage platform, wherein the computer server comprises one or more hardware processors,
hosting a controller virtual machine that intercepts write requests issued by applications executing on other of the virtual machines at the computer server, 
wherein each of the write requests comprises data to be written to the distributed storage platform;
by the controller virtual machine, receiving from one of the applications at the computer server, a first write request comprising first data targeted for a first virtual disk, wherein the first virtual disk is provisioned at the distributed storage platform as a storage destination for the one of the applications;
by the controller virtual machine, retrieving an encryption key that corresponds to the first virtual disk;
by the controller virtual machine at the computer server, before transmitting the first data to the distributed storage platform, encrypting the first data of the first write request, using the encryption key to produce encrypted first data; 
by the controller virtual machine, transmitting the encrypted first data to a first computer node of the distributed storage platform, 
wherein the distributed storage platform comprises computer nodes including the first computer node; and
by the first computer node at the distributed storage platform, routing the encrypted first data for storage on at least one of the computer nodes of the distributed storage platform, wherein the at least one of the computer nodes comprises data storage devices.

Relevant prior art such as Bashara and Iyer teach wherein a controller encrypts data that is destined for storage using a key associated with an originating device. 

The combination does not teach the limitations as required by the claims with regards to a controller virtual machine intercepting a request to distributed storage, encrypting using a key that corresponds to a virtual disk and a computer node at the distributed storage routing encrypted data for storage.  
.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Claims 1-20 are allowable over the prior art of record.

EXAMINER’S AMENDMENT
Authorization for this examiner’s amendment was given in an interview with Josephine Paltin on 5/26/2022.
The application has been amended as follows: 

1.	(Currently Amended) A computer-implemented method of writing encrypted data to a distributed storage platform, the method comprising:
at a computer server that hosts virtual machines and is communicatively coupled to the distributed storage platform, wherein the computer server comprises one or more hardware processors,
hosting a controller virtual machine that intercepts write requests issued by applications executing on other of the virtual machines at the computer server, 
wherein each of the write requests comprises data to be written to the distributed storage platform;
by the controller virtual machine, receiving from one of the applications at the computer server, a first write request comprising first data targeted for a first virtual disk, wherein the first virtual disk is provisioned at the distributed storage platform as a storage destination for the one of the applications;
by the controller virtual machine, retrieving an encryption key that corresponds to the first virtual disk;
by the controller virtual machine at the computer server, before transmitting the first data to the distributed storage platform, encrypting the first data of the first write request, using the encryption key to produce encrypted first data; 
by the controller virtual machine, transmitting the encrypted first data to a first computer node of the distributed storage platform, 
wherein the distributed storage platform comprises computer nodes including the first computer node; and
by the first computer node at the distributed storage platform, routing the encrypted first data for storage on at least one of the computer nodes of the distributed storage platform, wherein the at least one of the computer nodes comprises data storage devices.

2. (Currently Amended) The method of claim 1 wherein each of the computer nodes in the distributed storage platform comprises a plurality of data storage devices.

3. (Currently Amended) The method of claim 1 wherein the first data in the first write request is transmitted encrypted from the controller virtual machine.


9. (Currently Amended) The method of claim 1 wherein the first virtual disk is partitioned across a first plurality of the computer nodes of the distributed storage platform, and wherein the first computer node at the distributed storage platform is one of the first plurality of the computer nodes, and (i) stores the encrypted first data to a data storage device at the first computer node, and (ii) routes the encrypted first data for storage on at least one other of the first plurality of the computer nodes according to a replication factor for the first virtual disk.

10. (Currently Amended) The method of claim 1 wherein the first virtual disk is partitioned into a plurality of storage containers across the distributed storage platform, 
wherein based on a provisioned replication factor, each storage container among the plurality of storage containers is replicated]] of the distributed storage platform, and 
wherein the encrypted first data is stored in a given storage container of the first virtual disk and replicated according to the provisioned replication factor to corresponding multiple computer nodes [[at]] of the distributed storage platform.


11. (Currently Amended) A computer-implemented method of reading encrypted data from a distributed storage platform, said method comprising:
at a computer server that hosts virtual machines and is communicatively coupled to the distributed storage platform, wherein the computer server comprises one or more hardware processors,
hosting a controller virtual machine that intercepts read requests issued by applications executing on other of the virtual machines at the computer server, 
wherein each of the read requests references data to be read from the distributed storage platform;
by the controller virtual machine, receiving from one of the applications at the computer server, a first read request referencing first data stored in a first virtual disk, wherein the first virtual disk is provisioned at the distributed storage platform as a storage destination for the one of the applications;
by the controller virtual machine, transmitting the first read request to a first computer node of the distributed storage platform, wherein the distributed storage platform comprises computer nodes including the first computer node;
by the first computer node, routing the first read request to at least one computer node of the distributed storage platform that comprises the first data, wherein the first data is stored in encrypted form as encrypted first data at the at least one computer node;
by the controller virtual machine, receiving the encrypted first data from the distributed storage platform;
by the controller virtual machine, retrieving an encryption key that corresponds to the first virtual disk;
by the controller virtual machine, decrypting the encrypted first data using the encryption key to produce decrypted first data; and
by the controller virtual machine, transmitting the decrypted first data to the one of the applications at the computer server in response to the first read request.


13. (Currently Amended) The method of claim 11 wherein the first data referenced in the first read request is transmitted in encrypted form from the distributed storage platform.

18. (Currently Amended) The method of claim 11 wherein the first virtual disk is partitioned across a first plurality of the computer nodes of the distributed storage platform, and wherein the first computer node [[at]] of the distributed storage platform routes the first read request to at least one of the first plurality of the computer nodes.

19. (Currently Amended) The method of claim 11 wherein the first virtual disk is partitioned across a first plurality of the computer nodes of the distributed storage platform, and wherein the first computer node [[at]] of the distributed storage platform is one of the first plurality of the computer nodes and one or more of: (i) reads the encrypted first data from a storage device at the first computer node, and (ii) routes the first read request to at least one other of the first plurality of the computer nodes, according to a replication factor for the first virtual disk.

20. (Currently Amended) The method of claim 11 wherein the first virtual disk is partitioned into a plurality of storage containers across the distributed storage platform, 
wherein based on a provisioned replication factor, each storage container among the plurality of storage containers is replicated ]] of the distributed storage platform, and 
wherein the first data is stored encrypted in a given storage container of the first virtual disk and replicated according to the provisioned replication factor to corresponding multiple computer nodes [[at]] of the distributed storage platform.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLUGBENGA O IDOWU whose telephone number is (571)270-1450. The examiner can normally be reached Monday-Friday 8am - 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/OLUGBENGA O IDOWU/Primary Examiner, Art Unit 2494