DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Status
Claims 1-20 are presented for examination and remain pending in the application. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 2, 4-6, 9-11, 13, 15, 16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Fries et al. (US. Pub. No. 2009/0282266 A1, hereinafter Fries) in view of Peddada et al. (US. Pub. No. 2019/0229908 A1, hereinafter Peddada).

Regarding claim 1. 
        Fries teaches a computer implemented method performed on a server cluster (Fries teaches in Fig.2A showing a server cluster and Para. [0035]-[0036] also indicate that hosts are servers and there are multiple hosts being managed as a clusters server), comprising: instantiating a virtual machine on the server cluster (Fries teaches in Fig. 1A and Fig.2A showing a server cluster and Para. [0035]-[0036] which shows the hypervisor 110 with three Virtual machines (i.e., VM1-VM3), this shows that the three virtual machines have been instantiating), wherein the virtual machine has access to persistent storage that includes an encrypted region and wherein the virtual machine lacks access to an encryption key configured to provide access to authentication data stored within the encrypted region (note that, Fries teaches in Para. [0027] and [0030] storing any type of data which would include certificate (i.e., authentication data) management service 130 sends one or more messages 145 to hypervisor 110 to indicate that virtual machine 115c is to be associated with encryption key 3. As previously mentioned, these one or more messages 145 can comprise a certificate (i.e., authentication data) that represents a particular encryption key. Fries teaches in Para. [0027] and  Fig. 1A shows 120A, 120B and 120C (i.e., encrypted regions) of storage 107 (i.e., persistent storage), also element 150 shows that the virtual machines do not have any keys and further teaches in Para. [0025] that the virtual machine can be migrated to only those one or more physical host(s) that contain the appropriate encryption key. To enable such migration, an administrator might, at the time the virtual machine is created, distribute the certificate (i.e., authentication) for the created virtual machine to a set of virtualization hosts that are allowed to operate the virtual machine.);
     receiving a communication at the server cluster from a management server associated with the server cluster that includes the encryption key configured to provide access to the encrypted region of the persistent storage (Fries teaches in the [Abstract] the management server further provides the one or more encryption keys to a limited number of one or more servers in a system and Fig. 1A and Para. [0030] also teaches that the management service 130 sends the key to the hypervisor 110 which distributes the key to the VM (i.e., receives the distributed key). Further Fig.1B shows that VM3 receives the key and has access to 120C in the storage 107 (i.e., persistent storage) and further teaches in  Para. [0033]-[0034] virtual machine 115, but hypervisor 110 will also be presented with a corresponding encryption key for that virtual hard disk 120 and new interface layer 155, in turn, can be configured to use the corresponding encryption key (in this case "key 3") to communicate with virtual hard disk 120c and further teaches in Fig.2A showing a server cluster and Para. [0035]-[0036]); 
       storing the encryption key received from the management server accessible by the virtual machine (Fries teaches in Para. [0034] storing the encryption key in interface layer 155 in turn configuring to use the corresponding encryption key (in this case "key 3") used to communicate with virtual hard disk 120c); 
        decrypting the authentication data stored within the encrypted region using the encryption key (Fries teaches in Para. [0034] as shown in FIG. 1B, interface 155 uses key 3 to decrypt the contents of virtual hard disk 120c as these contents are read, and further uses key 3 to encrypt any new writes to virtual hard disk 120c using key 3); and 
      running services that depend upon the authentication data stored within the encrypted region to operate after decrypting the authentication data (Fries teaches in Para. [0043]-[0044] and [0053] that the Vms (i.e., running service) will not run without the appropriate key and therefore, having the key enables the Vms to run the associated services by using the decrypted data). Fries also teaches managing key access for one or more servers. Where, the management server can thus differentiate which virtual machines can be operated on which servers by differentiating which servers can receive which encryption keys ([Abstract])). Fries also teaches storing the encryption key received from the management server into the interface layer 155. See Para. [0034]) but, Fries does not explicitly teach storing the encryption key in non-persistent storage.
         However, Peddada teaches storing the encryption key in non-persistent storage Peddada teaches in Para. [0011] store a tenant-specific data encryption key in non-persistent (e.g., volatile) memory for encrypting or decrypting the data records. Also see Para. [0013], [0022], and [0032]).
        It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Peddada by including the method of using a non-persistent (e.g., volatile) storage to store encryption key for the tenants ([0011], [0013], [0022] and [0032]) into the teachings of Fries which includes elements 120A, 120B and 120C (i.e., encrypted regions) of storage 107 (i.e., persistent storage) of (Fig. 1A and 1B) and Para. [0027] and [0035]-[0036]. One would have been motivated to do so in order to prevent the encryption key recovery by a cloud provider (e.g., by storing an encryption key in non-persistent or volatile memory) and access the key directly from the non-persistent memory when performing the encryption process to improve security and ensure that the malicious user cannot obtain the encryption key or tenant secret in an efficient manner.
Regarding claim 2. 
       Fries in view of Peddada teaches wherein the communication received from the management server is delivered to the virtual machine by virtualization software running on a host associated with the virtual machine (Fries teaches in Para. [0022]-[0023] that the management service associates one or more encryption keys and distributed (i.e., delivered) in an organized fashion so that only some servers receive certain keys, while other servers receive other keys. Each encrypted virtual machine, therefore, can only be accessed and operated on a physical host that has the appropriate encryption key associated with that virtual machine. Further, Peddada teaches in Para. [0116] how the software executed by a processor, firmware, or any combination thereof. If implemented in software executed by a processor, the functions may be stored on or transmitted over as one or more instructions).
        It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Peddada by including a software execution method ([0116]) into the teachings of Fries invention. One would have been motivated to do so in order to enhance the data security, software integration, server migration support, and CPU configurations for maximum flexibility and scalability in an efficient manner.
Regarding claim 4. 
        Fries teaches wherein the communication from the management server is received over a secure channel (Fries teaches in Para. [0008] and [0022] some servers receive certain keys while other servers receive other keys based on the product configured secure virtual machine access (i.e., secure channel)).
Regarding claim 5. 
       Fries teaches wherein all data stored on the persistent storage is within the encrypted region (Fries teaches in Fig. 1A and Para. [0030] that the management service 130 sends the key to the hypervisor 110 which distributes the key to the VM (i.e., receives the distributed key). Further Fig.1B shows that VM3 receives the key and has access to 120C in the storage 107 (i.e., persistent storage)).
Regarding claim 6. 
         Fries teaches wherein the authentication data stored on the encrypted region of the persistent storage comprises encryption keys and passwords (Fries teaches in Fig. 1A and Para. [0030] that the management service 130 sends the key to the hypervisor 110 which distributes the key to the VM (i.e., receives the distributed key) and further, Fries teaches in Para. [0045] that the virtual machine access on a relatively granular basis and the conventional control provides username/password for migrating the virtual machines based on the encryption key).
Regarding claims 9 and 15. 
Claims 9 and 15 incorporate substantively all the limitation of claim 1 in non-transitory storage medium and a server cluster form and are rejected under the same rationale. Furthermore, regarding the claim limitations of non-transitory storage medium and server cluster, Fries in view of Peddada teaches in Para. [0056]-[0057] Fries and Peddada in Para. [0101] and [0032]. 
Regarding claim 10. 
          Fries teaches wherein the steps carried about by the server cluster further comprise: storing the encryption key received from the management server in non-persistent storage accessible by the virtual machine (Fries teaches in Para. [0034] storing the encryption key in interface layer 155 in turn configuring to use the corresponding encryption key (in this case "key 3") used to communicate with virtual hard disk 120c); and 
       decrypting the data stored within the encrypted region (Fries teaches in Para. [0043]-[0044] and [0053] that the Vms (i.e., running service) will not run without the appropriate key and therefore, having the key enables the Vms to run the associated services by using the decrypted data). Fries also teaches managing key access for one or more servers. Where, the management server can thus differentiate which virtual machines can be operated on which servers by differentiating which servers can receive which encryption keys ([Abstract])).
Regarding claims 11 and 20. 
Claims 11 and 20 incorporate substantively all the limitation of claim 2 in non-transitory storage medium and a server cluster form and are rejected under the same rationale. Furthermore, regarding the claim limitations of non-transitory storage medium and server cluster, Fries in view of Peddada teaches in Para. [0056]-[0057] Fries and Peddada in Para. [0101] and [0032].
Regarding claims 13 and 16. 
Claims 13 and 16 incorporate substantively all the limitation of claim 6 in non-transitory storage medium and a server cluster form and are rejected under the same rationale. Furthermore, regarding the claim limitations of non-transitory storage medium and server cluster, Fries in view of Peddada teaches in Para. [0056]-[0057] Fries and Peddada in Para. [0101] and [0032]. 

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Fries in view of Peddada further in view of Caragea (US. Pub. No. 2019/0068851 A1, hereinafter Caragea).
Regarding claim 3. Fries in view of Peddada teaches the computer implemented method as recited in claim 2.
       Fries in view of Peddada does not explicitly teach wherein the communication received from the management server directs the virtualization software to delay delivery of the encryption key to the virtual machine until the virtual machine reaches a predetermined state in which it is ready to initiate guest operations. 
      However, Caragea teaches wherein the communication received from the management server directs the virtualization software to delay delivery of the encryption key to the virtual machine until the virtual machine reaches a predetermined state in which it is ready to initiate guest operations (Caragea teaches in Para. [0068] the filter 42 may delay the delivery of the session key (i.e., encryption key) for security purposes, since it may give away the fact that the respective VM is being monitored and further teaches in Para. [0034]-[0035] that the hypervisor element 30 manages the operation of the guest VM 32 (i.e., guest operation) based on the termed virtual machine state, guest state area, a host state area, the guest state area holding the CPU state of the respective VM (i.e., all the indicated states are show that how the delivery of the session key/encryption key hold up until the virtual machine reaches the predetermined state is ready to initiate the guest operations )).
         It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Caragea by including the method of using guest operation and delaying the delivery of the session key (i.e., encryption key) for the security purpose ([0068] and [0034]-[0035]) into the teachings of Fries in view of Peddada invention. One would have been motivated to do so the virtual machine performs detection of a first session event of the communication session and a detection of a second session event of the communication session and transmits a content of the memory page to a decryption engine configured to decrypt encrypted payload according to the content and thus helps the method to utilize multiple virtual machines to share hardware resources of host system so that virtual machine is operated independently.

Claims 7, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Fries in view of Peddada further in view of Witt et al. (US. Pub. No. 2007/0113078 A1, hereinafter Witt).
Regarding claim 7. Fries in view of Peddada teaches the computer implemented method as recited in claim 1.
       Fries in view of Peddada does not explicitly teach wherein the encryption key is never written to the persistent storage in an unencrypted state.  
         However, Witt teaches wherein the encryption key is never written to the persistent storage in an unencrypted state (Witt teaches in Para. [0015] that the data encrypted without regard for the application writing the data and without regard for the type of device being written to and further teaches in Para. [0020] that the determination may be made based on one or more predetermined and/or preset file and/or device parameters (e.g., such as file name, job name, etc.), and at step 16, if the file does not need to be encrypted, then the unencrypted data is written to the storage device).
          It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Witt by including using storage device without writing the data and without regard for the type of device being written ([0015] and [0020]) into the teachings of Fries in view of Peddada invention. One would have been motivated to do so in order to the method enables encryption of the files to be performed without regard for the applications that create or write the file, and without regard for a volume e.g. real or virtual volume, that the file is created or written upon.
Regarding claims 12 and 19. 
Claims 12 and 19 incorporate substantively all the limitation of claim 7 in non-transitory storage medium and a server cluster form and are rejected under the same rationale. Furthermore, regarding the claim limitations of non-transitory storage medium and server cluster, Fries in view of Peddada teaches in Para. [0056]-[0057] Fries and Peddada in Para. [0101] and [0032]. 

Claims 8 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Fries in view of Peddada further in view of Douceur et al. (US. Pub. No. 2005/0278525 A1, hereinafter Douceur).

Regarding claim 8. Fries in view of Peddada teaches the computer implemented method as recited in claim 1.
        Fries in view of Peddada does not explicitly teach shutting down the virtual machine without saving the encryption key to persistent storage.
         However, Douceur teaches shutting down the virtual machine without saving the encryption key to persistent storage (Douceur teaches in Para. [0061] the session ends when the user logs off the computing device (either explicitly by selecting a "log off" option or implicitly by powering-down the computing device, having the computing device fail (e.g., crash), etc.)), without placing unencrypted copies of the symmetric keys (i.e., without saving the key) contained in the cache onto persistent storage and this indicates that if the key is only stored in non-persistent storage, then by definition of "non-persistent" the key won't be saved at shutdown).
       It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Douceur by including a method of shutting down the system without saving the key ([0061]) into the teachings of Fries in view of Peddada. One would have been motivated to do so since this method helps a determination unit determines whether an access control entry of a received file corresponds to any one of the access control entry-to-symmetric key mappings in an encrypted key cache. If a corresponding mapping exist in the cache, the respective symmetric key is obtained to decrypt the file, else encrypted symmetric key of the entry is decrypted by private key of a public/private key pair, for file decryption and thus, the encrypted file can be evaluated to determine whether it is identical to another file without restoring to any decryption and the unwanted duplicative files can be removed by adding the authorized user access control entries to the remaining file, the decryption performance is improved using an encrypted key cache by reducing the overhead information that is stored in each file, while allowing users to retrieve the file even if the file stored in the computer is unavailable.
        Regarding claim 14. 
Claim 14 incorporates substantively all the limitation of claim 8 in non-transitory storage medium and a server cluster form and are rejected under the same rationale. Furthermore, regarding the claim limitations of non-transitory storage medium and server cluster, Fries in view of Peddada teaches in Para. [0056]-[0057] Fries and Peddada in Para. [0101] and [0032]. 

Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Fries in view of Peddada further in view of Nechytaylo et al. (US. Pub. No. 2015/0128233 A1, hereinafter Nechytaylo).

Regarding claim 17. Fries in view of Peddada teaches the server cluster as recited in claim 15. 
       Fries in view of Peddada does not explicitly teach an encryption key facilitating secure two-way communication between the virtual machine and the management server.  
     However, Nechytaylo teaches an encryption key facilitating secure two-way communication between the virtual machine and the management server (Nechytaylo teaches in Para. [0044] and [0049] private encryption keys are generated in a secure, two-way authenticated environment and are used for both encryption and decryption of data and the mobile device 201 is a two-way communication device having data and voice communication capabilities).
        It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Nechytaylo by including a method of using two-way communications in authenticated environment ([0044]) into the teachings of Fries in view of Peddada. One would have been motivated to do so since the wireless connector system facilitates communication, directly or indirectly with the wireless connector system so that the flexibility in application installation increases the functionality of the mobile device and provides enhanced on-device functions, communication-related functions, or both in an efficient manner.

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Fries in view of Peddada further in view of Shivanna et al. (US. Pub. No. 2016/0344582 A1, hereinafter Shivanna).

Regarding claim 18. Fries in view of Peddada teaches the server cluster as recited in claim 15. 
      Fries in view of Peddada does not explicitly wherein the virtual machine is a master virtual machine and the server cluster comprises a plurality of master virtual machines. 
      However, Shivanna teaches wherein the virtual machine is a master virtual machine and the server cluster comprises a plurality of master virtual machines (Shivanna teaches in Para. [0013] assign a master device to each cluster. For example, each cluster of the plurality of clusters grouped by the cluster engine 104 can be assigned a master device to manage calling home for the cluster and the call home master can be a virtual machine or software configured to communicate with the call home destination).
      It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Shivanna by including a method of using a call home master that can be a virtual machine ([0013]) into the teachings of Fries in view of Peddada invention. One would have been motivated to do so since this method uses a cluster engine groups a set of compute devices into a set of clusters based on the set of potential call home devices. An assignment engine assigns a master device to the duster. The master device sends a system message to a call home destination. A consolidator engine combines the system information's and reduces duplicative data and thus, helps the method to reduce network load and load on the call home destination in an efficient manner. The method allows messages from the cluster to be reduced in size and amount when duplicative system information is removed.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BERHANU SHITAYEWOLDETSADIK whose telephone number is (571) 270-7142. The examiner can normally be reached M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise can be reached on 5712723865. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/BERHANU SHITAYEWOLDETADIK/       Examiner, Art Unit 2455                                                                                                                                                                                         
/DAVID R LAZARO/Primary Examiner, Art Unit 2455