DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is responsive to amendment filed on 07/21/2022. Claims 1-20 have been examined and are pending in this application.
Information Disclosure Statement
The information disclosure statement (IDS) was submitted on 07/21/2022. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
A new reference (McLeod et al. US 2009/0310242) is cited in this Office Action necessitated by the amendment.
To make the record clear and provide appropriateness of the cited references, the Examiner provides below a summary of the two points discussed during the interview held on 07/20/2022 with Applicant’s representative.
The first point discussed during the above-mentioned interview relates to the claim limitation “a computing system encrypting data stored on a disk, including accessing data blocks on the disk sequentially in increasing data block offset order starting from a first disk block on the disk, and encrypting the accessed data blocks” as recited in amended independent claim 1 and similarly recited in amended independent claims 8 and 15.
The primary reference Waldspurger uses metadata 560 which is cached in a cache 662 and designated as ISENCRYPTED[] metadata 663, FIG. 3. ISENCRYPTED[] metadata 663 comprises a plurality of bits where each bit indicates whether or not a disk block is to be encrypted. When the bit value is a ‘1’, the block is to be encrypted, otherwise with bit value ‘0’, the block is not to be encrypted. The exemplary ISENCRYPTED[] metadata 663 illustrated in the FIG. 3 comprises 7 (seven) disk blocks starting from block 1 to block 7. Since the values of ISENCRYPTED[] metadata 663 shown in FIG. 3 is only exemplary, one of ordinary skill in the art may reasonably conceive the values of metadata 663 to be 1111111 to indicate that each disk block is to be encrypted. 
During the interview, Applicant’s representative raised the point that with exemplary values 1111111 for the ISENCRYPTED[] metadata 663, it still does not teach “sequentially in increasing data block offset order” which was the proposed amendment agreed during the interview. In other words, Waldspurger may encrypt each of the seven disk blocks (in this example), but not necessarily carry out the encryption in increasing data block number. The Examiner agreed and the new reference is cited in this Office Action for the above-mentioned claim limitation.
The second point discussed during the interview relates to the claim limitation “the computing system servicing the received I/O requests concurrently with and independently of the encrypting operation, including at least encrypting or decrypting data blocks associated with I/O requests depending on offset addresses specified in the I/O requests relative to the progress offset address” as required by amended independent claim 1 and similarly required by amended independent claims 8 and 15.
The Broadest Reasonable Interpretation (BRI) of the above claim limitation is that two concurrent and independent encryption operations occur in the claimed invention “depending on offset addresses specified in the I/O requests relative to the progress offset address”. For example, if offset addresses specified in the I/O requests are beyond the progress offset address, then the computing system writes the data in the virtual disk in unencrypted form at operation 628, see paragraph [0055] of the filed specification and FIG. 6 of the instant drawings. In this case specifically, concurrent and independent encryption operations do not take place, and this is a first interpretation of the above claim limitation. On the other hand, if the offset addresses specified in the I/O requests are within the progress offset address, then, at operation 624, encryption of the I/O occurs, see paragraph [0053] of the instant specification and FIG. 6 of the instant drawings. Only in this case, two concurrent and independent encryption operations take place, and this is a second interpretation of the claim limitation.
Therefore, the emphasis on the above-mentioned claim limitation is on the language “depending on offset addresses specified in the I/O requests relative to the progress offset address”, and concurrent and independent encryption operations may or may not take place in the claimed invention. The Examiner takes the first interpretation of this claim limitation and submits that Waldspurger teaches “selective encryption on write”, col 10 line 1. In Waldspurger, according to alternative embodiments, selective encryption occurs on modified disk blocks that fall within a certain address range, and not all disk blocks are encrypted, col 10 lines 15-19. A host OS performs I/O operations on behalf of a VM, col 6 lines 38-39, and accordingly, concurrent and independent encryption and I/O operation takes place in Waldspurger.
In view of the new reference and the foregoing remarks, independent claims 1, 8, and 15 are not in a condition for allowance. Claims depending therefrom, either directly or indirectly, are also not in a condition for allowance.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Waldspurger et al. US 7,428,636 (“Waldspurger”) in view of McLeod et al. US 2009/0310242 (“McLeod”).
As per independent claim 1, Waldspurger teaches A method (The invention provides a method of operation for securely storing allocation units of data in a device in a computer system, where the device may be physical or virtual and has a minimum I/O unit, col 2 lines 39-42) comprising:
the computing system updating a progress offset address while encrypting data stored on the disk (Upon every write of a block of the disk, the block’s data is encrypted and the corresponding bit in ISENCRYPTED[] is changed to a “1”, col 13 lines 18-21 and FIG. 3), the progress offset address demarcating a first portion of the disk comprising data blocks that have been encrypted by the encrypting operation and a second portion of the disk comprising data blocks that have not yet been encrypted by the encrypting operation (See FIG. 3 for ISENCRYPTED[] data structure 663 where blocks 1, 4, 5, and 6 are encrypted while blocks 2, 3, and 7 are not encrypted. Blocks 1, 4, 5, and 6 are mapped to the first portion on the disk while blocks 2, 3, and 7 are mapped to the second portion on the disk. Note that the claim does not require that each portion comprising a contiguous number of blocks. Since the data in  ISENCRYPTED[] data structure 663 shown in FIG. 3 is exemplary, a person of ordinary skill in the art would recognize that a possible exemplary data in the data structure 663 may be 1111000. In this case with the data example 1111000, a person of ordinary skill in the art would recognize that the disk is demarcated into two contiguous portions of disk blocks. The exemplary data 1111000 is particularly important because Waldspurger states in part “encryption is not done for all disk blocks modified after a certain time, but rather for all modified blocks that fall in a certain range”, col 10 lines 16-18);
the computing system receiving input/output (I/O) requests to access the disk concurrently with and independently of the encrypting operation (The host OS performs I/O operations, col 6 lines 35-39. In FIG. 3, a check module 655 concurrently and independently of the encryption operation determines whether data to be written to a block B is to be encrypted, col 10 lines 19-21);
the computing system servicing the received I/O requests concurrently with and independently of the encrypting operation (The host OS performs I/O operations, col 6 lines 35-39. In FIG. 3, a check module 655 concurrently and independently of the encryption operation determines whether data to be written to a block B is to be encrypted, col 10 lines 19-21), including encrypting or decrypting data blocks associated with the I/O requests depending on offset addresses specified in the I/O requests relative to the progress offset address (“selective encryption on write”, col 10 line 1. In Waldspurger, according to alternative embodiments, selective encryption occurs on modified disk blocks that fall within a certain address range, and not all disk blocks are encrypted, col 10 lines 15-19. A host OS performs I/O operations on behalf of a VM, col 6 lines 38-39, and accordingly, concurrent and independent encryption and I/O operation takes place in Waldspurger).
Waldspurger discloses all of the claimed limitations from above, but does not explicitly teach “a computing system encrypting data stored on a disk, including accessing data blocks on the disk sequentially in increasing data block offset order starting from a first disk block on the disk, and encrypting the accessed data blocks”.
However, in an analogous art in the same field of endeavor, McLeod teaches a computing system encrypting data stored on a disk, including accessing data blocks on the disk sequentially in increasing data block offset order starting from a first disk block on the disk, and encrypting the accessed data blocks (The invention provides a method of storing data on a hard disk drive. The method comprising: (1) selecting a first allocation block (disk block) from an array of sequentially arranged allocation blocks located within the hard disk drive; (2) recording data within the first allocation block until the first allocation block is filled to capacity; (3) selecting a sequentially next allocation block from the array of sequentially arranged allocation blocks; (4) recording data within the sequentially next allocation block until the sequentially next allocation block is filled to capacity; and (5) repeating steps 3 and 4 until a predetermined number of the sequentially arranged allocation blocks of the array have been filled to capacity, paras 0046-0051. Recording the data within the hard disk drive further comprises the step of encrypting the data, para 0045).
Given the teaching of McLeod, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify the scope of the invention of Waldspurger with “a computing system encrypting data stored on a disk, including accessing data blocks on the disk sequentially in increasing data block offset order starting from a first disk block on the disk, and encrypting the accessed data blocks”. The motivation would be that the invention provides for improved method and apparatus for sequential recording for sequential recording applications, para 0001 of McLeod. 
As per dependent claim 2, Waldspurger in combination with McLeod discloses the method of claim 1. Waldspurger teaches wherein the computing system is a host machine that hosts a plurality of virtual machines (VMs) and the disk is a virtual disk associated with a first VM in the plurality of VMs (FIG. 1 shows the hardware platform 100 including one or more CPUs 110, a system memory 112, and a storage device, which is a disk 114, col 5 lines 6-8. Each VM 500 typically includes at least one virtual disk 514, col 5 lines 26-29 and FIG. 1), wherein the I/O requests are guest I/O requests from a guest operating system (OS) that executes on the first VM (The host performs I/O operations on behalf of the VM, col 6 lines 37-38 and FIG. 1), wherein servicing the received I/O requests includes the host machine encrypting or decrypting at least one data block associated with the guest I/O request depending on an offset address specified in the guest I/O request relative to the progress offset address (The EOW technique described is applicable to conventional operating systems. An EOW module could be installed as a driver or agent in the host OS 220, col 18 lines 15-21 and FIG. 1. See exemplary data for ISENCRYPTED[] data structure 663 provided in the rejection of claim 1 in order to determine whether or not a block is to be encrypted).
As per dependent claim 3, Waldspurger in combination with McLeod discloses the method of claim 1. Waldspurger teaches wherein servicing I/O requests includes processing a read request to read at least one data block from the disk by: reading the data block from the disk at an offset address specified in the read request; comparing the specified offset address with the progress offset address; and decrypting the read data block when the comparing indicates the specified offset address is in the first portion of the disk (Any disk block B whose ISENCRYPTED[B] bit is “1” must be decrypted whereas if marked “0” then need not be decrypted, col 13 lines 25-27 and FIG. 3. See exemplary data for ISENCRYPTED[] data structure 663 provided in the rejection of claim 1 in order to determine whether or not a block is to be encrypted),
wherein processing the read request does not include decrypting the read data block when the comparing indicates the specified offset address is in the second portion of the disk (Any disk block B whose ISENCRYPTED[B] bit is “1” must be decrypted whereas if marked “0” then need not be decrypted, col 13 lines 25-27 and FIG. 3. See exemplary data for ISENCRYPTED[] data structure 663 provided in the rejection of claim 1 in order to determine whether or not a block is to be encrypted).
As per dependent claim 4, Waldspurger in combination with McLeod discloses the method of claim 1. Waldspurger teaches wherein servicing I/O requests includes processing a write request to write at least one data block to the disk by: comparing an offset address specified in the write request with the progress offset address; encrypting the data block and writing the encrypted data block to the specified offset address on the disk when the comparing indicates the specified offset address is in the first portion of the disk (The ISENCRYPTED[] data structure 663 is sufficient to identify already-encrypted blocks, and if the data structure 663 is set to “1”, the write will be encrypted, col 13 lines 40-43 and FIG. 3. See exemplary data for ISENCRYPTED[] data structure 663 provided in the rejection of claim 1 in order to determine whether or not a block is to be encrypted);
writing the data block to the specified offset address on the disk without encrypting the data block when the comparing indicates the specified offset address is in the second portion of the disk (The ISENCRYPTED[] data structure 663 is sufficient to identify already-encrypted blocks, and if the data structure 663 is set to “0”, the write will not be encrypted, col 13 lines 40-43 and FIG. 3. See exemplary data for ISENCRYPTED[] data structure 663 provided in the rejection of claim 1 in order to determine whether or not a block is to be encrypted).
As per dependent claim 5, Waldspurger in combination with McLeod discloses the method of claim 1. Waldspurger teaches wherein encrypting data stored on the disk comprises: reading out a plurality of data blocks from the disk; encrypting the plurality of data blocks to produce a corresponding plurality of encrypted data blocks; and overwriting the plurality of data blocks on the disk with the corresponding plurality of encrypted data blocks, wherein the progress offset address is set to an offset address of one of the plurality of encrypted data blocks subsequent to the overwriting (The system could read in however many I/O units are needed for encryption, then encrypt, then write the entire encrypted unit out, col 8 lines 51-54. Upon every write of a block of the disk, the block’s data is encrypted and the corresponding bit in ISENCRYPTED[] is changed to a “1”, col 13 lines 18-21 and FIG. 3. See exemplary data for ISENCRYPTED[] data structure 663 provided in the rejection of claim 1 in order to determine whether or not a block is to be encrypted).
As per dependent claim 6, Waldspurger in combination with McLeod discloses the method of claim 5. Waldspurger teaches wherein encrypting data stored on the disk further comprises writing the plurality of data blocks to a journal file prior to encrypting the plurality of data blocks (Copy-on-write (COW) technique may be implemented. An entire base virtual disk VDISK-INT file may be stored unencrypted, col 17 lines 62-63).
As per dependent claim 7, Waldspurger in combination with McLeod discloses the method of claim 5. Waldspurger teaches wherein encrypting data stored on the disk further comprises writing the corresponding plurality of encrypted data blocks to a journal file prior to overwriting the plurality of data blocks (COW technique may be implemented. All data written into delta disk files due to COW operations would be encrypted, col 17 lines 63-65).
As per claims 8-14, these claims are respectively rejected based on arguments provided above for similar rejected claims 1-7. See FIG. 1 of Waldspurger for processors 110 and memory 112 where a computer program product may be stored in memory 112 for execution by the processors 110.
As per claims 15-20, these claims are respectively rejected based on arguments provided above for similar rejected claims 1-6. For processor and memory see FIG. 1 of Waldspurger.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZUBAIR AHMED whose telephone number is (571)272-1655. The examiner can normally be reached 7:30AM - 5:00PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, DAVID X YI can be reached on (571) 270-7519. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ZUBAIR AHMED/Examiner, Art Unit 2132                                                                                                                                                                                                        
/DAVID YI/Supervisory Patent Examiner, Art Unit 2132