DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
This initial written action is responding to the communication dated on 08/08/2022.
Claims 1-20 are canceled.
Claims 21-40 are submitted for examination.
Claims 21-40 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority

This application filed on August 08, 2022 claims priority of continuing application 16/945,909 filed on August 02, 2020, which claims priority of continuing application 14/965,870 filed on December 10, 2015. Which claims priority of continuing application 13/765,618 filed on February 12, 2013.


Information Disclosure Statement
The following Information Disclosure Statements in the instant application submitted in compliance with the provisions of 37 CFR 1.97, and thus, have been fully considered:
IDS filed on 09 August 2022.

Claim Objection
Claim 33 is objected to because of the following informalities:  Claim 33 recites a limitation, “The method of claim 32, wherein the encryption key is generated by a management server”. Claim 33 is a dependent claim of Claim 32 which recites a Claim limitation, “The non-transitory computer readable storage medium of claim 31”, which is a different statutory class. Appropriate correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 21, 23-29, 31,33-39 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 3-9, 13-14, 16, 30 of U.S. Patent No.9,930,066. 
Claims 21-24, 27, 29, 31-34, 37, 39 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-3, 5, 8, 10, 19 of U.S. Patent No.10,771,505. 
Claims 21, 23,25-29, 31, 33, 35-39 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 3, 6-11, 13, 16-20 of U.S. Patent No.11,411,995. 

Although the claims at issue are not identical, they are not patentably distinct from each other. Please see table below.

 
Instant Application 17/883,383
 
US PAT. # US 9,930,066 (App. # 13/765,618) 
 
 
 INFRASTRUCTURE LEVEL LAN SECURITY
 
 INFRASTRUCTURE LEVEL LAN SECURITY
 
 
 
 
 
 
21
A computer-implemented method of providing group key-based encryption for machines executing on a host computer, comprising: receiving a selection of a Layer 2 (L2) domain on which a secure wire is to be enabled; generating an encryption key for the secure wire; associating one or more machines executing on the host computer with the secure wire; and encrypting communications between the one or more machines using the encryption key generated for the secure wire.
1
A method for securing traffic in a multi-tenant virtualized infrastructure, comprising: receiving from a key manager a first encryption key associated with a set of virtual network interface cards (vNICs), including a first vNIC, that are connected by a logical L2 network and a second encryption key associated with a second vNIC not connected to the logical L2 network; intercepting first and second Layer 2 (L2) frames sent via the first and second vNICs respectively en route to a first physical network interface card (pNIC); determining (1) that the first encryption key is to be used for encrypting payload data of the first L2 frame sent via the first vNIC based on the first vNIC's membership in the set of vNICs connected by the logical L2 network and an analysis of a first policy defined for the logical L2 network, and (2) that the second encryption key is to be used for encrypting payload data of the second L2 frame sent via the second vNIC by analyzing a second policy defined for the second vNIC; encrypting (1) the payload data of the first L2 frame using the first encryption key and (2) the payload data of the second L2 frame using the second encryption key, wherein the encryption of the second L2 frame differs from the encryption of the first L2 frame as a different portion of the second L2 frame is encrypted than the portion encrypted for the first L2 frame; and encapsulating the first L2 frame with a logical L2 network header for the first L2 frame to be transmitted to a destination vNIC in the set of vNICs in the logical L2 network.
 
23
 The method of claim 22, wherein the encryption key is generated by a management server; and wherein the encryption key is securely transmitted from the management server to the one or more key management modules executing on the host computer.
3
The method of claim 1, wherein the encryption key is securely transmitted by the key manager.
 
24
The method of claim 22, further comprising: intercepting the encrypted frames as the encrypted frames are received from outside of the host computer as the encrypted frames are en route to one or more destination machines executing on the host computer and associated with the secure wire; and decrypting payload data of the encrypted frames using the encryption key.
4
The method of claim 1, further comprising: receiving, via a second pNIC, the transmitted encrypted first frame; intercepting the encrypted first frame as the encrypted first frame is in transit to a second vNIC from the second pNIC; and decrypting payload data of the encrypted first frame using the encryption key.
 
25
The method of claim 22 further comprising: adding to each of the intercepted frames at least one of a value which identifies the encryption key and a signed hash value used to authenticate the encrypted frames and ensure data integrity.
6
The method of claim 4, further comprising, adding to the first L2 frame: a value which indicates an EtherType, a value which identifies the encryption key, an encoded encryption initialization vector value, or a signed hash value used to authenticate the encrypted frame and ensure data integrity of the encrypted frame.
 
26
The method of claim 25 further comprising adding to each intercepted frame an encoded encryption initialization vector value.
6
The method of claim 4, further comprising, adding to the first L2 frame: a value which indicates an EtherType, a value which identifies the encryption key, an encoded encryption initialization vector value, or a signed hash value used to authenticate the encrypted frame and ensure data integrity of the encrypted frame.
 
27
The method of claim 21, wherein the intercepted frames are encrypted according to IEEE MAC Security Standard (MAC Sec) frame format.
5
 The method of claim 4, wherein the first frame is encrypted according to IEEE MAC Security Standard (MACSec) frame format.
 
28
The method of claim 21, wherein the encrypting is performed based on one or more policies specifying which traffic out of the one or more machines to encrypt.
8
The method of claim 1, wherein the first policy specifies a set of header values of L2 frames that require encryption.
 
29
The method of claim 21, wherein the secure wire is enabled on a virtual extensible LAN (VXLAN).
7
 The method of claim 1, wherein the logical L2 network is a virtual extensible LAN (VXLAN)-based logical L2 network.
 
31
A non-transitory computer readable storage medium storing a program for execution by at least one processing unit, the program provides group key-based encryption for machines executing on a host computer, the program comprising sets of instructions for: receiving a selection of a Layer 2 (L2) domain on which a secure wire is to be enabled; generating an encryption key for the secure wire; associating one or more machines executing on the host computer with the secure wire; and encrypting communications between the one or more machines using the encryption key generated for the secure wire.
9
A non-transitory computer-readable storage medium storing a program for securing traffic on a computer with virtual machines for multiple tenants, the program comprising sets of instructions for: receiving from a key manager first and second encryption keys associated with first and second logical L2 networks; at an encryption module on the computer, intercepting first and second data messages sent from first and second virtual machines (VMs) executing on the computer, the first VM associated with the first logical L2 network sending the first data message, and the second VM associated with the second logical L2 network sending the second data message; determining (1) that a payload of the first data message has to be encrypted based on a determination that the data message is from a virtual machine in the first logical L2 network and an analysis of a first policy defined for the first logical L2 network and (2) that a payload of the second data message has to be encrypted based on an analysis of a second policy defined for the second logical L2 network; encrypting (1) the payload data of the first data message using the encryption key for the first logical L2 network and (2) the payload data of the second data message using the second encryption key, wherein the encryption of the second data message differs from the encryption of the first data message as a different portion of the second data message is encrypted than the portion encrypted for the first data message; and encapsulating the first data message with a first logical L2 network header for the first data message to be transmitted to a destination VM in the first logical L2 network.
 
33
The method of claim 32, wherein the encryption key is generated by a management server; and wherein the encryption key is securely transmitted from the management server to the one or more key management modules executing on the host computer.
3
The method of claim 1, wherein the encryption key is securely transmitted by the key manager.
 
34
 The non-transitory computer readable storage medium of claim 32, wherein the program further comprises sets of instructions for: intercepting the encrypted frames as the encrypted frames are received from outside of the host computer as the encrypted frames are en route to one or more destination machines executing on the host computer and associated with the secure wire; and decrypting payload data of the encrypted frames using the encryption key.
4
The method of claim 1, further comprising: receiving, via a second pNIC, the transmitted encrypted first frame; intercepting the encrypted first frame as the encrypted first frame is in transit to a second vNIC from the second pNIC; and decrypting payload data of the encrypted first frame using the encryption key.
 
35
The non-transitory computer readable storage medium of claim 32, wherein the program further comprises a set of instructions for: adding to each of the intercepted frames at least one of a value which identifies the encryption key and a signed hash value used to authenticate the encrypted frames and ensure data integrity.
14
The computer-readable storage medium of claim 9, the program further comprising a set of instructions for adding to the first data message a value which indicates an EtherType, a value which identifies the encryption key, an encoded encryption initialization vector value, or a signed hash value used to authenticate the encrypted frame and ensure data integrity of the encrypted data message.
 
36
The non-transitory computer readable storage medium of claim 35, wherein the program further comprises a set of instructions for adding to each intercepted frame an encoded encryption initialization vector value.
14
The computer-readable storage medium of claim 9, the program further comprising a set of instructions for adding to the first data message a value which indicates an EtherType, a value which identifies the encryption key, an encoded encryption initialization vector value, or a signed hash value used to authenticate the encrypted frame and ensure data integrity of the encrypted data message.
 
37
The non-transitory computer readable storage medium of claim 31, wherein the intercepted frames are encrypted according to IEEE MAC Security Standard (MAC Sec) frame format.
13
The computer-readable storage medium of claim 9, wherein the first data message is encrypted according to IEEE MAC Security Standard (MACSec) format.
 
38
The non-transitory computer readable storage medium of claim 31, wherein the set of instructions for encrypting is performed based on one or more policies specifying which traffic out of the one or more machines to encrypt.
16
The machine readable medium of claim 9, wherein the first policy specifies a set of header values of data messages that require encryption.
 
39
The non-transitory computer readable storage medium of claim 31, wherein the secure wire is enabled on a virtual extensible LAN (VXLAN).
20
The computer-readable storage medium of claim 9, wherein the first logical network is a virtual extensible LAN (VXLAN)-based logical L2 network.
 


 
Instant Application 17/883,383
 
US PAT. # US 10771505 (App. # 14/965,870) 
 
 
 INFRASTRUCTURE LEVEL LAN SECURITY
 
 INFRASTRUCTURE LEVEL LAN SECURITY
 
 
 
 
 
 
21
A computer-implemented method of providing group key-based encryption for machines executing on a host computer, comprising: receiving a selection of a Layer 2 (L2) domain on which a secure wire is to be enabled; generating an encryption key for the secure wire; associating one or more machines executing on the host computer with the secure wire; and encrypting communications between the one or more machines using the encryption key generated for the secure wire.
1
A computer-implemented method of providing encryption keys, comprising: receiving an identification of first and second secure wires enabled in a Layer 2 (L2) domain on which a plurality of secure wires are to be enabled; generating first and second different encryption keys for the first and second secure wires; in response to a selection of a first virtual network interface card (vNIC) to add to the first secure wire, providing the first key to a first host on which the first vNIC executes in order for the first host to encrypt and decrypt messages exchanged between the first vNIC and a plurality of vNICs connected to the first secure wire on at least a second host without the first host being required to negotiate any keys for the first secure wire on a point-to-point basis with any other hosts, including the second host, the plurality of vNICs associated with a plurality of virtual machines (VMs) executing on at least the second host; and in response to a selection of a second vNIC to add to the second secure wire, providing the second key to a third host on which the second vNIC executes in order for the third host to encrypt and decrypt messages exchanged between the second vNIC and a third vNIC connected to the second secure wire associated with a particular VM in the plurality of VMs without the third host being required to negotiate any keys for the second secure wire on a point-to-point basis with any other hosts, wherein the first secure wire defines a logical L2 network that stretches across Layer 3 (L3) boundaries.
 
22
The method of claim 21, wherein encrypting the communications comprises: intercepting frames sent by one or more machines as the frames are en route out of the host computer; and encrypting the intercepted frames using the encryption key based on a mapping between one or more secure wires for machines executing on the host computer and associated encryption keys.
2
 The method of claim 1, wherein the mesages are frames and the first host encrypts the frames for the first secure wire by: intercepting, by an encryption module, frames sent by the first vNIC connected to the first secure wire as the frames are en route to physical network interface cards (pNICs) of the first host; and encrypting, at a key management module, the intercepted frames, wherein the key management module maintains mappings between secure wires and associated encryption keys and exposes application programming interfaces (APIs) which the encryption module invokes for encrypting frames.
 
23
The method of claim 22, wherein the encryption key is generated by a management server; and wherein the encryption key is securely transmitted from the management server to the one or more key management modules executing on the host computer.
3
The method of claim 2: wherein the first and second encryption keys are generated by a management server; and wherein the encryption key is securely transmitted from the management server to the one or more key management modules.
 
24
 The method of claim 22, further comprising: intercepting the encrypted frames as the encrypted frames are received from outside of the host computer as the encrypted frames are en route to one or more destination machines executing on the host computer and associated with the secure wire; and decrypting payload data of the encrypted frames using the encryption key.
5
 The method of claim 2, wherein: the encrypted frames are directed to a fourth vNIC executing on the second host that is connected to the first secure wire; a decryption module on the second host intercepts the encrypted frames as the encrypted frames are en route to the fourth vNIC; and a key management module on the second host decrypts payload data of the encrypted frames using the encryption key.
 
27
The method of claim 1, wherein the intercepted frames are encrypted according to IEEE MAC Security Standard (MACSec) frame format.
8
The method of claim 2, wherein the intercepted frames are encrypted according to IEEE MAC Security Standard (MACSec) frame format.
 
29
The method of claim 21, wherein the secure wire is enabled on a virtual extensible LAN (VXLAN).
10
The method of claim 1, wherein the first secure wire is enabled on a virtual extensible LAN (VXLAN).
 
31
A non-transitory computer readable storage medium storing a program for execution by at least one processing unit, the program provides group key-based encryption for machines executing on a host computer, the program comprising sets of instructions for: receiving a selection of a Layer 2 (L2) domain on which a secure wire is to be enabled; generating an encryption key for the secure wire; associating one or more machines executing on the host computer with the secure wire; and encrypting communications between the one or more machines using the encryption key generated for the secure wire.
19
 A non-transitory machine readable medium storing a program that when executed by a set of processing units manages encryption keys for encrypting messages exchanged between virtual machines in a plurality of virtual machines (VMs), the program comprising sets of instructions for: identifying a plurality of virtual network interface cards (vNICs) of a plurality of VMs to be connected by a secure wire; to each of a first pair of hosts, distributing a first encryption key to encrypt messages forwarded by at least two vNICs of two VMs that execute on the first pair of hosts without the hosts being required to negotiate any keys on a point-to-point basis with each other, wherein the first pair of hosts use the distributed first encryption key to establish a first secure wire to define a logical Layer 2 (L2) network that stretches across Layer 3 (L3) boundaries between the first pair of hosts; to each of a second pair of hosts, distributing a second encryption key to encrypt messages forwarded by at least two vNICs of two VMs that execute on the second pair of hosts without the hosts being required to negotiate any keys on a point-to-point basis with each other, wherein the second pair of hosts use the distributed second encryption key to establish a second secure wire to define another logical L2 network that stretches across L3 boundaries between the second pair of hosts.
 
32
The non-transitory computer readable storage medium of claim 31, wherein the set of instructions for encrypting the communications comprises sets of instructions for: intercepting frames sent by one or more machines as the frames are en route out of the host computer; and encrypting the intercepted frames using the encryption key based on a mapping between one or more secure wires for machines executing on the host computer and associated encryption keys.
2
 The method of claim 1, wherein the mesages are frames and the first host encrypts the frames for the first secure wire by: intercepting, by an encryption module, frames sent by the first vNIC connected to the first secure wire as the frames are en route to physical network interface cards (pNICs) of the first host; and encrypting, at a key management module, the intercepted frames, wherein the key management module maintains mappings between secure wires and associated encryption keys and exposes application programming interfaces (APIs) which the encryption module invokes for encrypting frames.
 
33
The method of claim 32, wherein the encryption key is generated by a management server; and wherein the encryption key is securely transmitted from the management server to the one or more key management modules executing on the host computer.
3
The method of claim 2: wherein the first and second encryption keys are generated by a management server; and wherein the encryption key is securely transmitted from the management server to the one or more key management modules.
 
34
The non-transitory computer readable storage medium of claim 32, wherein the program further comprises sets of instructions for: intercepting the encrypted frames as the encrypted frames are received from outside of the host computer as the encrypted frames are en route to one or more destination machines executing on the host computer and associated with the secure wire; and decrypting payload data of the encrypted frames using the encryption key.
5
 The method of claim 2, wherein: the encrypted frames are directed to a fourth vNIC executing on the second host that is connected to the first secure wire; a decryption module on the second host intercepts the encrypted frames as the encrypted frames are en route to the fourth vNIC; and a key management module on the second host decrypts payload data of the encrypted frames using the encryption key.
 
37
The non-transitory computer readable storage medium of claim 31, wherein the intercepted frames are encrypted according to IEEE MAC Security Standard (MAC Sec) frame format.
8
The method of claim 2, wherein the intercepted frames are encrypted according to IEEE MAC Security Standard (MACSec) frame format.
 
39
 The non-transitory computer readable storage medium of claim 31, wherein the secure wire is enabled on a virtual extensible LAN (VXLAN).
10
The method of claim 1, wherein the first secure wire is enabled on a virtual extensible LAN (VXLAN).
 



 
Instant Application 17/883,383
 
US PAT. # US 11,411,995 (App. # 16/945,909) 
 
 
 INFRASTRUCTURE LEVEL LAN SECURITY
 
 INFRASTRUCTURE LEVEL LAN SECURITY
 
 
 
 
 
 
21
A computer-implemented method of providing group key-based encryption for machines executing on a host computer, comprising: receiving a selection of a Layer 2 (L2) domain on which a secure wire is to be enabled; generating an encryption key for the secure wire; associating one or more machines executing on the host computer with the secure wire; and encrypting communications between the one or more machines using the encryption key generated for the secure wire.
1
A method of providing encryption keys comprising: generating first and second different encryption keys for first and second secure wires; in response to a selection of a first machine to add to the first secure wire, associating an interface of the first machine with the first secure wire and using the first key at a first host computer on which the first machine executes in order for the first host computer to encrypt and decrypt messages exchanged between the first machine and a plurality of other machines connected to the first secure wire on at least a second host computer without the first host computer being required to negotiate any key for the first secure wire on a point-to-point basis with any other host computer including the second host computer; and in response to a selection of a second machine to add to the second secure wire, associating an interface of the second machine with the second secure wire and using the second key at a third host computer on which the second machine executes in order for the third host computer to encrypt and decrypt messages exchanged between the second machine and a plurality of other machines connected to the second secure wire on at least a fourth host computer without the third host computer being required to negotiate any key for the second secure wire on a point-to-point basis with any other host computer including the fourth host computer.
 
21

3
The method of claim 2 further comprising receiving, for each secure wire, a selection of the logical L2 network on which the secure wire is to be enabled.
 
23
 The method of claim 22, wherein the encryption key is generated by a management server; and wherein the encryption key is securely transmitted from the management server to the one or more key management modules executing on the host computer.
9
The method of claim 1, wherein the first and second encryption keys are generated by a management server, and each encryption key is securely transmitted from the management server to two or more host computers.
 
25
The method of claim 22 further comprising: adding to each of the intercepted frames at least one of a value which identifies the encryption key and a signed hash value used to authenticate the encrypted frames and ensure data integrity.
6
The method of claim 5, wherein each host computer includes with each of encrypted data message at least one of (i) a value which identifies the encryption key, (ii) an encoded encryption initialization vector value, and (iii) a signed hash value used to authenticate the encrypted data message and ensure data integrity.
 
26
The method of claim 25 further comprising adding to each intercepted frame an encoded encryption initialization vector value.
6
The method of claim 5, wherein each host computer includes with each of encrypted data message at least one of (i) a value which identifies the encryption key, (ii) an encoded encryption initialization vector value, and (iii) a signed hash value used to authenticate the encrypted data message and ensure data integrity.
 
27
The method of claim 21, wherein the intercepted frames are encrypted according to IEEE MAC Security Standard (MAC Sec) frame format.
7
The method of claim 5, wherein the identified data messages are encrypted according to IEEE MAC Security Standard (MACSec) frame format.
 
28
The method of claim 21, wherein the encrypting is performed based on one or more policies specifying which traffic out of the one or more machines to encrypt.
8
 The method of claim 5, wherein the encrypting for each secure wire is performed based on one or more policies specifying which traffic has to be encrypted.
 
29
The method of claim 21, wherein the secure wire is enabled on a virtual extensible LAN (VXLAN).
10
The method of claim 1, wherein the first secure wire is enabled on a virtual extensible LAN (VXLAN).
 
31
A non-transitory computer readable storage medium storing a program for execution by at least one processing unit, the program provides group key-based encryption for machines executing on a host computer, the program comprising sets of instructions for: receiving a selection of a Layer 2 (L2) domain on which a secure wire is to be enabled; generating an encryption key for the secure wire; associating one or more machines executing on the host computer with the secure wire; and encrypting communications between the one or more machines using the encryption key generated for the secure wire.
11
A non-transitory machine readable medium storing a program which when executed by at least one processing unit provides encryption keys, the program comprising sets of instructions for: generating first and second different encryption keys for first and second secure wires; in response to a selection of a first machine to add to the first secure wire, providing the first key to a first host computer on which the first machine executes in order for the first host computer to encrypt and decrypt messages exchanged between the first machine and a plurality of other machines connected to the first secure wire on at least a second host computer without the first host computer being required to negotiate any key for the first secure wire on a point-to-point basis with any other host computer including the second host computer; and in response to a selection of a second machine to add to the second secure wire, providing the second key to a third host computer on which the second machine executes in order for the third host computer to encrypt and decrypt messages exchanged between the second machine and a plurality of other machines connected to the second secure wire on at least a fourth host computer without the third host computer being required to negotiate any key for the second secure wire on a point-to-point basis with any other host computer including the fourth host computer.
 
31

13
The non-transitory machine readable medium of claim 12, the program further comprises a set of instructions for receiving, for each secure wire, a selection of the logical L2 network on which the secure wire is to be enabled.
 
33
The method of claim 32, wherein the encryption key is generated by a management server; and wherein the encryption key is securely transmitted from the management server to the one or more key management modules executing on the host computer.
19
The non-transitory machine readable medium of claim 11, wherein the first and second encryption keys are generated by a management server, and each encryption key is securely transmitted from the management server to two or more host computers.
 
35
The non-transitory computer readable storage medium of claim 32, wherein the program further comprises a set of instructions for: adding to each of the intercepted frames at least one of a value which identifies the encryption key and a signed hash value used to authenticate the encrypted frames and ensure data integrity.
16
The non-transitory machine readable medium of claim 15, wherein each host computer includes with each of encrypted data message at least one of (i) a value which identifies the encryption key, (ii) an encoded encryption initialization vector value, and (iii) a signed hash value used to authenticate the encrypted data message and ensure data integrity.
 
36
The non-transitory computer readable storage medium of claim 35, wherein the program further comprises a set of instructions for adding to each intercepted frame an encoded encryption initialization vector value.
16
The non-transitory machine readable medium of claim 15, wherein each host computer includes with each of encrypted data message at least one of (i) a value which identifies the encryption key, (ii) an encoded encryption initialization vector value, and (iii) a signed hash value used to authenticate the encrypted data message and ensure data integrity.
 
37
The non-transitory computer readable storage medium of claim 31, wherein the intercepted frames are encrypted according to IEEE MAC Security Standard (MAC Sec) frame format.
17
The non-transitory machine readable medium of claim 15, wherein the identified data messages are encrypted according to IEEE MAC Security Standard (MACSec) frame format.
 
38
The non-transitory computer readable storage medium of claim 31, wherein the set of instructions for encrypting is performed based on one or more policies specifying which traffic out of the one or more machines to encrypt.
18
The non-transitory machine readable medium of claim 15, wherein the set of instructions for encrypting for each secure wire is performed based on one or more policies specifying which traffic has to be encrypted.
 
39
The non-transitory computer readable storage medium of claim 31, wherein the secure wire is enabled on a virtual extensible LAN (VXLAN).
20
The non-transitory machine readable medium of claim 11, wherein the first secure wire is enabled on a virtual extensible LAN (VXLAN).
 



Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 21 and 31 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Alden et al. (US PAT. # US 6,101,543, hereinafter “Alden”), and further in view of Marino et al. (US PAT. # US 9,154,327, hereinafter “Marino”).

Referring to Claims 21 and 31:
Regarding Claim 21, Alden teaches,
A computer-implemented method of providing group key-based encryption for machines executing on a host computer, comprising 
[receiving a selection of a Layer 2 (L2) domain] on which a secure wire is to be enabled; (Fig. 3, Fig. 14,  Fig. 11, CL(11), LN(59-67), CL(12), LN(1-11), i.e. a tunnel (secure wire) is to be enabled) 
generating an encryption key for the secure wire; (CL(8), LN(30-35), CL(8), LN(54-56), Fig. 5, CL(11), LN(38-42), i.e. encryption keys are generated. Examiner submits that keys can be generated as needed (Fig. 5) indicates that first and second different encryption keys are generated for plurality of tunnels (keys are generated for secure wire(s). A tunnel is interpreted as a secure wire)
 associating one or more machines executing on the host computer with the secure wire; (Fig. 14 (247, 248, 249, 253, 254, 255), Fig. 3, CL(7), LN(1-18), CL(14), LN(11-27), i.e. tunnel is considered as first secure wire and a one or more computers (client computer and tunnel server) are associated with the secure wire) and 
encrypting communications between the one or more machines using the encryption key generated for the secure wire. (Fig. 5, CL(8), LN(30-44), CL(8), LN(53-57), Fig. 17(334), CL(17), LN(3-5)) ), “At step 334 the pseudo network adapter encrypts the message using an encryption engine such that only the receiver is capable of decrypting and reading the message”, i.e. key is provided to encrypt/decrypt data (messages) communicated between one or more machines).
Alden does not teach explicitly,
receiving a selection of a Layer 2 (L2) domain [on which a secure wire is to be enabled]; 
However, Marino teaches,
receiving a selection of a Layer 2 (L2) domain [on which a secure wire is to be enabled]; (Fig. 2, CL(5), LN(25-45), Fig. 3, CL(6), LN(43-67), i.e. Layer 2 is selected).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Marino with the invention of Alden.
Alden teaches, communicating an encrypted data between two vNICs connected by a secure wire. Marino teaches, selecting a Layer 2 domain on which a secure wire is enabled. Therefore, it would have been obvious to select a Layer 2 domain on which a secure wire is enabled of Marino with communicating an encrypted data between two vNICs connected by a secure wire of Alden to create a virtual layer-2 network that connects remote nodes on a remote physical LAN to an on-premises LAN to securely communicating data. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 
Regarding Claim 31, it is a non-transitory computer-readable storage medium Claim of above method Claim 21, therefore Claim 31 is rejected with the same rationale as applied against Claim 21 above.



Claims 22-24 and 32-34 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Alden et al. (US PAT. # US 6,101,543, hereinafter “Alden”), and further in view of Marino et al. (US PAT. # US 9,154,327, hereinafter “Marino”), and further in view of Raizen et al. (US PAT. # US 8,751,828, hereinafter “Raizen”).

Referring to Claims 22 and 32:
Regarding Claim 22, rejection of Claim 21 is included and Alden teaches,
The method of claim 21, wherein encrypting the communications comprises:
intercepting frames sent by one or more machines as the frames are en route out of the host computer; (Fig. 15(265), Fig. 16(292), CL(14), LN(64-67), CL(15), LN(1-2), i.e. encryption module intercept the frame en route to physical network) and
encrypting the intercepted frames using the encryption key, (“Abstract”, Fig. 15(265), Fig. 16(292), CL(14), LN(64-67), CL(15), LN(1-2), i.e. encryption module encrypts the frame), [based on a mapping between one or more secure wires for machines executing on the host computer and associated encryption keys]. 
Combination of Alden and Marino does not teach explicitly,
[encrypting the intercepted frames using the encryption key], based on a mapping between one or more secure wires for machines executing on the host computer and associated encryption keys.
However, Raizen teaches,
[encrypting the intercepted frames using the encryption key], based on a mapping between one or more secure wires for machines executing on the host computer and associated encryption keys.(CL(13), LN(4-10), CL(13), LN(16-30), i.e. KCM (Key controller module) keeps a mapping of encryption keys and one or more encrypted regions of LV (logical volumes, see also claim 14) [and expose application programming interfaces (APIs) which the encryption modules invoke for encrypting frames].
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Raizen with the invention of Alden in view of Marino.
Alden in view of Marino teaches, communicating an encrypted data between two vNICs connected by a secure wire and selecting a Layer 2 domain on which a secure wire is enabled. Raizen teaches, keeping a mapping of keys with encrypted logical volumes system.  Therefore, it would have been obvious to keeping a mapping of keys with encrypted logical volumes system of Raizen into the teachings Alden in view of Marino to enable multiple secure connection between multiple virtual machines and identify key for an encrypted volume (secure region) based on key mapping. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 32, rejection of Claim 31 is included and Claim 32 is rejected with the same rationale as applied against Claim 22 above.

Referring to Claims 23 and 33:
Regarding Claim 23, rejection of Claim 22 is included and for the same motivation combination of Alden and Marino does not teach explicitly,
The method of claim 22, 
wherein the encryption key is generated by a management server; and 
wherein the encryption key is securely transmitted from the management server to the one or more key management modules executing on the host computer.
However, Raizen teaches,
The method of claim 22, 
wherein the encryption key is generated by a management server; (CL(2), LN(45-48), CL(3), LN(40-47), i.e. encryption keys are generated by a key management server); and 
wherein the encryption key is securely transmitted from the management server to the one or more key management modules executing on the host computer. CL(4), LN(29-43), Fig. 6 (1070), CL(8), LN(6-12), “any required encryption/decryption operations are to be performed by the KCM 74 using the crypto kernel 84”, Fig. 6(1050), CL(13), LN(4-23), i.e. Examiner submits that in order to perform encryption/decryption by KCM (Key controller module) or encryption/decryption requested by KCM requires an encryption key which is provided by the key management server).

Regarding Claim 33, rejection of Claim 32 is included and Claim 33 is rejected with the same rationale as applied against Claim 23 above.

Referring to Claims 24 and 34:
Regarding Claim 24, rejection of Claim 22 is included and for the same motivation Alden teaches,
The method of claim 22, further comprising: 
intercepting the encrypted frames as the encrypted frames are received from outside of the host computer as the encrypted frames are en route to one or more destination machines executing on the host computer and associated with the secure wire; (Fig. 15(266), Fig. 16(298), CL(15), LN(30-33). CL(15), LN(5-8), i.e. encrypted frames are intercepted); and 
decrypting payload data of the encrypted frames using the encryption key. (Abstract, Fig. 15(266), Fig. 16(298), CL(15), LN(30-33). CL(15), LN(5-8), i.e. encrypted frames are decrypted).

Regarding Claim 34, rejection of Claim 32 is included and Claim 34 is rejected with the same rationale as applied against Claim 24 above.
Claims 25-26 and 35-36 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Alden et al. (US PAT. # US 6,101,543, hereinafter “Alden”), and further in view of Marino et al. (US PAT. # US 9,154,327, hereinafter “Marino”), and further in view of Raizen et al. (US PAT. # US 8,751,828, hereinafter “Raizen”), and further in view of Troy A. Swartz (US PGPUB. # US 2008/0075073, hereinafter “Swartz”).

Referring to Claims 25 and 35:
Regarding Claim 25, rejection of Claim 22 is included and combination of Alden and Marino does not teach explicitly,
The method of claim 22, further comprising: 
adding to each of the intercepted frames at least one of a value which identifies the encryption key and a signed hash value used to authenticate the encrypted frames and ensure data integrity.
However, Raizen teaches,
adding to each of the intercepted frames at least one of a value which identifies the encryption key, (CL(13), LN(4-7), “the encryption metadata identifying an encryption key”) [and a signed hash value used to authenticate the encrypted frames and ensure data integrity].
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Raizen with the invention of Alden in view of Marino.
Alden in view of Marino teaches, communicating an encrypted data between two vNICs connected by a secure wire and selecting a Layer 2 domain on which a secure wire is enabled. Raizen teaches, keeping a mapping of keys with encrypted logical volumes system.  Therefore, it would have been obvious to keeping a mapping of keys with encrypted logical volumes system of Raizen into the teachings Alden in view of Marino to enable multiple secure connection between multiple virtual machines and identify key for an encrypted volume (secure region) based on key mapping. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 
Combination of Alden, Marino and Raizen does not teach explicitly,
[adding to each of the intercepted frames at least one of a value which identifies the encryption key], and a signed hash value used to authenticate the encrypted frames and ensure data integrity.
However, Swartz teaches,
[adding to each of the intercepted frames at least one of a value which identifies the encryption key], and a signed hash value used to authenticate the encrypted frames and ensure data integrity. (¶4, ¶31, “The integrity check value produced by the hashing algorithm and the packet CRC value 32 are then appended to the Ethernet encrypted payload 350 to produce the encrypted encapsulated packet 300).  
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Swartz with the invention of Alden in view of Marino and Raizen.
Alden in view of Marino and Raizen teaches, communicating an encrypted data between two vNICs connected by a secure wire and selecting a Layer 2 domain on which a secure wire is enabled and keeping a mapping of keys with encrypted logical volumes system. Swartz teaches, include a hash to verify the integrity data. Therefore, it would have been obvious to include a hash to verify the integrity data of Swartz into the teachings Alden in view of Marino and Raizen to ensure data security and integrity. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 35, rejection of Claim 32 is included and Claim 35 is rejected with the same rationale as applied against Claim 25 above.

Referring to Claims 26 and 36:
Regarding Claim 26, rejection of Claim 25 is included and for the same motivation combination of Alden, Marino, Rizwan and Grewal does not teach explicitly,
The method of claim 25 further comprising adding to each intercepted frame an encoded encryption initialization vector value.
However, Swartz teaches,
The method of claim 25 further comprising adding to each intercepted frame an encoded encryption initialization vector value. (Fig. 3(340, 345), ¶24, “ included in the output encapsulated frame 300 are an encapsulation header 340 and initialization vector 345, encrypted Ethernet payload 350”, Fig. 4, ¶27, “FIG. 4 shows the encapsulation header 340 and initialization vector 345 portion of encapsulated frame 300 in more detail. Encapsulation header 340 and initialization vector 345 together comprising a 24 byte field that is preferably inserted before the encrypted payload 340 of encapsulated packet 300”).

Regarding Claim 36, rejection of Claim 35 is included and Claim 36 is rejected with the same rationale as applied against Claim 26 above.

Claims 27 and 37 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Alden et al. (US PAT. # US 6,101,543, hereinafter “Alden”), and further in view of Marino et al. (US PAT. # US 9,154,327, hereinafter “Marino”), and further in view of Grewal et al. (US PGPUB. # US 2008/0002724, hereinafter “Grewal”).

Referring to Claims 27 and 37:

Regarding Claim 27, rejection of Claim 21 is included and combination of Alden and Marino does not teach explicitly,
The method of claim 21, wherein the intercepted frames are encrypted according to IEEE MAC Security Standard (MACSec) frame format.
However, Grewal teaches,
The method of claim 21, wherein the intercepted frames are encrypted according to IEEE MAC Security Standard (MACSec) frame format. (¶10, i.e. IEEE 802.1AE is used in communications).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Grewal with the invention of Alden in view of Marino.
Alden in view of Marino teaches, communicating an encrypted data between two vNICs connected by a secure wire and selecting a Layer 2 domain on which a secure wire is enabled. Grewal teaches, encrypt frames according to IEEE 802.1AE standard. Therefore, it would have been obvious to encrypt frames according to IEEE 802.1AE standard of Grewal into the teachings Alden in view of Marino to ensure IEEE standards for an encryption of data. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 37, rejection of Claim 31 is included and Claim 37 is rejected with the same rationale as applied against Claim 27 above.

Claims 28 and 38 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Alden et al. (US PAT. # US 6,101,543, hereinafter “Alden”), and further in view of Marino et al. (US PAT. # US 9,154,327, hereinafter “Marino”), and further in view of Donald McAlister (US PGPUB. # US 2008/0104692, hereinafter “McAlister”).

Referring to Claims 28 and 38:
Regarding Claim 28, rejection of Claim 21 is included and combination of Alden and Marino does not teach explicitly,
The method of claim 21, wherein the encrypting is performed based on one or more policies specifying which traffic out of the one or more machines to encrypt.
However McAlister teaches,
The method of claim 21, wherein the encrypting is performed based on one or more policies specifying which traffic out of the one or more machines. (¶15, ¶44, ¶57, “The security policy states or otherwise defines a specific type of encryption and authentication to apply to packets between the secured remote network 310 and secured local network 330”, i.e. encryption of traffic is based on a security policy).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of McAlister with the invention of Alden in view of Marino.
Alden in view of Marino teaches, communicating an encrypted data between two vNICs connected by a secure wire and selecting a Layer 2 domain on which a secure wire is enabled. McAlister teaches, encrypt the traffic according to a security policy.  Therefore, it would have been obvious to encrypt the traffic according to a security policy of McAlister into the teachings Alden in view of Marino to encrypt the traffic according to sensitivity of the data and applicable security policy. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 38, rejection of Claim 31 is included and Claim 38 is rejected with the same rationale as applied against Claim 28 above.

Claims 29 and 39 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Alden et al. (US PAT. # US 6,101,543, hereinafter “Alden”), and further in view of Marino et al. (US PAT. # US 9,154,327, hereinafter “Marino”), and further in view of Du et al. (US PGPUB. # US 2013/0227558, hereinafter “Du”).

Referring to Claims 29 and 39:
Regarding Claim 29, rejection of Claim 21 is included and combination of Alden and Marino does not teach explicitly,
The method of claim 21, wherein the secure wire is enabled on a virtual extensible LAN (VXLAN). 
However, Du teaches,
The method of claim 21, wherein the secure wire is enabled on a virtual extensible LAN (VXLAN). (¶39, “cryptographic keys may be used to secure communications between master and worker VM nodes”, ¶46, “utilize network virtualization techniques, such as cross-host fencing and virtual eXtensible local area network ( VXLAN), to create isolated networks for different clusters provisioned by the distributed computing platform service that may, for example, have been requested by different customers through different remote client devices 325”, i.e. secure wire is enabled on VXLAN).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Du with the invention of Alden in view of Marino.
Alden in view of Marino teaches, communicating an encrypted data between two vNICs connected by a secure wire and selecting a Layer 2 domain on which a secure wire is enabled. Du teaches, enable secure communication on a VXLAN.  Therefore, it would have been obvious to enable secure communication on a VXLAN of Du into the teachings Alden in view of Marino to enable multiple secure connection between multiple virtual machines. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 39, rejection of Claim 31 is included and Claim 39 is rejected with the same rationale as applied against Claim 29 above.

Claims 30 and 40 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Alden et al. (US PAT. # US 6,101,543, hereinafter “Alden”), and further in view of Marino et al. (US PAT. # US 9,154,327, hereinafter “Marino”), and further in view of Imai et al. (US PGPUB. # US 2010/0030898, hereinafter “Imai”).

Referring to Claims 30 and 40:
Regarding Claim 30, rejection of Claim 21 is included and combination of Alden and Marino does not teach explicitly,
The method of claim 21, wherein associating one or more machines with the secure wire comprises receiving input from an administrator to add machines to the secure wire.
However, Imai teaches,
The method of claim 21, wherein associating one or more machines with the secure wire comprises receiving input from an administrator to add machines to the secure wire. (Fig. 4, ¶48-¶49, ¶51-¶52, ¶57-¶58, i.e. an administrative manager (administrator) associates machines to the VPN tunnel (secure wire)).  
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Imai with the invention of Alden in view of Marino.
Alden in view of Marino teaches, communicating an encrypted data between two vNICs connected by a secure wire and selecting a Layer 2 domain on which a secure wire is enabled. Imai teaches, an administrator starting VPN tunnel (secure wire) between machines by adding machines to the VPN tunnel.  Therefore, it would have been obvious to have an administrator starting VPN tunnel (secure wire) between machines by adding machines to the VPN tunnel of Imai into the teachings Alden in view of Marino to control the VPN tunnels between two machines. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 40, rejection of Claim 31 is included and Claim 40 is rejected with the same rationale as applied against Claim 30 above.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Eric Obligacion (US PGPUB. # US 2014/0189235) discloses, a stealth appliance may be coupled between a storage controller and a disk array. The stealth appliance may be configured to receive a request from the storage controller encrypted with a first community-of-interest (COI) key, to decrypt the request with the first COI key, to encrypt the request with a second COI key, and to transmit the encrypted request to the disk array.
Cohen et al. (US PGPUB. # US 2014/0122675) discloses, allowing servers connected over an InfiniBand fabric to communicate using multiple private virtual interconnects (PVIs). In particular embodiments, the PVIs appear as virtual Ethernet networks to users on individual servers and virtual machines running on the individual servers. Each PVI is represented on the server by a virtual network interface card (VNIC) and each PVI is mapped to its own InfiniBand multicast group. Data can be transmitted on PVIs as Ethernet packets fully encapsulated, including the layer 2 header, within InfiniBand messages. Broadcast and multicast frames are propagated using InfiniBand.
Korthny et al. *US PGPUB. # US 2014/0095868) discloses, providing sensitive data protection in a virtual computing environment. The systems and methods utilize a sensitive data control monitor on a virtual appliance machine administering guest virtual machines in a virtual computing environment, wherein each of the guest virtual machines may include a local sensitive data control agent. The sensitive data control monitor generates encryption keys for each guest virtual machine which are sent to the local sensitive data control agents and used to encrypt data locally on a protected guest virtual machine. In this manner the data itself on the virtual (or physical) disc associated with the guest virtual machine is encrypted while access attempts are gated by a combination of the local agent and the environment-based monitor, providing for secure yet administrable sensitive data protection.
Shah et al. (US PAT. # US 7,634,650) discloses, creating a secure zone having multiple servers connected to a resource virtualization switch through I/O bus interfaces, such as PCI Express or PCI-AS. Servers connected to the resource virtualization switch using I/O bus interfaces share access to one or more virtualized cryptographic accelerators associated with the resource virtualization switch. Applications on a server or system images running on hypervisor inside server can use cryptographic accelerators associated with the resource virtualization switch as though the resources were included in the server itself. Connections between multiple servers and the resource virtualization switch are secure non-broadcast connections. Data provided to a resource virtualization switch can be cryptographically processed using one or more shared and virtualized cryptographic accelerators.
Fries et al. (US PGPUB. # US 2009/0282266) discloses, a virtual machine comprises a unique identifier that is associated with one or more encryption keys. A management server encrypts the virtual machine's virtual hard disk(s) using the one or more associated encryption keys. The management server further provides the one or more encryption keys to a limited number of one or more servers in a system. Only those one or more servers that have been provided the one or more encryption keys can be used to load, access, and/or operate the virtual machine. The management server can thus differentiate which virtual machines can be operated on which servers by differentiating which servers can receive which encryption keys. In one implementation, a management server encrypts all virtual machines in the system, but encrypts virtual machines with sensitive data with a limited set of encryption keys, and further provides those encryption keys to a limited set of trusted servers.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/Primary Examiner, Art Unit 2498