DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is responsive to RCE filed on 10/07/2022. Claims 1-20 have been examined and are pending in this application.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/07/2022 has been entered.
Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Two new references (Thompson et al. US 2014/0325235 and Raizen et al. US 8,166,314) are cited in this Office Action necessitated by the amendment. 
In view of the new references, independent claims 1, 8, and 15 are not in a condition for allowance. Claims depending therefrom, either directly or indirectly, are also not in a condition for allowance.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-5, 8, 10-12, 15, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Thompson et al. US 2014/0325235 (“Thompson”) in view of Raizen et al. US 8,166,314 (“Raizen”).
As per independent claim 1, Thompson teaches A method (A method of decrypting and encrypting data blocks of a volume on a drive is disclosed, para 0037 and FIGS. 1-2 and 4A-B) comprising:
executing, by a background process running on a computing system (A background process may iteratively encrypt all plaintext data on a drive while allowing new encrypted data to be simultaneously written to the drive, para 0009), a sequential encryption operation with respect to a plurality of data blocks stored on a disk (The background process may iteratively encrypt all plaintext data on a drive while allowing new encrypted data to be simultaneously written to the drive, para 0009), the sequential encryption operation including:
encrypting the plurality of data blocks on the disk sequentially in increasing data block offset order starting from a first data block of the plurality of data blocks and ending at a last data block of the plurality of data blocks (Referring to FIG. 4A, at block 410, device 200 encrypts a data block using a second key. Next, at block 415, the device 200 writes the encrypted data block to a volume 250 and the process is repeated. The process may begin at a lowest LBA or block 260 of the volume 250, and continue block-by-block from the lowest LBA to the highest LBA of the volume 250, para 0038 and FIG. 4A);
updating a progress offset address (The progress information 222 may relate to which of the locations, LBAs, etc., of the volume 250 have been encrypted using the second key 114, para 0028) while performing the encrypting (Referring to FIG. 4A, at block 410, device 200 encrypts a data block using a second key. Next, at block 415, the device 200 writes the encrypted data block to a volume 250 and the process is repeated. The process may begin at a lowest LBA or block 260 of the volume 250, and continue block-by-block from the lowest LBA to the highest LBA of the volume 250, para 0038 and FIG. 4A),
concurrently with the executing of the sequential encryption operation by the background process (The background process may iteratively encrypt all plaintext data on a drive while allowing new encrypted data to be simultaneously written to the drive, para 0009):
receiving, by an input/output (I/O) filter (An interface unit 110 may receive an access request to a location of the volume from a host while a decryption unit 120 decrypts the read data and encryption unit 130 encrypts the decrypted data, para 0009 and FIG. 1) of the computer system that is distinct from the background process (The device 100 includes the interface unit 110, the decryption unit 120, and the encryption unit 130 which are shown to be separate and distinct entities, para 0025 and FIGS. 1-2), an I/O request for reading or writing a range of data blocks within the plurality of data blocks (The interface unit 110 may receive an access request to a location of the volume from a host while a decryption unit 120 decrypts the read data and encryption unit 130 encrypts the decrypted data, para 0009 and FIGS. 1-2);
upon determining that the range of data blocks does not straddle the progress offset address (The requested LBA is compared with the LBA last encrypted. Inference is made based on whether the requested LBA is greater than the last LBA or less than or equal to the last LBA, para 0022. Since the requested LBA is greater than the last LBA or less than or equal to the last LBA as the comparison with the last encrypted LBA indicates, the requested LBA does not straddle the regions), servicing, by the I/O filter (The interface unit 110 receives access requests from the host, para 0009, and may encrypt/decrypt data associated with the request, para 0019), the I/O request based on whether the range of data blocks falls within the first portion (The requested data block is written to or read from the volume 150 using a second key 114 if the requested LBA is less than or equal to the last encrypted LBA, para 0023) or the second portion (The requested data is written to or read from the volume 150 using a first key 112 if the requested LBA is greater than the last encrypted LBA, para 0023).
Thompson discloses all of the claimed limitations from above, but does not explicitly teach “the progress offset address demarcating a first portion of the plurality of data blocks that have been encrypted by the encrypting and a second portion of the plurality of data blocks that have not yet been encrypted by the encrypting” and “upon determining that the range of data blocks straddles the progress offset address, adding, by the I/O filter, the I/O request to an I/O queue, thereby causing the I/O request to be re-tried at a later time”.
However, in an analogous art in the same field of endeavor, Raizen teaches the progress offset address demarcating a first portion of the plurality of data blocks that have been encrypted by the encrypting and a second portion of the plurality of data blocks that have not yet been encrypted by the encrypting (A storage unit 44 is divided into unencrypted region 44A and encrypted region 44B as shown in FIGS. 3A and 3B, col 23 lines 59-61);
upon determining that the range of data blocks straddles the progress offset address (A determination is made whether write/read I/O requests straddle encrypted and unencrypted regions, col 37 lines 18-22 and col 38 lines 53-54), adding, by the I/O filter (An I/O filter system 28 includes an I/O filter driver 29. The I/O filter driver 29 facilitates the sending of I/O requests from applications 32 running on a host computer, col 11 lines 41-45), the I/O request to an I/O queue (A queue is included in the I/O filter driver 29 for queueing requests, col 34 lines 15-16), thereby causing the I/O request to be re-tried at a later time (The I/O filter driver 29 can be carefully orchestrated to fail or pend those IOs that require the availability of a data encryption key (DEK) to execute, col 4 lines 34-42).
Given the teaching of Raizen, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify the scope of the invention of Thompson with “the progress offset address demarcating a first portion of the plurality of data blocks that have been encrypted by the encrypting and a second portion of the plurality of data blocks that have not yet been encrypted by the encrypting” and “upon determining that the range of data blocks straddles the progress offset address, adding, by the I/O filter, the I/O request to an I/O queue, thereby causing the I/O request to be re-tried at a later time”. The motivation would be that the invention advantageously protect and keep correct encrypted data on an encrypted device, col 5 lines 1-5 of Raizen.
As per dependent claim 3, Thompson in combination with Raizen discloses the method of claim 1. Thompson may not explicitly disclose, but Raizen teaches wherein the I/O request is a read request to read data from the range of data blocks and wherein servicing the I/O request comprises: reading the data from the range of data blocks on the disk at an offset address specified in the read request; comparing the specified offset address with the progress offset address; and decrypting the read data when the comparing indicates the specified offset address is in the first portion of the disk (I/O requests that “straddle” encrypted and unencrypted regions of a device are treated the same as reads to an encrypted region of a device, with the caveat that the data on the unencrypted portion of the I/O request is not decrypted as part of I/O request processing, col 38 lines 53-57).
The same motivation that was utilized for combining Thompson and Raizen as set forth in claim 1 is equally applicable to claim 3.
As per dependent claim 4, Thompson in combination with Raizen discloses the method of claim 1. Thompson may not explicitly disclose, but Raizen teaches wherein the I/O request is a write request to write data to the range of data blocks and wherein servicing the I/O request comprises: comparing an offset address specified in the write request with the progress offset address; encrypting the data and writing the encrypted data to the specified offset address on the disk when the comparing indicates the specified offset address is in the first portion;  writing the data to the specified offset address on the disk without encrypting the data block when the comparing indicates the specified offset address is in the second portion (I/O requests that “straddle” encrypted and unencrypted regions of a device are treated the same as writes that are directed only to an encrypted region of a device, with the caveat that the data on the unencrypted portion of the I/O request is not encrypted as part of I/O request processing, col 37 lines 18-22);
The same motivation that was utilized for combining Thompson and Raizen as set forth in claim 1 is equally applicable to claim 4.
As per dependent claim 5, Thompson in combination with Raizen discloses the method of claim 1. Thompson teaches wherein executing the sequential encryption operation comprises: reading out one or more data blocks in the plurality of data blocks from the disk; encrypting the one or more data blocks to produce a corresponding one or more encrypted data blocks; and overwriting the one or more data blocks on the disk with the corresponding one or more encrypted data blocks, wherein the progress offset address is set to an offset address of one of the one or more encrypted data blocks subsequent to the overwriting (Referring to FIG. 4A, at block 410, device 200 encrypts a data block using a second key. Next, at block 415, the device 200 writes the encrypted data block to a volume 250 and the process is repeated. The process may begin at a lowest LBA or block 260 of the volume 250, and continue block-by-block from the lowest LBA to the highest LBA of the volume 250, para 0038 and FIG. 4A. The last encrypted LBA is marked, para 0022).
As per claims 8 and 10-12, these claims are respectively rejected based on arguments provided above for similar rejected claims 1 and 3-5. For computer program product on a non-transitory computer readable medium, see paras 0033-0034 of Thompson. 
As per claims 15 and 17-19, these claims are respectively rejected based on arguments provided above for similar rejected claims 1 and 3-5. For processor and memory, see paras 0032-0033 of Thompson.
Claims 2, 6-7, 9, 13-14, 16, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Thompson in view of Raizen and in further view of Waldspurger et al. US 7,428,636 (“Waldspurger”).
As per dependent claim 2, Thompson in combination with Raizen discloses the method of claim 1. Thompson and Raizen may not explicitly disclose, but in an analogous art in the same field of endeavor, Waldspurger teaches wherein the computer system is a host machine that hosts a plurality of virtual machines (VMs) and the disk is a virtual disk associated with a first VM in the plurality of VMs (FIG. 1 shows the hardware platform 100 including one or more CPUs 110, a system memory 112, and a storage device, which is a disk 114, col 5 lines 6-8. Each VM 500 typically includes at least one virtual disk 514, col 5 lines 26-29 and FIG. 1), and wherein the I/O request is a guest I/O request issued by a guest operating system (OS) that executes on the first VM (The host performs I/O operations on behalf of the VM, col 6 lines 37-38 and FIG. 1).
Given the teaching of Waldspurger, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify the scope of the invention of Thompson and Raizen with “wherein the computer system is a host machine that hosts a plurality of virtual machines (VMs) and the disk is a virtual disk associated with a first VM in the plurality of VMs, and wherein the I/O request is a guest I/O request issued by a guest operating system (OS) that executes on the first VM”. The motivation would be that use of a kernel offers improved performance for I/O operations and facilitates provision of services that extend across multiple VMs, col 6 lines 52-54 of Waldspurger. 
As per dependent claim 6, Thompson in combination with Raizen discloses the method of claim 5. Thompson and Raizen may not explicitly disclose, but in an analogous art in the same field of endeavor, Waldspurger teaches wherein executing the sequential encryption operation further comprises writing the one or more data blocks to a journal file prior to encrypting the one or more data blocks (Copy-on-write (COW) technique may be implemented. An entire base virtual disk VDISK-INT file may be stored unencrypted, col 17 lines 62-63).
Given the teaching of Waldspurger, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify the scope of the invention of Thompson and Raizen with “wherein executing the sequential encryption operation further comprises writing the one or more data blocks to a journal file prior to encrypting the one or more data blocks”. The motivation would be that use of a kernel offers improved performance for I/O operations and facilitates provision of services that extend across multiple VMs, col 6 lines 52-54 of Waldspurger.
As per dependent claim 7, Thompson in combination with Raizen discloses the method of claim 5. Thompson and Raizen may not explicitly disclose, but in an analogous art in the same field of endeavor, Waldspurger teaches wherein executing the sequential encryption operation further comprises writing the corresponding one or more encrypted data blocks to a journal file prior to overwriting the one or more data blocks (COW technique may be implemented. All data written into delta disk files due to COW operations would be encrypted, col 17 lines 63-65).
Given the teaching of Waldspurger, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further modify the scope of the invention of Thompson and Raizen with “wherein executing the sequential encryption operation further comprises writing the corresponding one or more encrypted data blocks to a journal file prior to overwriting the one or more data blocks”. The motivation would be that use of a kernel offers improved performance for I/O operations and facilitates provision of services that extend across multiple VMs, col 6 lines 52-54 of Waldspurger.
As per claims 9 and 13-14, these claims are respectively rejected based on arguments provided above for similar rejected claims 2 and 6-7.
As per claims 16 and 20, these claims are respectively rejected based on arguments provided above for similar rejected claims 2 and 6.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZUBAIR AHMED whose telephone number is (571)272-1655. The examiner can normally be reached 7:30AM - 5:00PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, DAVID X YI can be reached on (571) 270-7519. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ZUBAIR AHMED/Examiner, Art Unit 2132                                                                                                                                                                                                        
/DAVID YI/Supervisory Patent Examiner, Art Unit 2132