Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Applicant(s) Response to Office Action
The response filed on 1/19/2021 has been entered and made of record.  


Allowable Subject Matter
The following is a statement of reasons for the indication of allowable subject matter:  Claims 1 and 8 as well as dependent claims 2-7 and 9-14 are allowable.  The feature of independent claims 1 and 8 of a client-side checksum being generated using the memory protected from access by a virtual computing instance (VCI) and where the client-side checksum is stored in the memory protected from access by the VCI is novel and not found in the searched prior art.  

Response to Amendment/Remarks
Claims 1-20 are pending in the case.  Claims 1, 8 and 15 are independent. Claims 1, 6, 8, 13, and 20 have been amended.

Applicant’s Remarks related to claims 15-19 are not persuasive.  It is the claims and only the claims that define the applicant’s invention.  Applicant’s “Remarks” concerning the rejection under 35 USC 103 do not address the specific mapping 
Regarding the new claim limitations to claim 20; Applicant’s remarks are moot in light of the below new grounds of rejection as necessitated by Applicant’s amendments. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

6.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any 

Claims 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over Kaler et al. (US 7418457), herein after Kaler, in view of Savage et al. (US 2016/0269441), herein after Savage.

Regarding Claim 15, Kaler teaches:
A non-transitory computer readable storage medium having stored thereon program code executable by a first computer system at a first site, the program code embodying a method comprising: (a processor in a computer or other device… computer executable instructions may be stored on a computer readable medium [col. 5, lines 47-62] expedite communication of policy metadata and confirmation of policy versions in use [column 10, line 46 to column 11, line 2]; expediting communications between a client and a metadata provider [claims 1 and 7])
receiving and storing, on the client device, at least one policy data set associated with at least one security application… on the client device from a server (a previously stored or cached version of the web service's policy [column 10, line 46 to column 11, line 2]; current web service policy metadata, web service policy metadata stored in a 
receiving, by an integrity verifier on the client device, at least one verified checksum from the server, (The requestor, upon receiving the hash digest, can compute an independent hash digest based on a previously stored or cached version of the web service's policy [column 10, line 46 to column 11, line 2]; receiving at a client a first policy hash digest corresponding to current web service policy metadata [claims 1 and 7]) wherein the at least one verified checksum is associated with the at least one policy data set of the at least one security application; (The requestor, upon receiving the hash digest, can compute an independent hash digest based on a previously stored or cached version of the web service's policy [column 10, line 46 to column 11, line 2]; receiving at a client a first policy hash digest corresponding to current web service policy metadata [claims 1 and 7])
generating, by the integrity verifier, at least one client-side checksum based on the stored at least one policy data set; (upon receiving the hash digest, can compute an independent hash digest based on a previously stored or cached version of the web service's policy [column 10, line 46 to column 11, line 2]; generating a second policy hash digest based on web service policy metadata stored in a memory of the client [claims 1 and 7])
comparing, by the integrity verifier, the at least one verified checksum to the generated at least one client-side checksum; (if the two hash digests match, the requestor knows that it is using the correct policy version, and can immediately begin communicating with the web service. If the two hash digests do not match, the 
based on the comparison indicating that the at least one verified checksum and the generated at least one client-side checksum differ, generating, by the integrity verifier, a checksum failure indicator, (column 10, line 46 to column 11, line 2; claims 1 and 7) wherein the client device is configured to take corrective measures to restore integrity of the… [security application] based on the checksum failure indicator. (the requestor sends a follow up policy request to the web service indicating that a complete copy of policy metadata is needed [column 10, line 46 to column 11, line 2]; sending a request for the current web service policy metadata [claims 1 and 7])

Kaler teaches at least one security application on the client device, but may not explicitly disclose 
at least one security application of at least one virtual computing instance (VCI) on the client device; (emphasis added)

However, Savage teaches 
	receiving and storing, on [a] client device, at least one policy data set associated with at least one security application of at least one virtual computing instance (VCI) on the client device from a server (The local security policies include one or more security policies that were previously approved by a third-party accreditation service, such as the Defense Information Systems Agency Field Security Operations 

While Kaler does not explicitly teach or suggest the VCI, Savage does teach virtual clients (paragraph [0022], Figure 1, 118-120).  Applicant states in paragraph [0016] of the specification that a VCI is a virtual machine (VM) “and/or any other type of virtualized computing instance”.  Thus, one of ordinary skill in this art will understand that “at least one security application of at least one virtual computing instance (VCI) on the client device” of claim 1 is taught or suggested, at least in part, by Savage and Kaler because a VM and a VCI are both virtualized computing instances.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify they security application on the client device of Kaler to be at least one security application of at least one virtual computing instance (VCI) on the client device, as taught by Savage, and to modify the corrective measures to restore integrity of the security application of Kaler to restore integrity of the at least one VCI of Savage.
One would have been motivated to do so because when a virtual client is instantiated with the security policy, the virtual client must be audited to confirm that the virtual client conforms to the approved security policy, (Savage [0003]), thus increasing the efficiency of resources used in building and auditing a virtual client such that the 

Regarding Claim 16, the rejection of Claim 15 is incorporated.
Kaler teaches:
wherein the client device includes a plurality of… security application[s]; (web services offered over computer networks [col. 1, lines 10-15] Web services, generally, refers to application-to-application communication over the Internet via programmatic interfaces [col. 1, lines 32-41] a web service may support three encryption techniques: DES, Triple DES, and AES [col. 10, lines 27-45])
wherein receiving and storing the at least one policy data set includes receiving and storing a policy data set for each security application of the plurality of… [security applications]; (a previously stored or cached version of the web service's policy [column 10, line 46 to column 11, line 2]; current web service policy metadata, web service policy metadata stored in a memory of the client [claims 1 and 7]; a web service may support three encryption techniques: DES, Triple DES, and AES [col. 10, lines 27-45])
wherein the at least one verified checksum includes a verified checksum for each of the stored policy data sets; and (The requestor, upon receiving the hash digest, can compute an independent hash digest based on a previously stored or cached version of the web service's policy [column 10, line 46 to column 11, line 2]; receiving at a client a first policy hash digest corresponding to current web service policy metadata [claims 1 and 7])

Kaler teaches a plurality of security applications, receiving and storing a policy data set for each security application of the plurality of security applications, a verified checksum for each of the stored policy data sets, generate client-side checksums for each policy data set of each security application and compare each verified checksum of each policy data set to a generated client-side checksum associated with the corresponding policy data set may not explicitly disclose:
wherein the client device includes a plurality of VCIs, each VCI of the plurality of VCls including a security application; (emphasis added)
of the plurality of VCIs; (emphasis added)
Savages teaches:
wherein the client device includes a plurality of VCIs, each VCI of the plurality of VCIs including a security application; (different virtual clients (e.g., virtual clients 118-120) [0021]; The local security policies include one or more security policies that were previously approved by a third-party accreditation service, such as the Defense Information Systems Agency Field Security Operations (DISA FSO). A security policy defines the authorized configuration for a given virtual client, such as… the services that are executed by the virtual client, which applications are authorized to be run by the virtual client and/or any restrictions on such applications, the types of users that may access the virtual client, and other such policies paragraph [0022])
wherein receiving and storing the at least one policy data set includes receiving and storing a policy data set for each security application of the plurality of VCIs; (The local security policies include one or more security policies that were previously approved by a third-party accreditation service, such as the Defense Information Systems Agency Field Security Operations (DISA FSO). A security policy defines the authorized configuration for a given virtual client, such as… the services that are executed by the virtual client, which applications are authorized to be run by the virtual client and/or any restrictions on such applications, the types of users that may access the virtual client, and other such policies paragraph [0022])

One would have been motivated to do so because when a virtual client is instantiated with the security policy, the virtual client must be audited to confirm that the virtual client conforms to the approved security policy, (Savage [0003]), thus increasing the efficiency of resources used in building and auditing a virtual client such that the time to build, audit, and resolve an audit failure is reduced by several orders of magnitude (Savage [0018]).

Regarding Claim 17, the rejection of Claim 15 is incorporated.
Kaler teaches:
wherein corrective measures which the client device is configured to take include one or more of the following: providing a checksum failure notification to the server, providing a checksum failure notification to a user interface, shutting down, suspending, or quarantining a VCI associated with the differing checksums, and adjusting an interval of the integrity verifier such that the integrity verifier compares checksums more frequently. (If the two hash digests do not match, the requestor sends a follow up policy request to the web service indicating that a complete copy of policy 

Regarding Claim 18, the rejection of Claim 15 is incorporated.
Kaler teaches:
based on initiation of a policy update process, receiving and storing, on the client device, at least one updated policy data set from the server; and (updated metadata is needed [col. 2, lines 26-42], providing updated policy metadata [col. 6, lines 6-16], a data response portion 913 which includes the requested data, and the current policy information 915, which the requestor can use for subsequent communications [col. 10, lines 3-26], a previously stored or cached version of the web service's policy [col. 10, line 46 - col. 11, line 2])
receiving, by the integrity verifier, at least one updated checksum associated with the at least one updated policy data set from the server; (The requestor, upon receiving the hash digest, can compute an independent hash digest based on a previously stored or cached version of the web service's policy [column 10, line 46 to column 11, line 2]; receiving at a client a first policy hash digest corresponding to current web service policy metadata [claims 1 and 7]; The requestor, upon receiving the hash digest, can compute an independent hash digest based on a previously stored or cached version of the web service's policy [column 10, line 46 to column 11, line 2]; receiving at a client a first policy hash digest corresponding to current web service policy metadata [claims 1 and 7])

wherein generating, by the integrity verifier, a checksum failure indicator is further based on the comparison indicating that the at least one verified checksum and the at least one client-side checksum differ and the at least one updated checksum and the at least one client-side checksum differ, (the requestor sends a follow up policy request to the web service indicating that a complete copy of policy metadata is needed [column 10, line 46 to column 11, line 2]; sending a request for the current web service policy metadata [claims 1 and 7])
whereby the at least one security application is enabled to remain operational during asynchronous policy update processes. (Thus, according to an illustrative aspect of the invention, policy metadata (or other types of metadata) may be piggybacked on data messages in order to provide up to date information that may be used as a basis for subsequent communications. [Kaler, lines 44-60])

Regarding Claim 19, the rejection of Claim 18 is incorporated.

wherein, based on detecting completion of the policy update process, the integrity verifier is configured to remove the at least one verified checksum such that the at least one updated checksum remains. (Optionally, the requestor may include in the policy request, in addition to the policy hash digest, a policy version to which the hash digest corresponds. [column 11, lines 11-13])  The metadata provider can then create a "delta" policy metadata element that relates to the old version in use by the requestor such that the old version, once refined, replaced, intersected, etc., is logically the same as the current policy metadata version. [column 11, lines 23-27])

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Kaler and Savage as applied to claim 15 above, and further in view of Bergstrom (US 20190007426 A1), herein after Bergstrom.

Regarding Claim 20, the rejection of Claim 15 is incorporated.
…, and the generated client-side checksum is compared to the verified checksum …(Kaler, column 10, lines 54-60; two hash values/checksums are compared where one is verified in a host and sent to the client for comparison and the other checksum is generated in the client).
Kaler does not, but in related art, Savage teaches:
…, whereby integrity of the at least one policy data set is monitored during operation of at least one VCI on the client device;…(Savage, paragraph [0022], lines 1-14); “security policy data” regarding the operations of a virtual client and monitored by a 
Kaler does not, but in related art, Bergstrom teaches:
wherein the at least one client-side checksum is generated…repeatedly based on an interval…; and wherein the interval is adjusted based on at least one of a random value or pseudorandom value for each generation of the at least one client-side checksum (a Module 206 can then be re-initiated after another defined/random time interval to re-compare the latest hash value with the first hash value. In yet another aspect, if the second hash value is not the same as the first hash value, module 206 can instruct module 208 to proceed further. [paragraph 65])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the client side checksum in Kaler to include the at least one client-side checksum is generated repeatedly based on an interval; and wherein the interval is adjusted based on at least one of a random value or pseudorandom value for each generation of the at least one client-side checksum of Bergstrom. One would have been motivated to use random time intervals to enable efficient detection and mitigation of such time-delay based network attacks. (Bergstrom, paragraph 6)

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP §706.07(a).  Applicant is reminded of the extension of time policy as set for in 37 CFR 1.136(a).
A shortened statutory period for replay to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date of the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODNEY E HAVEN whose telephone number is (313)446-6648.  The examiner can normally be reached on 7:30 - 4:30 Monday to Thursday.
Joseph Hirl can be reached on (571) 272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/R.E.H./Examiner, Art Unit 2435

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435