DETAILED ACTION
This office action is in response to communication filed on 3/8/2019.
Claims 1-20 are being considered on the merits.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 3/8/2019, 5/15/2020, and 2/2/2021 has been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, an initialed and dated copy of the Applicant’s IDS form 1449 3/8/2019, 5/15/2020, and 2/2/2021 is attached to the instant office action.
Oath/Declaration
For the record, the Examiner acknowledges that the Oath/Declaration submitted on 3/8/2019 has been accepted. 
	Drawings
The drawings are objected to because 
Fig. 3 shows the steps within 330 to be 332 and 334, while the specification in Para. [0040] labels these 334 and 336 respectively. Although both use 334, they are used for different steps.  
Fig. 3 uses Ref. 335 for ignoring the request while the specification Para. [0041] labels this 345. 
Fig. 6 Ref. 96 is missing the label “secure Interface Control” based on Para. [0084].
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should 
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 19 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 19 recites the limitation "the secure interface control" in line.  There is insufficient antecedent basis for this limitation in the claim. Based on claims 13-18 this may be “the one or more processors”.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Although claim 13 does not recite a non-transitory computer readable storage medium, the specification in Para. [0086] specifies that the computer readable storage medium cannot be transitory signal per se, thus no 101 rejection is given.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Nystrom (US 20150178504 A1, provided in IDS) in view of Bacher (US 20160132345 A1).
Regarding claim 1, Nystrom teaches a computer-implemented method, comprising: obtaining, [by a secure interface control] in a computing system, wherein the hypervisor manages one or more guests, metadata linked to an image of a secure guest to be started by an owner and managed by the hypervisor, wherein the metadata comprises one or more controls, wherein the each control of the one or more controls indicates to the [secure interface control] whether a secure guest generated with the image is permitted to obtain a response to a particular request; (Nystrom, in Para. [0047, 0057-0058, 0069, and 0095-0097], discloses a hypervisor which creates a virtual environment in which virtual machines (i.e. guests) operate (i.e. manages), discloses measurements (i.e. metadata) which can be taken before booting (i.e. starting) the operating system (i.e. guest image) and stored, these measurements are then used when a key is requested (i.e. request) to determine whether the host (i.e. guest) meets the policy (i.e. permitted) to receive the key (i.e. response))
determining, [by the secure interface control,] based on the one or more controls, if the secure guest is permitted to obtain a response to the request; (Nystrom, in Para. [0123], discloses verifying whether evidence (i.e. controls) satisfies the policy that allows the requestor to obtain the key (i.e. permitted to respond)
based on determining that the secure guest is permitted to obtain the response, commencing, by the secure interface control, fulfillment of the request, within the computing system; and (Nystrom, in Para. [0086 and 0124], discloses if the policy is satisfied (i.e. permitted), providing the key (i.e. fulfilling the request))
based on determining that the secure guest is not permitted to obtain the response, ignoring, by the secure interface control, the request (Nystrom, in Para. [0086], discloses if the policy is not satisfied (i.e. not permitted), withholding the key (i.e. ignoring the request)).
While Nystrom teaches guest request and handling by a hypervisor, Nystrom fails to explicitly teach a secure interface control and the hypervisor intercepting a request.
However, Bacher from the analogous technical field teaches wherein the secure interface control is communicatively coupled to a hypervisor (Bacher, in Para. [0008 and 19], discloses firmware is connection with the hypervisor, where the firmware is trusted (i.e. secure interface control) and the hypervisor is not trusted)
intercepting, by the secure interface control, via the hypervisor, from the secure guest generated with the image, during runtime of the secure guest, a request; (Bacher, in Para. [0042 and 0046], discloses a hypervisor intercept as part of processing guest events (i.e. request)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Nystrom to incorporate the teachings of Bacher, with a motivation to protecting guest confidentiality (Bacher, Para. [0044]).  
Regarding claim 2, Nystrom as modified by Bacher teaches the computer-implemented method of claim 1.
Nystrom further teaches wherein the secure guest is permitted to obtain the response, the method further comprising: obtaining, by the secure interface control, the response to the request; and transmitting, by the secure interface control, the response to the secure guest (Nystrom, in Para. [0124], discloses providing (i.e. transmitting) the key (i.e. response) to the requesting component (i.e. guest))

Regarding claim 3, Nystrom as modified by Bacher teaches the computer-implemented method of claim 2.
Nystrom further teaches wherein obtaining the metadata further comprises: decrypting, by the secure interface control, a portion of the metadata linked to an image of a secure guest, wherein the metadata is integrity protected and the portion was encrypted by a key derived using a private key comprising a cryptographic measure of a boot image of the secure guest (Nystrom, in Para. [0045], discloses decrypting the metadata)
Regarding claim 4, Nystrom as modified by Bacher teaches the computer-implemented method of claim 3.
Nystrom further teaches wherein the encrypted portion of the metadata comprises the one or more controls (Nystrom, in Para. [0045 and 0096], discloses decrypting the metadata where the data is used as evidence (i.e. controls))
Regarding claim 5, Nystrom as modified by Bacher teaches the computer-implemented method of claim 3.
Nystrom further teaches wherein the request is selected from the group consisting of: a request to the secure interface control to output a wrapped key [used to export a page], a request to the secure interface control to generate metadata for an updated version of the boot image of the secure guest, a request to allow the secure interface control to encrypt data using keys provided in the metadata and return the encrypted data to the secure guest (Nystrom, in Para. [0085-0086], discloses requesting a key where the key can be wrapped).
Bacher further teaches key used to export a page (Bacher, in Para. [0031-0032], discloses decrypting and providing (i.e. export) the page to the virtual machine (i.e. guest)).
Regarding claim 6, Nystrom as modified by Bacher teaches the computer-implemented method of claim 3.
Nystrom further teaches wherein the response to the request is selected from the group consisting of: the wrapped key [used to export the page], the metadata for the updated version of the boot image of the secure guest, and encrypted data, wherein the encrypted data was encrypted by the secure interface control utilizing the keys provided in the metadata (Nystrom, in Para. [0085-0086], discloses providing a key where the key can be wrapped).
Bacher further teaches key used to export a page (Bacher, in Para. [0031-0032], discloses decrypting and providing (i.e. export) the page to the virtual machine (i.e. guest)).

Regarding claim 7, Nystrom as modified by Bacher teaches the computer-implemented method of claim 3.
Bacher further teaches wherein the private key is owned by the secure interface control and used exclusively by the secure interface control (Bacher, in Para. [0022], discloses the firmware having a private key).
Regarding claim 8, Nystrom as modified by Bacher teaches the computer-implemented method of claim 7.
Bacher further teaches wherein the key derived using the private key is shared between the secure interface control and the owner (Bacher, in Para. [0022], discloses the firmware has a private key of the system (i.e. owner).
Regarding claim 9, Nystrom as modified by Bacher teaches the computer-implemented method of claim 1.
Nystrom further teaches wherein the metadata comprises values derived from a boot image of the secure guest computed utilizing a collision resistant one-way function (Nystrom, in Para. [0057-0058], discloses loading a hash (i.e. collision resistant one-way function) of the boot loading code as measurement (i.e. metadata)).
Regarding claim 10, Nystrom as modified by Bacher teaches the computer-implemented method of claim 1.
Nystrom further teaches wherein the one or more controls each comprise a positive designation or a negative designation for various features, wherein the positive designation indicates that the secure guest is permitted to obtain the response to the particular request and the negative designation indicates that the guest is not permitted to obtain the response to the particular request (Nystrom, in Fig. 8 and in Para. [0121-0124], discloses determining who receives the key (i.e. response) based on satisfying a policy (i.e. positive or negative)).
Regarding claim 11, Nystrom as modified by Bacher teaches the computer-implemented method of claim 1.
Nystrom further teaches wherein the metadata is inaccessible to the secure guest (Nystrom, in Para. [0044 and 0061], discloses storing the measurements (i.e. metadata) in specific TPM registers that cannot be accessed by the VM (i.e. guest)).
Regarding claim 12, Nystrom as modified by Bacher teaches the computer-implemented method of claim 1.
Nystrom further teaches wherein determining if the secure guest is permitted to obtain the response to the request further comprises: identifying, by the secure interface control, in the one or more controls, a control relevant to the request; and determining, by the secure interface control, if the control enables or restricts receiving the response to the request by the secure guest (Nystrom, in Fig. 8 and in Para. [0121-0124], discloses determining who receives the key (i.e. response) if the measurements (i.e. controls) satisfy the policy).
As per claims 13-19, these claims recite a token computer readable storage medium to perform the steps as recited by the method of claims 1-3, and 5-8, and has limitations that are similar to those of claims 1-3, and 5-8, thus is rejected with the same rationale applied against claims 1-3, and 5-8. The differing limitation of one or two processors instead of the secure interface control is taught be Nystrom in Para. [0018], where a multiprocessor system is disclosed.
As per claim 20, this claim recites a token system to perform the steps as recited by the method of claim 1, and has limitations that are similar to those of claim 1, thus is rejected with the same rationale applied against claim 1. The differing limitation of one or two processors instead of the secure interface control is taught be Nystrom in Para. [0018], where a multiprocessor system is disclosed.
Conclusion
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JESSICA JANA SOUTH whose telephone number is (571)272-3208.  The examiner can normally be reached on M-Th 9:00-18:00 (Flex).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JESSICA J SOUTH/Examiner, Art Unit 2431                                                                                                                                                                                                        
/TRANG T DOAN/Primary Examiner, Art Unit 2431