DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This communication is responsive to the application filed 08/02/2019.  

Claims 1-20 are presented for examination. 

Information Disclosure Statement

2.	The Applicants’ Information Disclosure Statements (filed 08/06/2019, 02/24/2020, and 02/27/2020) have been received, entered into the record, and considered. 


Drawings


3.	The drawings filed 08/02/2019 are accepted by the examiner.

Specification

4.	The specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant's cooperation is requested in correcting any errors of which applicant may become aware in the specification. 

Claim Rejections - 35 USC § 102
5. 	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:

A person shall be entitled to a patent unless –

 (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

s 1-9, 11-13, and 15-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Sallam et al. (US 20120254993).   The reference was cited by Applicant in the IDS filed 02/27/2020.

It is noted that any citations to specific, pages, columns, paragraphs, lines, or figures in the prior art references and any interpretation of the reference should not be considered to be limiting in any way. A reference is relevant for all it contains and may be relied upon for all that it would have reasonably suggested to one having ordinary skill in the art. See MPEP 2123.

As to claim 1:
Sallam teaches a method (a method for securing; paragraph 0009); comprising: 

receiving a command from a virtual machine manager (the virtual machine monitor may be instructed to trap access to system resources. Such access may arise from applications, drivers, or operating systems running on the electronic device. The virtual machine monitor may be instructed as to what system resources of the electronic device are to be monitored. The virtual machine monitor may also be instructed as to what operations on the monitored system resources are to be trapped. For example, read, write or execute operations on system memory may be trapped. In another example, load or store operations on registers may be trapped; paragraph 0090), the command corresponding to a request by a peripheral device (such access may arise from applications, drivers, or operating systems running on the electronic device; paragraph 0090) and indicating a memory address in a memory comprised in a computing device and allocated to a virtual machine instantiated using the computing device (SVMM 216 may include a control structure configured to trap specific attempted accesses of system resources 214. Any suitable control structure may be used. In one embodiment, such a control structure may include virtual machine control structure ("VMCS") 221. SVMM 216 may be configured to trap such execution by manipulating flags inside of VMCS 221. SVMM 216 may be configured to trap any suitable operation of operating system 212, application 210, or driver 211 involving an access of system resources 214. Such trapped operations may include, for example: reading, writing and execution of particular pages of memory in system memory 228; loading and storing a value to or from a processor register 230; or reading and writing to or from I/O devices 226; paragraph 0049), wherein the computing device comprises a host controller and the computing device is communicatively coupled with the peripheral device using the host controller (Electronic device 404 may include firmware. In one embodiment, electronic device 404 may include main PC firmware 428. … the computer may also contain a programmable I/O controller, which may be programmed by the firmware or BIOS, and communicates with the firmware of the I/O devices such as 424 and storage 426; paragraph 0103 and Fig.4); 

reading data from the memory address based on the receiving of the command (the electronic device may operate and be protected by one or more of the trapping of access of system resources in steps 330-340, scanning memory for the presence of malware in steps 345-355, and scanning memory for attempted memory modifications in steps 360-365. Each of trapping the access of system resources, scanning memory for the presence of malware, and scanning memory for attempted memory modifications may be conducted in parallel…scanning the memory of electronic device; paragraphs 0093-0094); 
 
validating, by a host controller firmware corresponding to the host controller, the data read from the memory address (While scanning the memory of electronic device, a whitelist may be used to determine whether patterns of memory, reflecting entities resident on electronic device, are known to be safe; paragraph 0094); 
 
providing, by the host controller firmware, the VMM with access to the data read from the memory address based on the validating (If a pattern of memory known to be safe is encountered, then in step 370, the memory may be allowed to continue to have access to electronic device and may remain; paragraph 0094); and 

sending a command completion event to the VMM indicating the data read from the memory address is validated (a triggered event is created upon the access of the flagged resource; paragraphs 0091 and 0155). 

As to claim 2:
Sallam teaches the validating of the data comprises determining that one or more reserved fields represented by the data has an expected value that is defined by code of the host controller firmware (paragraphs 0104 and 0108).
As to claim 3:
Sallam teaches the validating of the data comprises determining a Slot ID represented by the data is within a predetermined range that is defined by code of the host controller firmware (paragraph 0131).As to claim 4:
Sallam teaches the command comprises the memory address and a data size to be read using the memory address (paragraph 0131).As to claim 5:
Sallam teaches the validating of the data comprises: identifying a request type represented by the data; and determining that the request type is in a valid group of request types (paragraphs 0132-0133).As to claim 6:
Sallam teaches the receiving of the command from the VMM is based on detecting a connection of the peripheral device to a host controller, and the data comprises a request by the VM for connection capabilities of the entity (paragraph 0049).As to claim 7:
Sallam teaches a method (a method for securing; paragraph 0009) comprising: 
(the virtual machine monitor may be instructed to trap access to system resources. Such access may arise from applications, drivers, or operating systems running on the electronic device. The virtual machine monitor may be instructed as to what system resources of the electronic device are to be monitored. The virtual machine monitor may also be instructed as to what operations on the monitored system resources are to be trapped. For example, read, write or execute operations on system memory may be trapped. In another example, load or store operations on registers may be trapped; paragraph 0090), the command indicating a memory address in a memory comprised in a computing device and allocated to a virtual machine (SVMM 216 may include a control structure configured to trap specific attempted accesses of system resources 214. Any suitable control structure may be used. In one embodiment, such a control structure may include virtual machine control structure ("VMCS") 221. SVMM 216 may be configured to trap such execution by manipulating flags inside of VMCS 221. SVMM 216 may be configured to trap any suitable operation of operating system 212, application 210, or driver 211 involving an access of system resources 214. Such trapped operations may include, for example: reading, writing and execution of particular pages of memory in system memory 228; loading and storing a value to or from a processor register 230; or reading and writing to or from I/O devices 226; paragraph 0049); 

validating, by a host controller firmware, the command received from the VMM (the access of a system resource such as system memory, registers, or I/O devices may be trapped…the access may be analyzed to determine whether the requesting entity has permission to access the requested resource. Contextual information associated with the attempted access may be accessed to make such a determination. Security rules may be accessed to make such a determination; paragraph 0093); 

reading data from the memory address based on the receiving of the command; providing, by the host controller firmware, the VMM with access to the data read from the memory address based on the validating (contextual information associated with the attempted access may be accessed to make such a determination. Security rules may be accessed to make such a determination…If the access is suspicious, then in step 340, a suspicious attempted access of the system resources may be blocked. Such an attempt may be reported to the protection server. If the access is not suspicious, then the access may be allowed; paragraph 0093); and 

sending a command completion event to the VMM indicating the command is validated (a triggered event is created upon the access of the flagged resource; paragraphs 0091 and 0155). 
 As to claim 8:
Sallam teaches validating, by the host controller firmware, the data read from the memory address, wherein the providing the VMM with access to the data is further based on the validating of the data (paragraph 0094).
As to claim 9:
Sallam teaches the data is representative of a command transfer request block (paragraph 0127).As to claim 11:
Sallam teaches the reading of the memory address is performed by the host controller firmware using direct memory accesses of virtual machine memory (paragraph 0048-0049).As to claim 12:
Sallam teaches the host controller firmware is of a host controller comprised in the computing device and the VMM uses the data read from the memory address to establish or modify a connection between the virtual machine and a peripheral device over the host controller (paragraph 0066-0067).As to claim 13:
The rejection of claims 1 and 7 above is incorporated herein in full.  Sallam teaches the use of one or more processors (a processor; Abstract). As to claim 15:
Sallam teaches the command comprises the memory address and a data size to be read by the host controller using the memory address (paragraph 0131).As to claim 16:
Sallam teaches the validation determines that one or more reserved fields represented by the data has an expected value that is defined by code of the host controller firmware (paragraphs 0104 and 0108). As to claim 17:
Sallam teaches the validation determines a Slot ID represented by the data is within a predetermined range that is defined by code of the host controller firmware (paragraph 0131).As to claim 18:
Sallam teaches the VMM is further configured to: send an additional command to the host controller firmware, the additional command indicating a virtual machine memory address; and receive an additional command completion event indicating a failure, by the host controller firmware, to validate of one or more of data read from the virtual machine memory address or the additional command (paragraphs 0093 and 0097).As to claim 19:
Sallam teaches the system is comprised with an autonomous vehicle (paragraph 0188). 

As to claim 20:
Sallam teaches the VMM maps a virtual function to the memory address and includes the memory address in the command (paragraph 0057).

Claim Rejections - 35 USC § 103
6. 	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.


Claims 10 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Sallam et al. in view of Li  (US 20170329625). 

As to claim 10:
Sallam does not explicitly teach the following additional limitations:

Li teaches the validating of the command comprises determining that the command is associated with a doorbell event indicating a memory read request from the VM (doorbell notification, doorbell mechanism; paragraphs 0123-0124 and 0170-0171).

It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Sallam with Li because it would have provided the enhanced capability for simplifying access to a storage device and reducing consumption of memory resources and computing resources by software layers.

As to claim 14:
Sallam  does not explicitly teach the following additional limitations:

Li teaches the VMM further receives a doorbell event from the host controller, wherein the sending of the command is based on the doorbell event (doorbell notification, doorbell mechanism; paragraphs 0123-0124 and 0170-0171).

It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Sallam with Li because it would have 

Conclusion

7.	The prior art made of record, listed on PTO 892 provided to Applicant is considered to have relevancy to the claimed invention. Applicant should review each identified reference carefully before responding to this office action to properly advance the case in light of the prior art.


Contact Information

	Any inquiry or a general nature or relating to the status of this application should 
             be directed to the TC 2100 Group receptionist: (571) 272-2100.


	Any inquiry concerning this communication or earlier communications from the 
	examiner should be directed to VAN H. NGUYEN whose telephone number is (571) 272-3765. The examiner can normally be reached on Monday- Friday from 9:00AM- 5:30 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LEWIS BULLOCK can be reached at (571) 272-3759. 
		
The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
	
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status 


/VAN H NGUYEN/Primary Examiner, Art Unit 2199